Embed security considerations

Introduction

SelfGuide enables organizations to create clear, easy-to-use instructions that help employees master software and work processes faster and with less frustration.The recent global availability of the Embed feature, allows these instructions to be placed directly inside the applications employees already work with, transforming guidance from a separate task into an immediate, in-context aid.

However, conveniently embedding instructions within third-party applications, like an intranet or a ITSM tool, introduces specific security considerations that every admin should understand before activating the feature.

This article explains how the embed feature works, the potential security risks involved, and best practices to balance usability with protecting your organization’s valuable instruction content.
‍

How does the embed work?

When an instruction is embedded within a third party application, we don't want to bother the user with authentication. So, when an editor creates an embed link, SelfGuide creates a unique, secure URL that allows the content to load without requiring users to authenticate separately. This seamless access avoids distracting login prompts and creates a smooth user experience, essential for broad adoption. To maintain security, the embed link only grants access to the specific instruction it references. Users cannot navigate beyond or access other tenant content through the embed. Precautionary measures have been taken to prevent the user from misusing the browser session to get access to other content.
‍

Security risks to consider

Because the embed URL acts as an access key, anyone who obtains this URL can view the embedded instruction without needing to log in. This means:

• If an embed is placed on a public-facing site, anyone on the internet who discovers the link can access the instruction, even if it concerns a non public instruction.
• When embedding on a secured intranet, the instruction is protected by the intranet’s authentication. However, if the URL embedded in the intranet is shared externally, it bypasses authentication controls.
• Editors and users with access to the embed URLs must be aware of the responsibility to not share these links inappropriately.
  ‍

Recommendations for safe use

• Assess how sensitive your instruction content is and decide if embed fits your security posture.
• If your instructions contain confidential or sensitive information, consider limiting embed use or disabling it entirely to minimize exposure risk.
• Use embed selectively in environments you control and trust, like internal intranets with restricted access.
• Educate your editors and content owners on the implications of sharing embed URLs publicly.

Summary

SelfGuide’s embed feature enables powerful, user-friendly instruction integration across your IT landscape with minimal friction. To protect your organization’s data and maintain control of access, it is vital to carefully weigh the security risks outlined here before enabling and widely distributing embed links.

By following best practices and training your teams, you can safely leverage embed to enhance adoption and support without compromising security.

‍