Trust Center Access Request Experience
What visitors see when they request access to restricted Trust Center content. Learn the workflows, permissions, screenshots, and related setup guidance in…
Trust Center Access Request Experience
This page describes the actual request flow implemented in the Trust Center app.
What Visitors See
Visitors can browse public content immediately. When they try to open a gated document, they are prompted to request access.
Depending on your tenant configuration, the request modal can collect:
- Email address
- One or more requested documents
- Tenant-defined custom fields shown in the request form
Possible Outcomes
The request flow returns one of three states:
email_sentpending_reviewrejected
Auto-Approved Requests
If the requester already has the required access, or their account/domain is eligible for auto-approval, the system sends a magic link immediately.
The Trust Center UI tells visitors that the magic link expires in 20 minutes.
Pending Review
If the requester is not already approved for the requested content, the request is stored for review in Access Requests. Account managers can approve or reject it from Admin Center.
Email Domain Checks
Before an access request is accepted, the Trust Center checks whether the requester's email domain looks safe and reachable.
Requests are blocked when the email domain appears to be:
- A disposable or temporary email provider
- Unable to receive email, for example because required mail routing records are missing
- Flagged by a high-risk email reputation signal
- A high-risk free email provider result
A domain with only an email authentication policy issue is not blocked. This is reported as a DMARC issue, and it usually means the domain's anti-spoofing policy is missing or incomplete. The domain can still receive magic link emails.
If that authentication policy issue appears together with another blocking signal, the other signal still applies. For example, a domain with both a DMARC issue and missing mail routing records is blocked because magic links may not be deliverable.
Rejected Requests
Rejected contacts are told that access was not approved.
NDA-Protected Content
If the requested document or entry requires an NDA, approval alone is not enough. The visitor must still complete the NDA flow before the restricted content becomes available.
Related Docs
How is this guide?