By default, downloading files attached to a ticket requires users to log in to the system. However, this behavior can be changed by updating a setting in the Admin Module to allow downloads without authentication.

What This Changes

When anonymous download is enabled:

• Any person who has a valid file download link can download the attachment without logging in.
• A security token is appended to the download URL to restrict access to the attachments authorized by that token.

Configuration Steps

To enable this, please follow the steps below:

1. Go to Admin Centre → Customer Portal Settings → Attachments.
2. Select the Brand that should allow anonymous attachment downloads.
3. Under File Download Settings, select:
   “Allow anyone who has a file download link to download the file without having to log in.”
4. Click on update to save the changes.
   
   
   
   
   
   Once this option is enabled, end users will be able to download attachments directly using the file link, without needing to sign in to the Customer Portal.

Scope of Impact

• The setting applies per Brand (based on the Brand selected in the Attachments settings page).
• After the setting is enabled for a Brand, attachments accessed via links for that Brand’s tickets can be downloaded without Customer Portal sign-in.

Security and Access Boundaries (Token Behavior)

When anonymous downloads are enabled, the system adds a security token to each attachment download URL.

• The security token prevents users from downloading other attachments by modifying the attachment number in the URL.
• A user can download only the attachments permitted by the specific token associated with that user’s ticket context.
• A token that authorizes attachments for one ticket does not grant access to attachments from other tickets.

Email Behavior for Large Attachments

When an attachment exceeds 20 MB, the attachment is sent in email as a URL (hyperlink) rather than as a file.

• Without anonymous downloads enabled: the end user must sign in to access the attachment link.
• With anonymous downloads enabled: the end user can open the attachment link and download the file without logging in.

Frequently Asked Questions

1. What is the default behavior for downloading ticket attachments?
   By default, users must log in to the Customer Portal to download ticket attachments.

2. Where is the setting to allow downloads without authentication?
   Admin Centre → Customer Portal Settings → Attachments → (select Brand) → File Download Settings.

3. Is anonymous attachment download configured globally or per Brand?
   Anonymous attachment download is configured per Brand, based on the Brand selected in Attachments settings.

4. Does enabling anonymous downloads expose all ticket attachments publicly?
   Anyone with a valid file download link can download that file. The system adds a security token to restrict what can be accessed with that link.

5. Can an end user guess other attachment URLs by changing the attachment number?
   No. With anonymous downloads enabled, a security token is added to the URL to prevent downloading other attachments by URL manipulation.

6. Does the token allow access to attachments from other tickets?
   No. The token only permits access to attachments associated with that token’s authorized ticket context.

7. What changes for attachments larger than 20 MB in email?
   Attachments larger than 20 MB are delivered as a URL link in email. With anonymous downloads enabled, that link works without requiring login.

8. Do end users need a Customer Portal account after enabling this setting?
   End users can download attachments via the file download link without authentication, but other Customer Portal actions may still require login depending on your portal configuration.

Related Articles

1. Customizing the BoldDesk Customer Portal
2. File Attachment Limits and Solutions for Large Files