Thursday, August 7, 2025

User Roles and Comment Association

Aleksander Kaaberma
LinkedInAbout the author
Guides

This guide explains how comments are associated with different users and the various login and security options available to you and your clients. Properly associating comments ensures clear communication and maintains the security of your projects.

Clarifying User Roles

First, let's define the three types of accounts in Simple Commenter. Using clear and consistent terms is key to understanding how the system works.

  • Account Admin: The primary owner of the Simple Commenter account. They have full administrative access to all settings, projects, and billing.
  • Team Member: A user invited to the account by an Account Admin. Team Members can collaborate on projects with permissions set by the Admin.
  • Client: A user invited to a specific project. Clients can typically only view and comment on the projects they have been explicitly added to.

For the purpose of this guide, a "guest" or "visitor" is anyone who is not logged in as one of the three roles above.

Associating Comments: Login Methods

Account Admins, Team Members, and Clients can associate their comments by logging in.

Login to Simple Commenter Feedback Tool

Standard Login (Name & Email)

This is the most straightforward method for associating comments. Users can log in or identify themselves directly within the comment modal.

  • How it works: A user enters their name and email address.
  • Verified Comments: If the provided email address matches an Account Admin, Team Member, or Client registered in your project, the comment will be automatically marked as Verified.
  • Guest Comments: When Token Access (see below) is disabled, any visitor can leave a comment by providing a name and email. These comments from non-registered users will not be marked as verified.

Secure Login (Token Access)

For projects requiring a higher level of security, we recommend enabling Token Access. This method ensures that only authenticated individuals can view or add comments. You can enable Token Access under Domain -> Setup & Access -> Token-Based Access. Make sure to save the domain once it's enabled.

Simple Commenter modal secure token-based login

When Token Access is enabled:

  • Account Admins, Team Members, and Clients must log in to add new comments or reply to existing ones.
  • To log in, a user enters their registered email address. They will receive a secure, one-time login link in their inbox.
  • This process prevents unauthorized users from accessing the comment threads, even if they have a link to the staging site.

Token Login via Direct Link

You can also provide a seamless login experience for your team and clients directly from the Simple Commenter dashboard.

  • Navigate to your project dashboard.
  • Click the option to visit the project domain.

This generates a unique URL with a secure token embedded in it.

You can share this link with a specific Team Member or Client. When they click it, they will be automatically logged in without needing to enter their email.

Note: For security, all token-based login links expire after 7 days.

How to add Clients?

You can add clients by going to Domain -> Setup & Access -> Setup Clients.

Add Client to Simple Commenter

You need to add clients per Domain, and there's an unlimited amount of clients you can add.

Seamless Client Access via links

There are two additional methods to provide clients with a frictionless, one-click login experience. These methods are ideal for simplifying the feedback process.

1. Automated Login via URL Parameter

You can automatically log in a client by adding their email address as a parameter to the project URL. This feature is active only when Token Access is disabled.

Format: https://your-site.com?email=client@email.com

  • If the email is registered: The client will be automatically logged in and can start commenting immediately.
  • If the email is not registered: The email is still captured for the comment session, and the user's name will default to "Client". This is useful for tracking feedback even from new stakeholders.

2. Copy Client-Specific URL

From your project dashboard, you can copy a unique, pre-generated URL for each client.

Sending this link directly to a client allows them to be automatically authenticated and logged in the moment they open it. It's the simplest way to grant project access.

Client specific token link

Additional Details

Customizing Your Comment Display Name

By default, an Account Admin's comments will appear under the name "Workspace admin". To personalize this, set a name in your Account Settings. This name will then be used for all your comments.

Security Overview

Simple Commenter offers two security postures to fit your workflow:

  • Open Access (Default): This model is perfect for projects that are already behind a password-protected or private URL. It prioritizes ease of use, allowing anyone with the link to leave feedback without a mandatory login.
  • Token Access (High Security): This model requires all participants to authenticate via a secure token. It's the best choice for sensitive projects or when you need to control who can leave feedback strictly.

Your Data is Secure: When a user associates their email with a comment, that email is never exposed on the front-end of your website. It is stored securely in Simple Commenter's database and is only used for identity verification and sending comment notifications (if enabled). This makes sure your team and clients are protected from spam and scraping attacks.

Simple Commenter in 2 minutes

Back to docs