diff --git a/fern/products/ask-fern/pages/features/rbac.mdx b/fern/products/ask-fern/pages/features/rbac.mdx index a2c96f0a2..eff92b2ad 100644 --- a/fern/products/ask-fern/pages/features/rbac.mdx +++ b/fern/products/ask-fern/pages/features/rbac.mdx @@ -5,4 +5,26 @@ description: Ask Fern respects your documentation's role-based access control se Ask Fern automatically respects the [role-based access control (RBAC) settings configured in your documentation](/docs/authentication/rbac). When users query Ask Fern, they only receive answers from documentation they have permission to access based on their assigned roles. -This works at all levels, from entire sections down to individual pages and conditional content within pages. \ No newline at end of file +This works at all levels, from entire sections down to individual pages and conditional content within pages. + +## How authentication works + +Ask Fern uses the same authentication system as your documentation site. When a user is authenticated, Ask Fern verifies their identity and roles before retrieving content: + +1. The user's `FERN_TOKEN` is sent with each Ask Fern request +2. Ask Fern verifies the token against your documentation's authentication endpoint +3. If authenticated, Ask Fern retrieves the user's assigned roles +4. Content is filtered to only include documents the user has permission to access + +If authentication fails or no token is provided, Ask Fern continues with unauthenticated access, returning only public documentation. + +## Role-based content filtering + +Ask Fern applies role-based filtering at the search level, ensuring users only see content they're authorized to access: + +- **Public content**: Available to all users, including unauthenticated users +- **Role-restricted content**: Only returned for users with matching roles +- **Multi-role requirements**: Content requiring multiple roles (e.g., "admin&developer") is only shown to users with all required roles +- **Version and product filtering**: Content is also filtered by the user's current documentation version and product context + +This filtering happens automatically during the AI search process, so responses never include unauthorized content. \ No newline at end of file