Extranet Setup in Bitrix24
A contractor works on a project but has no access to tasks—communication happens in Telegram. A client wants to see order status—the manager manually sends CRM screenshots. An external consultant needs documents—files are sent via email. All solved by extranet: limited portal access for external users.
What Is Extranet?
Extranet in Bitrix24 is a separate zone for non-employees: clients, contractors, freelancers, auditors. Extranet users see only groups and projects they've been invited to. The rest—CRM, internal chats, activity stream, company structure—is hidden.
Inviting External Users
External users are invited via email. They receive a link, register (or log in if they have a Bitrix24 account) and enter their extranet view.
What an extranet user sees:
- Work groups they're invited to—tasks, files, discussions
- Chat—communication with group members
- Group calendar—meetings and project events
- Group Drive—project files
What they don't see:
- Company structure and employee list (except group participants)
- CRM data
- Company activity stream
- Other work groups
- Telephony and internal chats
Setting Up Group Access
Each work group can be internal or extranet. Extranet groups accept external users. Internal groups have employees only. This separation is strict: you can't invite an external user to an internal group.
For each extranet group, we configure:
- Members—which employees and external users are in it
- Roles—group owner (usually project manager), moderators, participants. External users can be participants only—not moderators or owners.
- File permissions—can external users upload files, edit, or view only? Set per folder.
- Task visibility—all group tasks or only those where the user is participant/assigned.
Usage Scenarios
Working with a contractor. A design studio develops mockups. Create an extranet group "Project: Website Redesign." Invite the designers. They see project tasks, upload mockups to Drive, discuss revisions in comments. The manager tracks progress via Kanban.
Client portal. A client sees order status: tasks with milestones, files with results, calendar with deadlines. Transparent process instead of messaging.
External audit. An auditor gets access to a documents group for review. Files are read-only. After audit completion, remove the user from the group.
Security
- Isolation—an extranet user can't physically leave their groups. It's architecture, not settings.
- Access expiration—set a date after which the user is automatically deactivated.
- Activity log—all extranet user actions are logged: which files they opened, downloaded, uploaded.
- Two-factor authentication—enable as mandatory for external users.
What We Configure
- Activate extranet module on the portal
- Create extranet groups for projects with external participants
- Access rights: files, tasks, calendar in each group
- Invite external users and assign roles
- Security policy: expiration dates, 2FA, activity audit
- Employee guidelines: rules for working with external users