netlify-access-control

Installation
SKILL.md

Netlify Access Control

"Auth" on Netlify means three different things that are easy to conflate. Picking the wrong one — or stacking two when one would do — is the main source of friction. This skill disambiguates the layers and routes you to the right one. For actually building app-level user auth, see the netlify-identity skill.

The three layers

Layer Answers Who it's for Plan How it's configured
Netlify Identity "Who is this user inside my app?" (signups, logins, roles; issues nf_jwt) Your app's end users All plans, free Dashboard + @netlify/identity code
Password Protection (Secure access to sites) "Can this request even load the site?" Basic: anyone with a shared password · Team login: Netlify team members Basic: Pro+ · Team login: Enterprise Dashboard-only
Team / Org SAML SSO (Secure access to Netlify) "Can you log in to the Netlify dashboard?" (and, with strict mode, pass the site gate) Netlify team members, via a corporate SAML IdP Enterprise Dashboard-only

These are independent. The nf_jwt cookie is issued by app-level JWT auth: Netlify Identity, or a configured external JWT provider such as Auth0/Okta (the two are mutually exclusive); Password Protection and SAML SSO sessions are separate, with their own lifecycles, and do not populate nf_jwt.

Note on terminology: Netlify's docs file Identity, Password Protection, role-based access, and more under an umbrella called "Secure access to your sites," while SAML SSO lives under "Secure access to Netlify." So "Secure Access" is not one feature — when a user says it, find out whether they mean gating site visitors (Password Protection) or gating dashboard login (SAML SSO).

Why Google causes confusion

The same provider can show up in two unrelated places:

Installs
2
GitHub Stars
23
First Seen
1 day ago
netlify-access-control — netlify/context-and-tools