Regular attachments to tickets are secured using a URL with an attachment token that is considerably complex and random, but are visible to anyone with the URL and token. When relying on this type of security, if an email notification is misdirected to someone other than the intended end user, sensitive information may be accidentally exposed.
If sensitive documents are attached to your tickets, especially identification documents such as passports and driver's licenses, you can enable private attachments. When enabled, agents and end users will be required to sign in to view attachments.
Note the following about enabling private attachments:
- Private attachments can only be used if Guide is activated. If Guide isn't activated, private attachments prevent end users from downloading attachments since they can't be authenticated.
- If you enable private attachments, it will disable inline images for users who aren't signed in, and it will also prevent agents and admins from being able to add inline images in the Support UI.
- When an attachment is associated with a ticket, visibility is restricted to users with access to the ticket.
- In the Zendesk Agent Workspace, this setting also applies to attachments sent as part of a live chat, but it does not apply to web, mobile, or social messaging attachments.
- In web and mobile messaging, private attachments are not currently allowed.