← All tutorials Workflow · 8 min · Intermediate

How to password-protect a flipbook

Single password, per-recipient and SSO domain-restriction patterns.

Password protection is what makes flipbooks viable for investor decks, HR handbooks and pre-launch catalogs. This tutorial covers the three modes most platforms support — single password, per-recipient passwords and SSO domain-restriction — and explains when to use each.

What you need before you start

  • A flipbook tool with password support (FlipHTML5, Heyzine, Flipsnack, Issuu)
  • A clear list of who should be able to read the flipbook
  • A way to deliver the password (email, intranet, password manager)

The walkthrough

  1. Decide on the protection mode. Single password: one password for everyone — easiest to manage, hardest to revoke. Per-recipient: each reader gets a unique password — easy to revoke, more setup. SSO: only readers from a specific email domain can request access — most secure, requires admin setup.
  2. Configure the password in the flipbook tool. Open the protection panel, pick the mode, and either set a single password or upload a CSV of recipient emails. Most tools generate per-recipient passwords automatically.
  3. Style the locked landing page. By default the locked landing page shows generic text. Replace it with branded copy — your logo, a one-paragraph description of the flipbook, and a contact link in case the reader has trouble accessing it.
  4. Distribute passwords securely. For single passwords, send via a secure messaging tool, not email. For per-recipient passwords, the platform usually emails them automatically. For SSO, no distribution is needed — readers authenticate with their existing email.
  5. Plan a rotation schedule. Single passwords should rotate every 90 days. Per-recipient passwords are revoked on demand. SSO is rotated at the identity-provider level.
  6. Test the access flow. Open the locked URL in an incognito window and walk through the access flow as a real reader would. Most usability bugs surface here.
Worth reading next: an independent walkthrough of the same workflow on a different platform from our recommended editorial partners.

Common mistakes to avoid

  • Using a single password for documents that need to be revocable — switch to per-recipient
  • Sending the password in the same email as the URL — defeats the purpose
  • Forgetting to brand the locked landing page — readers assume the link is broken

Once it's published

Most flipbook tools log access attempts in the analytics view. Watch the 'failed access' counter — a spike usually means the password got shared more widely than intended, which may justify rotating to per-recipient passwords.

Compare alternatives: a recent independent benchmark of flipbook tools is worth reading if you are still picking a platform.

Other tutorials in this library

Find your audience hub →