10 Tips For Securely Managing Collaborators in Figma
One of Figma’s greatest strengths is the ability to collaborate in real-time with other designers, product owners and developers.
Anyone with edit privileges — whether it’s a fellow team member, freelancer, client or stakeholder—can go into a Figma file and change anything.
Of course, collaboration assumes all participants act honestly and openly … but in rare instances, that’s not the case.
Fortunately, a few key features in Figma and some best practices can ensure that if collaboration ever goes sideways, you can take steps to protect your design team’s work from bad actors. While most of these tips assume/require a paid account, a few apply to free users as well.
- Invest in a professional account: This lets you manage a team and member access to specific files and projects. A professional account gives you full version history, which helps you track who makes changes to a file, and if necessary, gives you the ability to roll back unwanted changes at any point in time.
- Use work email addresses for all team editors: Should a team member go rogue, your company’s IT or security team can disable access quickly.
- Archive .fig files and back up work product at key milestones: Once a project in Figma is “complete” or hits a key milestone, consider implementing a process to back up work to a file system outside of Figma. For design research, this could mean exporting final work product as PDFs or prototype videos, and then exporting source files in .fig format. When projects end, it may make sense to move the files to a different project (e.g. a yearly archive) that has tighter access control.
- Make sure your team owns all Figma files: Never let someone outside the team (e.g. a freelancer or client) own any critical Figma file. Make sure ownership is transferred to someone on your team. Establish this rule at the very start of a project to avoid awkward moments later.
- Your share default should be invite only: While public share links are convenient, real security requires invite only access. This gives the file owner a precise list of who can view or edit a file, and more importantly, the ability to revoke access at any time.
- Non-team outsiders should only be invited to the absolute minimum number of files necessary: Fortunately, this is super easy to do in Figma by sending invites at the file level. (My rule of thumb: Never send invites to outsiders at the project level unless absolutely necessary.) Figma also now allows prototype-only access to files, which is a great option if you need to invite people who need to see the prototype but not the underlying design work.
- Review share privileges routinely: Encourage your Figma file owners to periodically look at who’ve they’ve invited to their files to make sure those invite-only lists are kept up to date and/or public links are disabled when no longer needed.
- Be super vigilant and stingy with access to shared libraries: Treat shared libraries with extra care. Keep edit access to critical design libraries to a strict minimum. In most cases, “strict” means no one from outside the team should ever be allowed to edit your design system.
- Disable copy, share and export if not needed: This option is available only with paid plans, but it’s helpful if you’re worried about your work product getting copied by a bad actor. Disabling copy is extra important if you need to protect any intellectual property within your design system.
- Hire and work with good professionals: Treat your co-workers and stakeholders fairly and with integrity, and expect them to do the same. If you can’t reach that level of trust with them, then consider sharing designs via PDFs and images instead of Figma.
You can also search Figma’s help page to get the official word on how to manage file sharing and access.
Fellow Figma users, any tips I missed or need correction? I’d be happy to update my list. Just leave a comment below.
