Open main menu
HomeBlogGuidesPricingDemoLog In
Connect my Notion page

Sotion v2 is here!

Announcing Sotion v2: page-level access control, smarter member management, faster global performance, and enhanced branding for Notion-powered client portals and content hubs.

Bruce McLachlanBruce McLachlan

SotionNotionMembership ManagementCustom Branding
Sotion v2 is here!

Table of Contents

Slug
sotion-v2
Excerpt
Announcing Sotion v2: page-level access control, smarter member management, faster global performance, and enhanced branding for Notion-powered client portals and content hubs.

Update Apr 12, 2026

  • April: Early Access → If you registered for Early Access you will receive an email with all the details.
  • May: Open to all users

Sotion v2: Everything You Need to Build Client Portals from Notion

Sotion v2 is the biggest upgrade we've ever shipped — and it touches everything. New access control, new infrastructure, new branding tools, a REST API, webhooks, custom domains, and a completely redesigned dashboard.
If you're running a client portal, content hub, or membership site from Notion, v2 gives you the control and polish your clients expect.
Here's what's new.

Per-page access control

The original Sotion had one authentication gate for the entire site. v2 replaces that with per-page access control — every page in your site can have its own auth rules.
Four auth types, mixable per page:
  • Public — No login required. Use for marketing pages, announcements, or documentation.
  • Password-protected — A shared password gates access. Good for lightweight restrictions without requiring accounts.
  • Email signup — Visitors create an account via magic link to access the page. No passwords to manage.
  • Allowlist — Invite-only. Only members you've explicitly added (or whose email domain you've approved) can access the page.
Auth rules inherit down the page tree. Set a rule on a parent page and every child page inherits it — unless you override it. This means you can build a portal where the homepage is public, the blog is password-gated, and client deliverables are invite-only, all within one site.

Members, groups, and domain allowlists

v2 introduces a proper member system built for teams managing real client relationships.
Members are the people who access your portal. You can add them manually, let them self-register via email signup, or add them in bulk through the API. Each member has a status (active or blocked), email verification tracking, and login history.
Access groups let you organize members. Create groups like "Client A," "Internal Team," or "Partners," then assign page visibility per group. A page set to "Premium Members" group will only be visible to members in that group.
Domain allowlists remove friction for organizations. Add @agency.com to a site's domain allowlist and anyone with that email domain is automatically approved when they sign up — no manual invitation needed.

Scoped access: the client portal superpower

This is the feature that turns a gated site into a real multi-tenant client portal.
Scoped access uses your Notion database properties to filter what each member sees. Connect a database with a "Client" relation property, assign members to scopes, and each member only sees the rows that belong to them.
How it works:
  1. You have a Notion database (e.g., "Projects") with a relation property (e.g., "Client")
  1. Sotion auto-generates access groups from the unique values in that property
  1. You assign members to their scope
  1. When that member logs in, they only see their rows — in database views, in search results, and in navigation
Client A sees Client A's projects. Client B sees Client B's. Neither knows the other exists. The filtering happens at the edge, so there's no data leakage — blocked pages never reach the browser.

Custom domains

Publish your portal on your own domain. portal.youragency.com instead of yoursite.sotion.site.
Sotion handles the entire setup: DNS record generation, SSL certificate provisioning (via Cloudflare), and domain verification. The dashboard walks you through adding the right CNAME or A records, and polls automatically until everything is active.
Supports apex domains (youragency.com), www (www.youragency.com), and subdomains (portal.youragency.com).

Custom slugs and clean URLs

Every page gets a clean, human-readable URL generated from its Notion title. But you're not stuck with the auto-generated slug — the slug editor lets you customize any page's URL.
URLs follow your page hierarchy: /getting-started/first-steps maps naturally to nested Notion pages. Rename a parent slug and all descendants update automatically.
No Notion IDs in your URLs. No random strings. Just clean paths that look professional and work well for SEO.

Login page editor

The login page is the first thing your clients see. v2 gives you a visual editor to make it yours.
Customize per auth state:
  • Initial form — The login/signup screen (heading, subheading, button text)
  • Success — After a magic link is sent
  • Error — When something goes wrong
  • Blocked — When an unauthorized user tries to access a page
Branding controls:
  • Your logo or a default auth icon
  • Custom button color
  • Logo sizing (width and height)
  • Light, dark, or system theme
Every portal can have a login page that matches its brand — not a generic white screen with a form.

Branding and customization

Beyond the login page, v2 gives you full control over how your portal looks and behaves.
Visual branding:
  • Custom logo and favicon
  • OpenGraph image for social sharing (or enable dynamic per-page OG generation)
  • Light, dark, or system color theme
  • Page title modes (show your site name or the current page title in the browser tab)
Code injection:
  • Custom CSS for styling overrides
  • JavaScript in <head> or <body> for analytics, chat widgets, or custom behavior
  • Custom HTTP response headers for security policies or integrations
SEO:
  • Auto-generated XML sitemaps (with the option to exclude password-protected pages)
  • Custom meta descriptions and page titles
  • Clean URL structure with hierarchical slugs

Global edge performance

Your portal runs on Cloudflare's global network — 275+ edge locations worldwide.
Page requests are served from the nearest edge node. Auth checks, scope filtering, and content delivery all happen at the edge, not in a central server. The result is sub-100ms response times for most visitors, regardless of where they are.
Site configuration is stored in Cloudflare KV. Page trees and sitemaps are served from R2 via CDN with aggressive caching. Session validation uses HMAC-signed cookies checked at the edge — no round-trip to a database on every request.

Security by design

v2 takes a layered approach to security:
  • UUID obfuscation — Original Notion page IDs are never exposed to visitors. Sotion uses a reversible XOR-based transformation so your internal structure stays private.
  • Three-check authorization — Every page request passes through visibility, auth, and scope checks independently. A page must clear all three.
  • HMAC-signed sessions — Session cookies are cryptographically signed with constant-time comparison to prevent timing attacks.
  • HttpOnly, Secure, SameSite cookies — Standard protections against XSS and CSRF.
  • Edge-level filtering — Scoped and restricted pages are filtered before content reaches the browser. There's no client-side hiding of content that shouldn't be visible.

Team accounts and roles

v1 was built for a single owner. v2 supports team accounts with shared ownership, so your portal isn't tied to one person's login.
Invite team members with role-based permissions. Multiple admins can manage sites, members, and settings — no more sharing a single account password.

REST API

For teams who want to automate member management, v2 ships a full REST API.
What you can do:
  • Members — Create, read, update, delete, and bulk-create (up to 500 at once)
  • Access groups — Create, list, update, delete groups
  • Group membership — Add or remove members from groups
  • Login links — Programmatically send magic link emails to members
  • Site info — Verify API connectivity and retrieve site metadata
Developer experience:
  • Bearer token auth with per-site API keys
  • Cursor-based pagination for large datasets
  • Rate limiting with clear headers (300 reads/min, 60 writes/min)
  • Field-level validation errors with descriptive messages
  • Standard HTTP status codes (201 for creates, 207 for bulk operations, 409 for conflicts)
API keys are managed from the dashboard — create, name, track usage, and revoke as needed.

Webhooks

Get notified in real time when things happen in your portal.
9 event types:
  • member.created, member.updated, member.deleted, member.auth (login/logout with first-login detection)
  • access-group.created, access-group.updated, access-group.deleted
  • access-group.member.added, access-group.member.removed
Reliability:
  • HMAC-SHA256 signed payloads for verification
  • Unique event IDs for idempotent processing
  • Automatic retries (up to 3 attempts with backoff)
  • 10-second timeout per delivery
  • Changed-field tracking on update events
Connect to Zapier, Make, n8n, or your own backend to sync member data, trigger onboarding flows, or update your CRM when a client first logs in.

Migration from Sotion v1

If you're already on Sotion, migration is designed to be safe and predictable for live sites.
What the migration wizard handles:
  • Recreates your sites with all settings (branding, CSS/JS, auth config)
  • Migrates members and domain allowlists
  • Re-provisions custom domains via Cloudflare
  • Uploads logos and favicons
  • Calculates a subscription plan based on your current usage
  • Generates a discount coupon to match your legacy pricing for the first 6 months
How it works:
  1. Enter your legacy email — the wizard checks eligibility automatically
  1. Review your sites and data
  1. Sites are recreated one by one with progress tracking
  1. Choose your plan (the wizard recommends one based on your usage)
  1. Verify DNS records for custom domains
  1. Legacy sites are disabled and old billing is cancelled
The process is resumable — if you close the browser mid-migration, you pick up where you left off.

Who Sotion v2 is built for

Sotion v2 is for small, design-conscious teams that run their business in Notion:
  • Agencies and consultancies publishing branded client portals with scoped access — each client sees only their work
  • Service businesses sharing deliverables, timelines, and documentation behind access-controlled pages
  • Creators and educators running membership content hubs with email signup and group-based visibility
If your clients interact with your portal daily, v2 gives you the access control, performance, and branding to make that experience seamless.

Get started

Sotion v2 is available now with a 7-day free trial on all plans.
Start your free trial | View pricing | API documentation
While we are in the transition period both the old and new dashboards will be available.
Sotion v1: https://app.sotion.so
Sotion v2: https://v2.sotion.so
 

Take control of your Notion site today!

7-day free trial. No credit card needed

Connect my Notion page →
Bruce McLachlan

Written by

Bruce McLachlan

Meet Bruce, the founder behind Sotion, and explore his vision on enhancing Notion Pages. Get a glimpse of the journey and the future roadmap of Sotion.