[October 25, 2021] Access control for forwarded ports (github#21913)

* update supporting docs

* update sharing a port

* Update image

* Clean up typos

* Apply suggestions from code review

Co-authored-by: Sarah Edwards <[email protected]>

* Add note about availability of feature

* Update menu name

* Update image for new UI

Co-authored-by: Sarah Edwards <[email protected]>

content/codespaces/codespaces-reference/security-in-codespaces.md

@@ -48,16 +48,18 @@ An organization's administrators specify which repositories should be considered
 
 ### Codespace connections
 
-You can connect to your codespace using the TLS encrypted tunnel provided by the {% data variables.product.prodname_codespaces %} service. Only the creator of a codespace can connect to a codespace. Connections are authenticated with {% data variables.product.product_name %}. 
+You can connect to your codespace using the TLS encrypted tunnel provided by the {% data variables.product.prodname_codespaces %} service. Only the creator of a codespace can connect to a codespace. Connections are authenticated with {% data variables.product.product_name %}.
 
-If you need to allow external access to services running on a codespace, you can enable port forwarding for private or public access. 
+If you need to allow external access to services running on a codespace, you can enable port forwarding for private or public access.
 
 ### Port forwarding
 
 If you need to connect to a service (such as a development web server) running within your codespace, you can configure port forwarding to make the service available on the internet. 
 
 **Privately forwarded ports**: Are accessible on the internet, but only the codespace creator can access them, after authenticating to {% data variables.product.product_name %}.
 
+**Publicly forwarded ports within your organization**: Are accessible on the internet, but only to members of the same organization as the codespace, after authenticating to {% data variables.product.product_name %}.
+
 **Publicly forwarded ports**: Are accessible on the internet, and anyone on the internet can access them. No authentication is needed to access public forwarded ports.
 
 All forwarded ports are private by default, which means that you will need to authenticate before you can access the port. Access to a codespace's private forwarded ports is controlled by authentication cookies with a 3-hour expiry period. When the cookie expires, you will need to reauthenticate.

content/codespaces/developing-in-codespaces/forwarding-ports-in-your-codespace.md

@@ -15,8 +15,6 @@ topics:
 shortTitle: Forward ports
 ---
 
-
-
 ## About forwarded ports
 
 Port forwarding gives you access to TCP ports running within your codespace. For example, if you're running a web application on port 4000, you can access the application from your browser to test and debug the application.
@@ -25,7 +23,7 @@ When an application running inside a codespace outputs a port to the console, {%
 
 ![Automatic port forwarding](/assets/images/help/codespaces/automatic-port-forwarding.png)
 
-You can also forward a port manually, label forwarded ports, share forwarded ports publicly, and add forwarded ports to the codespace configuration.
+You can also forward a port manually, label forwarded ports, share forwarded ports with members of your organization, share forwarded ports publicly, and add forwarded ports to the codespace configuration.
 
 ## Forwarding a port
 
@@ -57,11 +55,17 @@ You can label a port to make the port more easily identifiable in a list.
 
 ## Sharing a port
 
-If you want to share a forwarded port with others, you need to make the port public. After you make a port public, anyone with the port's URL can view the running application without needing to authenticate.
+{% note %}
+
+**Note:** You can only make a port private to an organization if your organization uses {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %}. This feature is not currently available in the beta version of {% data variables.product.prodname_codespaces %}.
+
+{% endnote %}
+
+If you want to share a forwarded port with others, you can either make the port private to your organization or make the port public. After you make a port private to your organization, anyone in the organization with the port's URL can view the running application. After you make a port public, anyone with the port's URL can view the running application without needing to authenticate.
 
 {% data reusables.codespaces.navigate-to-ports-tab %}
-1. Right click the port you want to share, then click **Make Public**.
-  ![Option to make port public in right-click menu](/assets/images/help/codespaces/make-public-option.png)
+1. Right click the port that you want to share, select the "Port Visibility" menu, then click **Private to Organization** or **Public**.
+  ![Option to select port visibility in right-click menu](/assets/images/help/codespaces/make-public-option.png)
 1. To the right of the local address for the port, click the copy icon.
   ![Copy icon for port URL](/assets/images/help/codespaces/copy-icon-port-url.png)
 1. Send the copied URL to the person you want to share the port with.

content/codespaces/getting-started/deep-dive.md

@@ -68,13 +68,13 @@ When you close or stop your codespace, all uncommitted changes are preserved unt
 
 Port forwarding gives you access to TCP ports running within your codespace. For example, if you're running a web application on port 4000 within your codespace, you can automatically forward that port to make the application accessible from your browser.
 
-Port forwarding determines which ports are made accessible to you from the remote machine. Even if you do not forward a port, that port is still accessible to other processes running inside the codespace itself. 
+Port forwarding determines which ports are made accessible to you from the remote machine. Even if you do not forward a port, that port is still accessible to other processes running inside the codespace itself.
 
 ![Diagram showing how port forwarding works in a codespace](/assets/images/help/codespaces/port-forwarding.png)
 
 When an application running inside {% data variables.product.prodname_codespaces %} outputs a port to the console, {% data variables.product.prodname_codespaces %} detects the localhost URL pattern and automatically forwards the port. You can click on the URL in the terminal or in the toast message to open the port in a browser. By default, {% data variables.product.prodname_codespaces %} forwards the port using HTTP. For more information on port forwarding, see "[Forwarding ports in your codespace](/codespaces/developing-in-codespaces/forwarding-ports-in-your-codespace)."
 
-While ports can be forwarded automatically, they are not publicly accessible to the internet. By default, all ports are private, but you can [manually make a port public](/codespaces/developing-in-codespaces/forwarding-ports-in-your-codespace#sharing-a-port) to share access through a URL.
+While ports can be forwarded automatically, they are not publicly accessible to the internet. By default, all ports are private, but you can manually make a port available to your organization or public, and then share access through a URL. For more information, see "[Sharing a port](/codespaces/developing-in-codespaces/forwarding-ports-in-your-codespace#sharing-a-port)."
 
 Running your application when you first land in your codespace can make for a fast inner dev loop. As you edit, your changes are automatically saved and available on your forwarded port. To view changes, go back to the running application tab in your browser and refresh it.