Yes, that is exactly how I was picturing the steps.
Because you are restricting who can sign in. A project may be public, as in anybody can open and view the app, but if you restrict WHO can actually sign into the app, then those signed in users become private users. If you do not have any restrictions on who can sign in, then those users remain public users.
I just want to clarify this a little bit. There are 3 types of users.
- Anyone that accesses your app, but doesn’t sign in is considered a Visitor. There’s no limit to the number of visitors to an app.
- If anyone in the world can sign in to the app unrestricted (and Roles are not utilized), then they are considered Public users. The limit is based on the number of allowed public users in your plan.
- If there is any sort of whitelist restricting who can sign in (including domain restrictions), or if Roles are utilized, then any of those signed in users are considered Private users. The limit is based on the number of allowed private users in your plan.
Basically, if I can sign into your app without you knowing my email or domain beforehand, then I will most likely be a Public user. If I have to share my email with you, so you can whitelist my entire email or domain, then I’m now a Private user because I have to be pre-approved to sign into your app. This is regardless if an app is open to Visitors with optional sign in, or if it requires sign in to view the app.