/portal/login.
When to use it
- A client wants to view or create support tickets and reply to them.
- A client needs to see invoices, balances, quotes, or contracts.
- A client must review and countersign a risk acceptance.
- A client wants self-service KB and an AI assistant for account questions.
- A tech wants to preview the portal as a specific contact.
Logging in
The portal uses passwordless magic links: the client enters their email and receives a one-time link (valid ~30 minutes). Consuming it creates a server-side session (a secure, HttpOnly cookie). The login response is identical for known and unknown emails and is rate-limited, so it can’t be used to probe who has an account.What clients can do
- Tickets — list, filter, view (with public notes), create, and add notes.
- Invoices — list and filter (open/paid/overdue), view line items and payments, and use a QuickBooks pay-link when present.
- Quotes & contracts — view non-draft quotes and contracts.
- Knowledge base — search and read articles marked customer- or public-visible.
- Risk acceptances — review and e-sign pending acceptances.
- Profile — edit phone, mobile, and title (name/email changes need MSP approval).
- Nexie concierge — an embedded AI assistant that answers account questions using a fixed, role-filtered, read-mostly tool set (it can create a ticket, but can’t pay invoices or sign contracts on the client’s behalf).
Portal administration (MSP side)
From the staff app you invite/enable/disable portal users, manage roles and permissions (every page and action is permission-gated), set a default role, and impersonate a contact to preview exactly what they see (audited, time-limited). Permissions reload on every request, so role changes take effect immediately.Good to know
- Login is magic-link only today — TOTP MFA and password login aren’t available yet.
- Magic-link delivery requires a configured mailer/email account; the Nexie concierge requires your tenant’s Claude API key.
