Client Portal

Client Portal

The Client Portal allows your clients to securely access their projects, view findings, track remediation progress, and communicate with your team.

Overview

Client Portal features:

• View assigned projects
• See finding details
• Track remediation status
• Comment on findings
• Download reports
• Communicate with team

Enabling Client Portal

Per-Client Setup

1. Navigate to Clients → Select client
2. Go to Settings tab
3. Toggle Enable Client Portal
4. Configure permissions
5. Save changes

Adding Portal Users

1. In client settings, go to Portal Users
2. Click + Add User
3. Enter user details:
   • Email address
   • Full name
   • Role (see permissions below)
4. Click Send Invitation

Users receive an email invitation to set up their account.

Portal Permissions

Role Levels

Role	View Projects	View Findings	Comment	Download Reports	Mark Remediated
Viewer	-	-	-	-	-
Collaborator	-	-	-	-	-
Manager	-	-	-	-	-

Permission Details

Viewer

• Read-only access
• View projects and findings
• Download reports

Collaborator

• Everything Viewer can do
• Add comments on findings
• Participate in discussions

Manager

• Everything Collaborator can do
• Mark findings as remediated
• Request retesting
• Manage other portal users

Client Portal Experience

What Clients See

When clients log in:

1. Dashboard - Overview of their projects
2. Projects List - All assigned projects
3. Project Details - Findings, reports, status
4. Finding Details - Full vulnerability information
5. Reports - Download available reports

Client Dashboard

Shows at-a-glance:

• Active projects count
• Open findings by severity
• Remediation progress
• Recent activity

Finding View

Clients can see:

• Finding title and description
• Severity and CVSS score
• Impact statement
• Remediation guidance
• Current status
• Comments/discussion

Clients cannot see:

• Internal notes (unless shared)
• Other clients’ data
• Administrative functions
• Pricing/billing information

Remediation Workflow

Client Marks Remediated

1. Client views finding
2. Clicks Mark as Remediated
3. Adds remediation notes
4. Submits for verification

Your Team Receives Notification

• Notification sent to project team
• Finding status: “Pending Verification”
• Review remediation notes

Verification Process

1. Analyst reviews remediation
2. Performs verification testing
3. Updates finding status:
   • Verified Fixed - Remediation confirmed
   • Not Fixed - Issue persists (with notes)
   • Partial - Partially remediated

Client Notified

Client receives notification of verification result.

Communication

Comments

Clients and team can discuss via comments:

1. Open finding
2. Scroll to Comments
3. Add comment
4. @mention specific people

Chat Channel

If enabled, clients access their client channel:

• Direct communication with team
• File sharing
• Quick questions

Customization

Branding

Customize portal appearance:

1. Go to Settings → Branding
2. Upload client-visible logo
3. Set color scheme
4. Preview and save

Custom Messages

Set custom text for:

• Welcome message
• Finding status explanations
• Footer text
• Help/contact information

Visible Fields

Control what clients see:

1. Go to Settings → Client Portal Config
2. Toggle field visibility:
   • CVSS scores
   • Technical details
   • References
   • Evidence (redacted)

Security

Access Controls

Portal security measures:

• Unique accounts per user
• MFA required for portal users
• Session timeout (configurable)
• IP allowlisting (optional)

Data Isolation

Clients can only access:

• Their assigned projects
• Findings in those projects
• Reports for those projects
• Their chat channels

Audit Logging

All portal activity logged:

• Login attempts
• Pages viewed
• Actions taken
• Downloads

Managing Portal Users

View Users

1. Client settings → Portal Users
2. See all users and their roles

Edit User

1. Click user row
2. Modify role or details
3. Save changes

Remove User

1. Click user row
2. Click Remove Access
3. Confirm removal

User immediately loses access.

Resend Invitation

If user hasn’t activated:

1. Find user in list
2. Click Resend Invitation

Best Practices

Onboarding Clients

1. Explain portal capabilities
2. Set appropriate permissions
3. Provide training if needed
4. Share support contact

Communication

• Respond promptly to comments
• Use @mentions for notifications
• Keep discussions professional
• Document decisions

Security

• Review portal users regularly
• Remove inactive accounts
• Monitor access logs
• Update permissions as needed

Troubleshooting

Client Can’t Log In

• Verify email is correct
• Check invitation was sent
• Resend invitation if needed
• Check MFA setup

Missing Projects

• Verify client is linked to project
• Check portal is enabled
• Confirm user permissions

Can’t Download Reports

• Ensure report is generated
• Verify download permission
• Check file isn’t corrupted

---

Next: Learn about Comments & Activity