Client Portal
Give your clients direct visibility into their projects without Salesforce licenses. The Client Portal is a secure web application at your custom domain that provides real-time project status, document access, and communication tools — all powered by your Salesforce data.
Key Features
Overview
Give your clients direct visibility into their projects without Salesforce licenses. The Client Portal is a secure web application at your custom domain that provides real-time project status, document access, and communication tools. Clients log in, see their work, and stay informed — all without a single Salesforce seat.
Authentication
Three authentication methods cover every client preference. Passkey (WebAuthn/FIDO2) for passwordless biometric login. Password for traditional email and password. Magic Link for email-based one-time login with no password to remember. All three are managed via PortalAccess__c records in Salesforce — create a record, and the client can log in immediately.
Kanban Board
Clients see their work items in a simplified board view with drag-and-drop disabled. Persona-based column filtering shows only the stages relevant to them — Backlog, In Progress, UAT, and Done — configured via WorkflowPersonaView__mdt custom metadata. No admin screens, no configuration overload. Just a clean view of what matters.
Document Access
Clients can view invoices, agreements, and status reports via public token URLs. Documents render as professional web pages with company branding, line-item detail, and a Download PDF option. Each document gets a unique access token — no login required for the direct link, but the portal provides a central hub to find all documents for an entity.
Activity Feed
Real-time updates on work item changes, comments, and hour logging. Clients see what is happening without asking for status updates. The feed pulls from DeliveryActivityLog__c records, showing stage transitions, new comments, file uploads, and time entries — all in reverse chronological order.
Hour Logging
Transparent time tracking — clients see exactly how hours are being spent, with descriptions and work dates for each entry. WorkLog records display the worker, hours, date, and a description of the work performed. No surprises on the invoice — clients can review time entries as they are logged.
File Viewer
Access project files and attachments directly from the portal. Files are synced from Salesforce ContentVersion records linked to work items. Clients can preview images, download documents, and see the full file history for any work item — all without Salesforce access.
Public Submission
Clients can submit new work requests directly from the portal. Submissions create WorkItem__c records with the client's NetworkEntity automatically linked. No email chains, no lost requests — everything goes straight into the delivery pipeline with full traceability.
Authentication Methods
Three methods to match every client preference. All managed through PortalAccess__c records in Salesforce.
Passkey
WebAuthn / FIDO2
Biometric or hardware key authentication. No password to remember or phish. The browser handles the cryptographic handshake — the server never sees a secret.
Password
Traditional
Email and password with server-side hashing. Standard login flow for clients who prefer a familiar experience.
Magic Link
Email OTP
One-time login link sent to the client's email. Click the link, land in the portal — no password, no setup. Ideal for infrequent users.
How the Board Works
The portal Kanban board is a read-only, persona-filtered view of the same data your team sees in Salesforce. Columns are driven by custom metadata — not hardcoded.
Security
The portal never touches the database directly. All data flows through Apex controllers running in Salesforce Sites guest user context with strict entity isolation.
Data Layer
All data served through Salesforce Sites with guest user permissions. No direct database access.
Apex Mode
All controllers use WITH SYSTEM_MODE for FLS and CRUD enforcement — guest user context cannot bypass field-level security.
Token Authentication
Document URLs use unique public access tokens. Tokens are generated per-document and stored on the DeliveryDocument__c record.
Session Management
Portal sessions are managed server-side. PortalAccess__c records control who can log in — deactivate the record to revoke access instantly.
Network Isolation
Clients only see data linked to their NetworkEntity. Cross-entity data is never exposed — queries filter by the authenticated entity at the controller level.
Technical Details
The Client Portal is built on Salesforce Sites, Apex controllers, and custom metadata — no external infrastructure required.
| Component | Details |
|---|---|
| PortalAccess__c | Custom object managing portal user credentials, auth method preferences, and session state |
| WorkflowPersonaView__mdt | Custom metadata controlling which board columns each persona sees — Client, Vendor, Admin |
| DeliveryActivityLog__c | Activity feed source — stage changes, comments, file uploads, and time entries logged automatically |
| Salesforce Sites | Guest user context serves all portal data — no Salesforce license required for end clients |
| NetworkEntity__c | Client isolation boundary — all portal queries filter by the authenticated entity record |
Ready to give your clients portal access?
Create a PortalAccess__c record for your client contact, point your custom domain at the Salesforce Site, and they can log in immediately. No Salesforce licenses, no additional infrastructure.