Customer portal

@lubos thank you. This improvement is much better than our expectations and definitely resolves all privacy and access issues.

However, in my opinion, when creating customer portal it would be worthwhile to set a specific period of from ~ to. Because, the purpose of this module is to allow customer to view certain documents or a period to reconcile the accounts. It is no meaning to open up for view the whole records which may consist of few years or hundreds of invoices & delivery notes that would be purposeless to a customer.

@eko , I don’t think that should now be a issue because the access of this option is now only available to administrator or user with full access. So, the information is not going public and sharing will only be limited to specifics

The issue is with distributing the link. Once the link exists it can be shared freely. Hence it does not resolve privacy issues. The portal link itself is not protected.

This is why password protection is required for the portal. Anyone who comes across the portal link will not be able to get in if they do not have the password to the portal.

This has been promised by Lubos

Indeed, but as for now I only asked for the Summary info also to have the possibility to be enabled and disabled.

My particular use of the customer portal will be to enable my clients to view their IT costs over a period of years or to enable them to re-order a product or similar to. So I would not want to limit the period to just a few months. I do understand where you are coming from and I myself am keen to limit the information client’s see to only what they actually need to see - I believe that we need to use the portal for a year or two and then decide how best to further improve it.

At this point, the priority will be to implement a secure guest access feature via user/pass, MFA and if possible IP restrictions (as this would work well for my particular business model and would vastly increase the security of the portal).

I have mixed thoughts about the summary tab.

First, I think the name is wrong - it is not a summary, but the client details or address information. The word summary is very misleading leading one to believe that it would be a summary or graph view of that customer’s interactions with my business.

Second, I am in agreement with different people that it exposes information such as the client email address, however if you look at sales invoices, the client address details are present anyway. The only difference between the summary tab and the information on an actual quote/invoice is the addition of the customer email information, so removing the Summary tab only really hides the email address as all the other information will be on the quotes, orders, invoices, delivery notes etc anyway!

Last, I am not really seeing the point of the Summary Tab as the customer already knows their name and address details and I would not be keen on them being able to change this for cyber security reasons. The small benefit of convenience for this is vastly outweighed by the risks. The customer can contact the business to advise of change of address and they can see their address details on their last invoice. So yes, I would push for removal of the Summary Tab or at the very least replace the summary tab with - an actual summary as opposed to address information.

Dear @dalacor ,perhaps you have misunderstood my meaning. You looking to force your customer to view account for the whole bunch of records may be dating over a few years although he may be looking to go through just recent documents for account reconciliation.

My suggestion to give option to set a period was to enable the user to chose a period either from the start date to today or select a set period for a certain time range.

Is there any harm in having the flexibility lo choose a full record ike you want and the others who may just want to let customer view records for a certain time range.

At this point in time, I agree that the customer portal summary tab is completely useless.

However, I can only guess what the developer has in mind for the future. Possibly customers can fill in some of their details, check all of their pending stuff, be able to generate their own statements, share messages and attachments … the posiblities are endless.

This also had me thinking whether the exposure of orders to customer portal is a sign of intent of enabling customers to approve quotes and create their own orders. I can only speculate for now.

Anyway I really think that these potential security risks appear to ve so because the product is unfinished. And if that’s truly the case, then I suggest that @lubos clearly labels it as such, so the user know what they’re dealing with.

But I have to say that I like what I see so far.

Yes you are right. I did not fully understand what you are saying. What you are saying is what my bank offers, which is the ability to filter for a specific time period to download those transactions. What you are requesting is essentially the same. I misread what you meant and thought that you meant a permanent setting where you only see the last six months or something. You are talking about a date filter, not a date range setting.

I would say YES, if you like to call it so. Thanks

Updated list of feature requests for the portal - in order of posts. I may have missed a few.

1. Will this be available to suppliers too - marofrancia
2. Manager IP Restrictions - Dalacor
3. Client Edit Permissions - Approve quotes, upload PO’s - Dalacor
4. Email Clients invoice overdue - Dalacor
5. Email Clients approve/reject quote - Dalacor
6. Filter Search to make it easy to find a specific invoice - Dalacor
7. Authentication (User/Pass, MFA, password strength checker, expiration for unused accounts) - Various posters
8. Branding Customer Portal with business company colours - Dalacor
9. Customer Statements - AHM
10. Status of quotes, Orders and Invoices, but allow business to choose to enable this or not - Dalacor
11. Folders Tab with Ealfarden’s theme example - so customer contracts, SLA, terms and conditions, Schedule of services etc can be viewed by client - Dalacor
12. Customer view account balances - hya
13. Save invoices, delivery notes, credit notes, quotes and statements to pdf - Dalacor
14. Order form so customers can place orders (perhaps using inventory price list - AMM
15. Allow customer to only see unpaid invoices - Tut
16. Granular permissions to control what customers can edit, view etc - Various Posters
17. When clients make any changes - they are pending until approved by the business within Manager to prevent cyberhacks - Dalacor
18. Remove Summary Tab or change it from address details to be an actual client summary. It exposes a lot of information that could be scraped by bots - various users
19. Date filter to allow clients to view a specific time period - Sonicgroup
20. Completion of quotes, orders and invoices status in main program as the sales order status really needs to fully implemented for customer portal to be of full value as at the moment there is no way for anyone to see the status of progress of the sales order - Dalacor
21. Introduction of Serial numbers linkage with supplier order to client sale to track inventory at serial number level for warranty purposes - Dalacor

Question for @lubos - A number of people have raised concerns about the summary page as it exposes customer information which could be scraped by bots or other cybersecurity attacks as customer id and business identifiers are exposed, exposes more information such as the client email (which the client already knows), so thus reducing security.

It got me looking at say the sales invoices tab. In a way, the sales invoices show virtually all that information as well. My bank details, customer name and address. So I am not convinced that removing the summary tab would improve security appreciably as the hacker could just as easily get the information from the sales invoice. By hacking, I am more focused on how bots scrape information, rather than a hacker logging in with a compromised password?

Would it be more secure (or less secure) for the quotes, orders, invoices, delivery notes and credit notes tabs to link to pdf’s rather than the view form? I don’t know if it would make any difference cyber security wise whether hackers would find it harder to scrape information from pdf’s as opposed to html or whatever the view form is based on?

Thank you so much @lubos. This will work for me.

I agree,

I agree, but I don’t think it should be removed, it should be changed to billing Address or Billing Information.

I think all information should be exposed to the customer.

I support that too but will talk about it after we have got the customer portal issues resolved

I am curious to know how companies work with their suppliers that they would want their suppliers to be able to access the portal? What do you want the supplier to be able to do?

The topic is about the Customer Portal so it will be inappropriate to discuss the supplier portal idea in details. Here is just one use case for an organisation working in the non-profit sector and seeking to promote communication and collaboration with implementation partners (Suppliers).

Donors/Sponsors operate in communities through Implementation partners (IPs). The IPs are paid in advance and send back financial reports (Bill).

A portal for IPs to upload reports, share contract documents and download statements would be great. When it is time for project reports, the Portal could be temporally opened with a Timer/Countdown for IPs to upload their project reports, bids, Quotes etc before deadlines. Organisations pay a lot of money to get such reporting platforms here.

This will be for Lubos to decide. As I have no use for a supplier portal, I can’t really comment on how useful this will be for majority Manager users. But reading what you have said, I don’t really think that using Manager is the best way to handle this. Manager is an accounting program and the point of the portal is to show the customers information from Manager itself.

It does not appear that you are wanting to share information in Manager itself (like your quotes), but rather use the supplier portal as a document storage platform to share reports and contracts. I think you will have to discuss in great detail with Lubos whether there is any benefit to creating a supplier portal as it sounds to me like your requirements are quite niche, unlikely to be used by many Manager users and also not providing the core purpose of the portal which is to share information contained within Manager.

Manager is not a sharepoint solution which I think is what you are trying to create.

I have more than 300 Customers… before I am able to do batch update and enable Customer portal… is it still possible…???

I have not checked it yet. can anyone confirm?

Many donors USAID, B&MGF, IFAD, NORAD and implemeting partners (NGOs, Private Sector, etc) have their own financial and operational reporting formats and time frames. I think Manager should work on getting accounting as strong as possible and I would have liked as in other posts to be able to have the possiblilty to aggregate Projects (in Manager terms businesses as they are) to a Main Organization (Parent Business). This would facilitate a lot in terms of partner projects. I was hoping for basic calculus in the newly non-coding report transformations but learned that I should use custom reports as the transformations are more dealing with specific country reporting of taxes.

Considering you would need to send a link to each customer anyway, batch updating to enable the feature only does that … it enables it. But the customer would be unable to access it without the link.

So even if batch updating isn’t possible, perhaps it’s not a major problem:

1. Advertise to customers that you have the feature
2. Any that request it, you can create a portal link for them and send it through