Skip to main content

Manage Customer Access

Alpha Feature

Features described on this page are in alpha and subject to change. For access, contact your Replicated account representative.

This topic describes how to control which customers can access the new Enterprise Portal and how to manage their portal users from the Vendor Portal.

Enabling Enterprise Portal for customers

For vendors using both Classic and New Enterprise Portal (mixed mode), customer access is controlled per-customer:

  • On the customer's Enterprise Portal access tab, toggle Enable Enterprise Portal for this customer to grant access
  • Use the Portal Version toggle to choose whether the customer sees Classic or New
  • Customers on the New portal access it at {appSlug}.enterpriseportal.app (or your custom domain)

For vendors on the New Enterprise Portal only, Enterprise Portal is always enabled for all customers. No per-customer enable toggle is needed.

Inviting users

To invite a customer's end user to the portal:

  1. Go to Customers > [Customer Name] > Enterprise Portal access
  2. In the Customer Users section, click + Invite user
  3. Enter the user's email address and click Send invite
  4. The user receives an email with an invitation link to activate their account

You can also enable Automatically invite customer email to Enterprise Portal on creation so that every new customer with an email address receives an invite automatically.

Removing users

To remove a user from a customer's portal team:

  1. Go to Customers > [Customer Name] > Enterprise Portal access
  2. In the Customer Users table, click the menu icon (...) next to the user
  3. Select Remove user

Domain restrictions

Restrict which email domains can be invited to a customer's portal:

  1. Go to Customers > [Customer Name] > Enterprise Portal access
  2. In the Authentication section, enable Domain Restrictions
  3. Add one or more allowed email domains (e.g., acme.com)

Only users with email addresses matching an allowed domain can be invited. This prevents accidental invitations to personal email addresses or unauthorized domains.

SAML authentication (Alpha)

Allow customers to use their corporate identity provider for portal login:

  1. Go to Customers > [Customer Name] > Enterprise Portal access
  2. In the Authentication section, enable SAML Authentication
  3. The customer can then configure their IdP details (metadata URL, certificates) from within the Enterprise Portal's team settings

SAML supports just-in-time user provisioning. When a user logs in via SAML for the first time and their email matches a pending invitation, their account is automatically activated.

Service accounts

Service accounts provide programmatic access to the Enterprise Portal (e.g., for CI/CD pipelines pulling install commands or registry credentials).

  • View and manage service accounts on the customer's Enterprise Portal access tab under Customer Service Accounts
  • Service accounts are created automatically when a customer starts a new installation from the portal
  • Vendors can revoke service accounts from the Vendor Portal

Email history

Track all emails sent to a customer through the Enterprise Portal:

  • Per-customer: Customers > [Customer Name] > Enterprise Portal access > Email History
  • Org-wide: Enterprise Portal > Customer Emails
note

The Customer Emails tab is always visible in the Vendor Portal, even when the feature flag is not yet enabled for your team. When disabled, the tab shows a message explaining how to request access.

Email history shows the recipient, subject, type (invite, magic link, etc.), delivery status, and timestamp.

On this page