Self-Service Portal
The Self-Service Portal lets an organization delegate well-defined, owner-level tasks to the people closest to the equipment or the relationship, without granting them access to the Administration Portal or to the underlying network systems. It is the mechanism that lets access administration scale without concentrating every task on a central team.
At a glance
- Audience
- Delegated end users: group leads, residents, hosts, vendors
- Sign-in
- Email magic link by default, optional SAML 2.0
- Covers
- Owner-level tasks within a single service context
- Boundary
- No access to the Administration Portal or other contexts
Purpose and audience
Section titled “Purpose and audience”The portal is for delegated end users who carry out a narrow set of tasks within a single service context. Common audiences include a group lead who manages their own group, a resident or unit owner who manages their own connection, an event host who manages their own attendees, and a vendor or contractor who manages their own devices. Each delegated user sees only their own scope.
What it covers
Section titled “What it covers”The exact tasks depend on the service context the user is delegated into. Across the services, self-service typically covers managing one’s own group, devices, or units, inviting and managing the users within one’s own scope, viewing connected devices and recent activity, and retrieving reports relevant to that scope. The portal is mobile-first and responsive, suited to occasional, focused use.
Sign-in
Section titled “Sign-in”The Self-Service Portal authenticates separately from the Administration Portal. Sign-in uses an email magic link by default, with optional SAML 2.0 single sign-on against the organization’s identity provider. Self-service sign-in does not carry administrative role mapping; a delegated user receives only the scope they were granted in the relevant context. See Identity and Authentication.
Boundaries
Section titled “Boundaries”Delegated users never reach the Administration Portal, another organization, or another context. They cannot change organization-wide settings, and they cannot exceed the permissions defined for their role in their context. This keeps delegation safe to extend widely.
Related sections
Section titled “Related sections”- Roles and Administration Levels: how delegated permissions are defined.
- Administration Portal: where delegation is configured.
- Tenant and Organization Structure: the scope a delegated user is bound to.