0
Access Code Portal Protection Feature
This feature allows a portal to be protected by a single access code/password. Anyone who attempts to access the portal will be required to enter the access code before they can view it.
How it works
- Contact your Program Manager (PM) with the portal access code to be used.
- Example: "Summerswag2022"
- Once set, the portal's URL will redirect the user to an access code "landing" page (shown above).
- Entering the correct access code grants access, while entering an incorrect code displays an "Invalid access code" message.
- You can change your portal's access code at any time by contacting your PM with the new code to use. If someone is able to access the portal successfully, but the access code changes, they will be redirected back to the landing page and be required to enter the code again.
- This setting can be used on both credit card and non-credit card portals.
When to use it
Use case examples:
- A portal without a defined user set, but should still be, softly, protected from public use.
- Example.
- Sending your portal link and access code to certain social media users, without having to collect their email addresses in order to add them as portal users.
- A "distributor" portal with items sold to select individuals or companies at a lower markup than they're sold to the public
- Example.
Security Note
Access codes are meant to be a "light" form of access restriction, and we require a second means of restriction on non-credit card portals (e.g. order approvals or an authorized user list). Access codes can get posted online, which would allow anyone to access the portal and place an unauthorized order - we have seen this happen in the past.
Ways to keep your access code more secure:
- Change the code more often
- Use a randomized code to reduce the chance that the code can be guessed
- Ensure your order approver(s) remain vigilant in reviewing orders
- If your use case allows one-time access codes distributed to individual users (most secure)