What do you need help with?

We are here and ready to help.

    How to Add Security and Lock Down Your Customer Portal — And Why It’s Critical

    Marcel Gravelle

    15-Apr-2025

    How to Add Security and Lock Down Your Customer Portal — And Why It's Critical

    In today's digital landscape, your customer portal is a crucial touchpoint between your business and your clients. While it serves as a hub for support cases, knowledge base articles, and self-service tools, it also presents a potential security vulnerability if not properly configured. Locking down your customer portal helps protect sensitive data, ensure compliance, and maintain customer trust.

    In this guide, we'll show you how to secure your Supportbench customer portal, step-by-step, and explain why each setting matters.

    Why Securing Your Customer Portal Matters

    Security breaches don't just happen to large enterprises — even SMBs are targets. Leaving your portal exposed can lead to:

    • Unauthorized access to customer data

    • Data leaks through unprotected cases or knowledge base articles

    • Spam or malicious case submissions

    • Compliance violations (e.g., GDPR, HIPAA)

    Taking the time to secure your portal strengthens your brand's integrity and keeps both you and your customers safe.

    How to Lock Down Your Supportbench Customer Portal

    To configure security settings in Supportbench:

    Navigate to:
    Configuration > Self-service > Portal
    Select your existing portal or create a new one.
    Then click the "Security" tab.

    Here's a breakdown of the key fields and what they do:

    1. Divisions

    Purpose: Controls content visibility based on organizational divisions.

    What it does:
    When you assign a division to a portal, only content tagged with that division—Articles, Containers, Cases, and Customer Fields—will be visible to users. This is essential for companies with segmented clients, departments, or multi-brand operations.

    2. Customer Roles

    Purpose: Restricts access to authenticated users with specific roles.

    Why it matters:
    Enabling this ensures that only logged-in users with approved roles can access the portal. It prevents unauthorized users or bots from viewing sensitive content.

    3. Unrestrict Cases

    Option: Yes/No
    If your portal restricts content by division but you want all cases to be visible regardless of division, enable this option. It's useful if your knowledge base needs segmentation, but support cases should be universally accessible.

    4. Anonymous Case Creation

    Option: Yes
    Allow users to submit support cases without logging in. They'll need to provide a name and email, but won't require an account.

    Recommendation:
    Enable this only if you need to offer open support access. Otherwise, disable it to prevent spam and preserve data integrity.

    5. Containers

    What it does:
    Choose whether to show all public knowledge base containers or manually select which ones to display. This controls the information available to your community and can help prevent content leaks.

    6. SAML Authentication

    Enable: Yes
    Force Redirect: Yes

    SAML (Security Assertion Markup Language) allows for Single Sign-On (SSO), letting users log in via identity providers like Okta or Azure AD.

    • Login URL: The identity provider URL for redirecting users.

    • Logout URL: Redirect after sign-out.

    • Certificate: Public key used to verify login responses.

    Why it's important:
    SAML boosts security by centralizing authentication, enforcing secure policies, and preventing password reuse across platforms.

    7. Username Mapping

    You can map usernames using either the email address or an LDAP username field, depending on how your directory is set up. Choose what aligns best with your internal authentication system.

    8. LDAP Authentication (Optional)

    Enable: Yes
    Require existing contact: Yes
    LDAP Site: HTTPS-only, basic authentication
    Port: Typically 443

    LDAP lets you authenticate users against your organization's directory without relying on the built-in system.

    Note: Only contacts already in Supportbench can authenticate, reducing the risk of unauthorized access.

    Final Thoughts

    Securing your customer portal isn't optional—it's essential. Whether you're managing access with divisions and roles, enabling SSO through SAML, or restricting content visibility, these steps all play a crucial role in protecting customer data and ensuring smooth, secure experiences.

    Key Benefits of a Locked-Down Portal:

    • ✅ Reduced risk of data breaches

    • ✅ Compliance with security standards

    • ✅ Better control over who sees what

    • ✅ Increased customer trust

    Ready to secure your Supportbench portal?
    Start with the security tab in your portal settings and audit each option. A few clicks today can prevent major issues tomorrow.

    Facebook Share Tweet

    Was this article helpfu?

    Yes No

    Thank you for voting

    Comments

    ×
    Select company

    You are related to multiple companies. Please select the company you wish to login as.