How Customers Authenticate and Access the Portal

Last updated: March 19, 2026

Customers access their portal and projects using a secure, one-click access email — no password to remember. Organizations that have enabled Federated SSO can also allow customers to authenticate through their own identity provider.

Before You Begin

  • The customer must be added to a project by your team (unless self-service registration is enabled).

  • Customer emails must be enabled in the project settings for invites and access emails to be delivered.

1. One-Click Login (Default)

The default authentication flow for customer portal access:

  1. The customer opens the invite email sent by your team.

  2. The email includes a secure Accept Invite & Join Project button.

  3. Clicking the button takes them directly to the portal and into their project — provided they aren't already logged in on that device.

If they're already authenticated in the portal on that browser, they'll land directly in the project with no additional steps. Invite emails are valid for 14 days, giving customers plenty of time to respond even with travel or weekend delays.

When a customer needs to request access on their own (for example, from the portal login page), they'll see a Request Project Access via Email button — a secure link is sent to their email for one-click entry.

2. Federated SSO for the Customer Portal

Customer organizations can now authenticate to the portal using their own identity provider (IdP) — such as Okta or Azure AD — instead of the default email-based login. This eliminates the need for separate portal credentials and streamlines the experience for customers who already use SSO internally.

Federated SSO for the customer portal is configured separately from your organization's internal SSO. To enable it for a customer organization, contact your OnRamp Account Manager or support@onramp.us.

3. Granting Portal Access

Customers can only access the portal once they've been added to a project by someone in your organization.

  1. Go to Projects in the left-hand menu.

  2. Open the relevant project and navigate to Members.

  3. Add the customer's email and send the invite.

4. Self-Service Registration (Optional)

If your organization has enabled self-service registration:

  • Any user with an authorized email domain can enter their email and receive a one-click login email.

  • After logging in, they can create new projects using available playbooks.

  • They will not see other projects unless explicitly invited.

Tips & Troubleshooting

  • Not receiving the invite? Confirm the email address was entered correctly, check spam/junk folders, and resend the invite from Project → Members.

  • Invite expired? Invite emails are valid for 14 days. If the link has expired, resend the invite from the same location.

  • Already logged in but not reaching the project? Clicking the invite link while authenticated will take you directly to the project. If it doesn't, try refreshing or clearing your browser cache.

  • Interested in Federated SSO for your customers? Contact your Account Manager to discuss setup — it requires configuration at the customer organization level.