Support Portal Security Fix
Currently if you have multiple Support Portals, one for each Client (using MSP mode) a client from company A can log into any of the other customer portals. It does require them guessing or stumbling on the url but there's no way this should be able to happen. If information on the portal should contain proprietary information (i.e. client specific KB Solutions) they should only be accessible by users belonging to that company portal.
Related, all the Support Portal settings that are allowed (Allow Sign Up, Require to be Logged in etc) should be available on a per portal basis, not the same set of setting for all portals.
My first feature request, lets hope this doesn't take 3 years to get implemented!
1 person likes this idea
Thanks for writing in! We're about to begin a revamp of our MSP capabilities, and we'll ensure that these issues are addressed as a part of this revamp.
Product Manager, Freshservice