1. In the automobile industry  - You have an automobile shop and want to track your customers' details, your sold vehicles, and servicing schedules. To do this, you can create a portal and share it with your portal users. The customers can view and edit their details in the portal, and they will be updated in your CRM records. Similarly, if they want to get their vehicle serviced, they can fill in their details using the portal.
   

1. In the FMCG industry - At a retail store, you can send bulk invitations to all the vendors that supply products to your store to keep track of inventory flow. This way, vendors can modify orders and access and edit details like pricing, stock availability, contact information, and delivery discrepancies.
   
   
2. In an educational institute  - If you run a school, instead of manually entering every student's details, you can provide parents with access to the portal. They can add, update, or view their child's details in the portal, and share the students' grades and performance scores with the parents through the portal.
   

1. For business partners  - You run a software company and use CRM to follow up with your contacts and leads, or to track multiple deals that are at different stages. There is a meeting with the partners, and you want to discuss all the contacts and the deals that have the highest revenue. Imagine how tedious it would be to share this complex information with individual partners. You can easily manage this situation by creating a portal for the partners, where you give them access to the Contacts module and add a contact lookup in the Deals module in CRM. This will enable them to view the contacts and their associated deals and add or remove details in the modules based on their permissions.
   

1. For employees - You can utilize the enhancement to invite your employees to access the Portal for viewing, editing, and performing specific tasks. This can also be used as a self-update portal if there is a custom module with the database of your employees.
   

1. You can configure up to five portal user groups. By default, you can invite a total of up to 1,000 users across the user groups (Leads, Contacts, Vendors and Custom modules) for free. 
   
2. To purchase additional portal user licenses, refer to the table below for prices. If you need any help regarding the purchases, contact support@zohocrm.com.
   
   

Let's say that you need a portal for your retailers and portal user licenses for them. You can create a portal user group called "Retailers" and invite your retailers to the portal. As your business scales, the number of retailers increases. Let's see how much it costs to add them to the portal:

1. For 500 portal users:
   The first 1,000 users are free. Since all 500 users fall within the free slab, there is no charge.
   Total monthly cost: $0
   
   

1. For 5,000 portal users:
   First 1,000 users: Free → $0
   Next 1,000 users (1,001 - 2,000): 1,000 × $3 = $3,000
   Remaining 3,000 users (2,001 - 5,000): 3,000 × $2 = $6,000
   Total monthly cost: $0 (free) + $3,000 + $6,000 = $9,000
   
   

1. For 12,000 portal users:
   First 1,000 users: Free → $0
   Next 1,000 users (1,001 - 2,000): 1,000 × $3 = $3,000
   Next 9,000 users (2,001 - 11,000): 9,000 × $2 = $18,000
   Remaining 1,000 users (above 11,000): 1,000 × $1 = $1,000
   Total cost: $0 (free) + $3,000 + $18,000 + $1,000 = $22,000

1. Edit associated records - A portal user can edit records that are associated with them, that are added by other CRM users, if they have the Edit (Shared) permission. For example, if a deal or account is associated with the portal user, then he can edit the details of those records. 
   
   
2. Edit information in a record - They can edit the fields (even the ones present in subforms) on a record that is shared with them, such as address, phone number, email address and other details. The changes will reflect in the CRM.

Note: Subform permission needs to be maintained separately. Permissions set in the parent module's Portal Module Configuration will not be applicable for subforms. 

1. Clone records associated with the leads/contacts (deals, invoices, quotes, etc.) - They can clone other records that are associated with them and add more details as required. For example, if a portal user wants to replicate a deal, quote, or invoice, then instead of creating a new record from scratch, they can clone an existing record and make edits wherever necessary.
   
2. Enforce Multi-factor Authentication (MFA) - Admins can enforce multi-factor authentication across the entire portal to ensure consistent, enhanced security for all users.
   
3. Set up Multi-Factor Authentication - They can individually enable and manage Multi-Factor Authentication (MFA) from their account settings when an org-wide enforcement is not enabled. 
   
4. Manage Passwords - They can manage their passwords and thus getting more control and convenience.
   

Note. We are supporting only OTP authenticator mode now. 

Portal for trial edition

1. If you subscribe to Free Edition, then the portal details will be deleted after 30 days.
   

Setting up Portals

Setting up a portal involves the following four steps:

1. Configuring Portals
   
2. Creating a portal user group
1. Providing user group details
2. Configuring the portal module
   
3. Specifying field permissions
   

By default, your company's name will be taken as the portal name, and it will be used to generate a URL, which your customers will use to access the portal. 

Configuring Portals

1. Navigate to Setup  >  Channels  >  Portals.
   
2. In the Portals page, click Get Started Now.
   Your company's name will appear as the default portal name.
   
   
3. Edit the Portal name, if required. If the portal name is already in use, Zoho CRM will prompt you to change it. You can change the portal name while creating the portal.
   
   
4. The customer portal URL will be generated, and the portal name will be available. Click Configure Now.
   
   
5.  Your portal is now created. You can now invite your contacts or do it later.
   
   

Next, create a portal user group, configure it, set field permissions and invitation preference. Currently, invitation preference and the ability to send portal invitations to phone numbers are only supported for companies registered in India.

Once a portal is configured, you will not be able to delete it.

Note

1. When you create a portal, a default portal user group called Client Portal will be created that cannot be deleted. However, you can turn the Status off and on the user group whenever required.
   
   
2. You can create four other user groups and invite a up to 1,000 users in total without payment. To add more users, you need to purchase. Learn more about licenses and pricing.
   
3. You can invite and add users of the same email domain as that of the super-admin to the Client Portal user group, for example, your employees or partners. 
   
4. Setting invitation preference as phone will only be available if you've enabled Notification SMS integration.
   
1. For now, invitation preference and the ability to send portal invitations to phone numbers is only supported for companies registered in India.
   
2. You can send portal-related SMS messages from your registered sender IDs to customers in India.
   
3. Phone number-based invitations and logins will be made available to organizations worldwide in our future releases.
   
5. After the invitation preference is set for a portal user group, you will not be able to modify it once users have been added to it or if a portal form has been created for it. If you need to do so, please contact support@zoho.com.

Editing a portal URL

You can edit the portal name once it is created. The portal users will be notified about the URL change so they continue having unhindered portal access.

Portal user groups

The first step after you create the portal link is to decide the user group in order to create one. Determine which type of users the portal user group is created for.

For example, Portal users can be

1. Partners who are generating leads for you
   
2. Vendors who are accessing your database for stock information
   
3. Students managing their profile and curriculum
   
4. Patients managing their profile, diagnosis, prescription, and appointments
   
5. Resellers who sell your products
   

Please note that the first portal user group must be a customer. 

Creating a Portal User Group

1. Navigate to Setup → Channels → Portals
   
2. Click Create User Group
   
   

After this, there are three major steps in the creation of user groups: 

User Group Details

Portal Module Configuration

Field Permissions

User Group Details

1. Define your portal user group. In the field Portal User Group Name, enter a name, such as parents, partners, or service agents.
   
2. In the next field Primary Module, choose the main module that will determine the users of that portal user type.
   
   
3. After selecting the primary module, more fields follow. In the Other Module(s) field, choose the related modules, including public modules and web tabs, applicable for that portal user group.
   
   
4. Under Portal Invitation Preference, in the field Send Invitations Via, select your primary invitation mode from one of the two modes: Email/Phone.
   You can decide the mode (email or phone) by which external users are invited to a portal. Templates can be created for both email and phone invitations:

   1. To learn about portal invitation templates for email, see Email templates.
      
   2. SMS templates for portal-related messages can be used once they've been DLT-approved and verified by Zoho.
      
5. In Related Field, select the field that holds the email address or phone number. The portal invitation will be sent to those email addresses or phone numbers.
   
   
6. Click Next.
   

Choosing invitation preference:

1. The option for portal users to log in with their mobile number and receive SMS notifications will not be available to all users and is currently supported for companies registered in India.
   
2. You can send portal-related SMS from your registered sender IDs to customers in India.  To send invitation to users, mobile number should start with +91.
   
3. Telecom Regulatory Authority of India (TRAI) has enforced DLT (Distributed Ledger Technology) to ensure only legitimate SMS messages are sent to customers in India. The portal invitation SMS message must be sent via an Indian Sender ID, registered with the DLT.
   
4. This option will be available for organizations throughout the world with our future releases.
   

The option to set invitation preference as Phone will only be available if you've enabled Notification SMS integration. Credits for sending portal-related SMS messages will be consumed from the Notification SMS integration's credits.

Portal Module Configuration

Once you have defined the user group, it is time to configure the data type you wish to share with your clients.

Following are the terms involved in the configuration process:

1. Layouts: Select one or more layouts, as well as the wizards available for those layouts for the portal users to access for the primary and other related modules.
2. Permissions: You can set the permission level for each record in a module. Portal users will only be able to perform actions on the records based on their permission. For example, you can allow the portal users to view or edit their license number or mailing address, or give a vendor read-only permission to purchase orders. Choose create, edit, view, delete, or edit (shared) module permissions. The edit (shared) permission will allow portal users to edit those records that have been added by CRM users to the module. 
3. Linked as & Conditions: Establish a relationship between the primary and the other modules to educate the tool about how records in this related module are related to the primary module. Choose the connecting lookup fields or multi-select lookup fields. This helps the tool display all the transactional information of the portal user in the portal and acts as the personal exposure of their data. 
   In addition to this direct transactional information, if you'd like to expose other records with a desired trait—that can be achieved by means of conditions. You can configure both linking fields and/or criteria to display records in the related modules.
1. Match by value: Here, you can define a criteria based on their values. For example: You can choose to display all records in the Architects module if their experience is greater than 6 years.
   Architect experience >= 6 years
   
2. Match by field: This condition is a comparison of values by field. For example: you can choose to display all the records from the related module if the value of the field from the primary module is/isn't/is equal to/does not contain the field value of the record from the related module.
   
   Warehouse state contains the Mailing province of contacts.
   
   
4. View Type: Choose the desired module view orientation as either List view or Canvas view for the records.
   

Follow the below steps to configure the Portal user group:

Step 1: Primary module configuration

For the primary module, you will have a default view permission. If you'd like to give the users more permissions like create, edit, delete and others, you can do the same in this tab. You can also determine the layout/wizards which you choose to expose to the portal users. In addition to these activities, you can provide conditions as to what records from the module should be on display for the portal user.

Step 2: Related modules configuration

You can configure all the related modules you want to expose to the portal user, one after the other.

In summary:

1. The primary record from step 1 is always visible for the portal user irrespective of the relationship they have with the related modules.
2. If you have configured your related modules via lookup fields, the portal users' transactional records will be visible.
3. If you have configured your related modules via conditions, then the records in the module matching the criteria will be exposed.
4. If you have chosen to expose records based on both lookup and criteria, then the portal users' related records along with the records meeting the conditions will be exposed.

Step 3: Public module configuration

Portal users can access modules designated as Public read only or Public read/write/delete (through data sharing settings). These modules will be listed under the Public Modules section, allowing users to view records within them.

The Products module must be shared with the portal users to allow them to associate products with the records present in the Inventory modules.

Step 4: Web Tabs

The selected web tabs will be listed without requiring any setup as the main factor to consider here is Permissions. By default, only View permission is available for all the web tabs.

Step 5: Click Next.

Field Permissions

The related modules that you selected in the previous step (Portal Module Configuration) will be listed under the Field Permission section. You can select the fields that you want the portal users to access. You can also mark the fields that you do not want the customer to edit as Read Only. The mandatory fields inside the CRM will also be marked as mandatory in the portal. You can also share subforms with the portal users.

Portal users can view the price of a product only if they have view permission for the "Unit price" field in the Products module.  

To specify field permissions

1. In the Field Permissions page, select the check boxes for the fields that need to be available for the portal users.
2. Click the Read Only checkbox, if required.
3. Click Save and Next to move to the next layout or module to define field permissions.
   
   
   
   Field permissions are specific to each module. They are not specific to layouts.
   
4. Repeat the above steps for all the modules and layouts.
   
5. If the parent module has subforms, select the subforms and set the respective permissions.
   
6. Click Finish to save all the details.

Multi-Factor Authentication and Password Management

Organization-wide multi-factor authentication for portal users

CRM users with the Manage Portal permission can enable MFA across the entire organization.

• When MFA is mandated, all portal users are required to authenticate using an MFA code during their next login.
• Portal users who are already logged in are not interrupted. However, MFA is required the next time they sign in.

When a portal user logs in for the first time after org-wide MFA is mandated, they are prompted — after entering the TOTP from their authenticator app — to choose whether or not to trust the browser.

• If they select Trust this browser, they will not be required to enter a TOTP during subsequent logins for the next 180 days.
  
  
• If a user loses access to their authenticator app — such as losing their phone or deleting the app — the portal admin can reset MFA for that account. This can be done by users with either the Manage Portals or Manage Portal Users permission.
  
  

Note: Portal users cannot disable MFA or delete their authenticator app when org-wide MFA is mandated.

Individual MFA setup for portal users

When MFA is not mandated org-wide, portal users can enable it individually from their account settings.

They can also manage or delete their MFA configuration at any time, giving them the flexibility to add a layer of security even when it is not required.

Note: When MFA is enabled, the user is required to enter an OTP from their authenticator app during each subsequent login.

Change password option for portal users

Portal users can manage their passwords directly from their account. A Change Password option is available under the More option in the portal user account, giving users a straightforward way to update their password without having to use the Forgot Password option at login.

  

View Portal Preview

View portal preview

Once the portal configuration is complete, you can preview the portal to see how the customers will see the records.

To view the portal preview

1. Go to Setup > Channels > Portals.
   
2. In the Customer Portal Configuration page, click Preview.
   
3. Select the Portal User Group from the drop-down list to view the preview.
   

Note
You can view the portal summary after the portal module configuration is completed. You can modify the Portal Module Configuration and Field Permissions anytime later.

 

Purchase portal users

To purchase portal users from within the portal configuration page

1. Go to Setup > Channels > Portals.
   
2. Click Purchase.
   
   
3. Enter the count of portal users you want to purchase and click Calculate Price.
   
4. If you hover your pointer over the question mark, you will find details on how the price was arrived at. 
   
   
5. Now, click on Make Payment and make the payment.

To purchase portal users from the Manage Subscription page

1. Click your Profile icon and select Manage.
   
   
2. Click Upgrade User / Add-Ons in the Subscription page.
   
3. Select the number of portal users and click Proceed.
   
4. Click Make Payment.

 

Working with portal user groups

Portal invitations

Learn about inviting users via Portal forms, and signing up using the forms.

Auto-Invite users to portals

You can automatically send portal invitations to users based on predefined conditions, removing the need to manually enable access for each user. It helps you ease the process by setting conditions to trigger invites, customizing them with language preferences, and tracking failed invitations with detailed logs to quickly identify and resolve issues.

To send auto-invites to users :

1. Navigate to Settings >> Channels >> Portals.
   
2. Select the portal for which you want to send auto-invites.
   
3. Click Settings again >> Auto-Invite.
   
4. Click Configure Now.
   
5. Select your language preference : Single Language or Multiple Languages
   
6. If you've chosen a single language, choose the invitation language and specify the record condition.
   
7. If you've chosen multiple languages, choose the invitation language and specify the condition for the number of languages you want your invite to be sent. Click Add condition for another language to send invites for more languages.
   
8. In this case, you can set a common condition which needs to be met first before the language-specific conditions are met for invites to be sent. Click Common Condition and specify the record condition here.
   
   
9. Click Save.
   

Manage Auto-Invite configurations

You can edit, pause, or delete auto-invite configurations whenever needed. Click Edit Configurations to edit your auto-invite setup. To avoid sending invites while editing configurations, you can choose to Disable Auto-Invite, make the required edits, and then re-enable auto-invite. To delete a configuration for your portal, click Delete Configuration.

View Failed Invitations through Auto-Invite

You can keep track of failed invitations, including details like the record name, email address, failure date, and the reason for failure. This allows you to quickly identify and fix issues.

Limits :

1. Number of languages sets allowed = 25

2. Number of conditions allowed per set/language = 10

Invite users individually to a user group

Once you have created the portal, you can start inviting the customers. The email invitations will contain the portal URL details. Once the users accept the invitation, they will be prompted to set a password. In the portal, the customer must first set basic information like their preferred language, time format, time zone, and country. By default, these will be filled based on the locale information of the CRM user who sent the invite. The exceptions are the country and language details, which will be based on the portal user's browser information. They will then be redirected to the module page that they have been given access to.

To send an invitation

1. Go to a module (Leads, Contacts, Custom module) and select a record.
   
2. In the Record Detail page, click the More icon, and click Send Portal Invitation.
   
   
3. Select the portal user group.
   
   
4. Choose the template language to be used for the invitation email.
   
5. Click Invite.
   
   

Invite users in bulk to a user group

You can send bulk invitations to leads, contacts, or others from the module for which a portal is created. For example, if you create a portal for the leads module, you can invite your leads to access the portal. Bulk invitations can be sent to users who are not invited to any portal yet and have a valid email address.

To send bulk invitation to users

1. Navigate to Setup > Channels > Portal.
   
2. Click on a portal and go to the Users tab.
   
3. Click Invite users.
   
   
   
   
4. Select the users from the list displayed and click Send Invitation.
   
   
5. Choose the template language and click Send invitation.
   
   

Once sent, the Portal actions status dialog box shows you the number of users who have received and not received the invitation. You can check the reason for the failed delivery of the invitation by clicking on View failed invitees.

Note

1. The invitation email will be valid for 7 days only.
   
2. A portal user cannot be assigned as the record owner even if they create a record.
   For example: Russell Brown is a CRM user who invites Sage Weiser to access the portal with the permission to create contacts and deals. When Sage creates a contact through the portal, it will be added to the CRM database and Russell Brown will be the owner of the new contact.
   
   

View reasons for portal invitation failure

There are several reasons for a failure in sending portal invitation to the users. Once the invitation is sent, a message will pop in your CRM account showing the number of successful or failed invitations.

By clicking on the View failed invitees, one can see the users who failed to receive an invitation and the reason for the same. 

There can be following reasons for a failed invitation:

1. Record is waiting for approval - If the record is awaiting approval from any approval process, then the invitation will not be sent as the record will be locked during this period.
2. Record is waiting for review - If the record is part of the review process, then a portal invitation will not be sent to the record.
3. Record does not have consent - If a user has enabled consent as part of the GDPR process, then portal invitation will not be sent.
4. Email address has unsupported characters - Uppercase and lowercase letters in English (A-Z, a-z), Digits from 0 to 9 and special characters such as @. - _ + are supported in the email address. If the email address is not in the above format, the portal invitation will fail.
5. Email address is anonymous - If the specific email domain is spammed, then you cannot send an invitation.
6. Reached the maximum limit of user licenses for the portal - If the org has reached the maximum number of users that can be invited for a portal.
7. Portal user already exists - If the user is already part of a portal user group, then you cannot send another invitation.
8. No record exists - If a record is already deleted from CRM and due to any reason if an invitation is sent to the record, it will be declined.
9. You don't have the permission for the module - If the CRM user doesn't have the permission for a module he is sending, then the invitation will be declined.
10. You don't have the permission for the record - If the CRM admin doesn't have the permission for a particular module, then they will be restricted from sending invitations from that module.
11. Record is in the recycle bin - If the record of the user to whom the invitation is sent is moved to the recycle bin due to any reason, then the portal invitation will not be sent.

Edit invitation preference

You can edit the invitation preference only when no users or portal forms have been added to the user group.

To edit invitation preference

1. Navigate to Setup > Channels > Portals.
   
2. Select a user group.
   
3. On the top-right corner, click the edit icon near Sent to: [Invitation Preference].
   
   
4. Make the changes and click Finish.

Delete a user group

There may be instances when you want to remove a particular portal user group. In that case, you will first have to transfer the users to another portal user group and then delete the portal user group. You can only transfer the users to another portal user group if you want to delete their original portal user group. If you have not associated any user to a portal user group, you can delete it as it is.

To delete and transfer a portal user group

1. Go to Setup > Channels > Portals.
   
2. Select a portal user group, hover over it, then click the Delete icon.
   
3. If there exist users in the user group and another user group of the same module, then to transfer the portal users, choose a portal user group from the drop-down list and click Transfer and Delete.
   
4. If there are no users in a user group, you can directly delete it by clicking Yes, Proceed.
   
   

Note

1. The Client Portal user group, which comes with the Contacts module by default, cannot be deleted.
2. If there exist users in the user group and no other user group of the same module, you will not be able to delete a portal user group.
   
   
3. If you want to rename a portal user group, click the Edit option in the Portal Configuration page.
   
4. You can deactivate users who are added to a portal if you don't want them to be a part of it anymore. You can add another user instead, as deactivated users won't count towards your user license.

Deactivate a user group

You can deactivate a portal user whenever you need to.

To deactivate a portal user

1. Select a portal user group and click Users.
2. In the Users tab, filter the confirmed users
   
3. Turn the Actions toggle of the user off 
   

Managing Data Privacy of Portal Users

Data processing basis

As a Data Controller, to be GDPR compliant you need to process data based on one of the lawful bases. Based on your business requirement and discretion, you can choose a processing basis from the following bases: legitimate interests, contract, legal obligation, vital interests, public interests, and consent. If consent is the lawful basis used to process data, Zoho CRM provides an option to allow portal users to access the details you store about them and provide consent to process their personal data.

You must consider the below points when setting data privacy for the portal users:

• The data privacy tab will be displayed for a record only if the compliance settings are turned on.
  
• The portal user can view the data processing basis in their account only if the data processing basis is Consent.
  
• The portal user can also update the consent details of the leads or contacts that they have added.
  
• The portal user can update their consent details from within the portal.
  

Data subject rights

Under GDPR, the portal users have certain rights regarding their personal information. They can manually add a request from the data privacy section in the portal for the following rights:

• Right to delete
  
• Right to stop processing
  
• Right to export
  
• Right to rectify
  

They can also add requests in the portal on behalf of the contacts or leads that they add to the portal. See Also Data Subject Rights