Loading...
Apps & AI Agents Directory
Portals

Portals

Umbrella surface for every public-facing portal — catalog, identity & recovery, audit log, and analytics across all app-owned portals.

MangoApps

Get
Category
Platform
Version
1.0.0
Installs
0
Published
Apr 2026
Type
App
Overview Highlights Capabilities Use cases Resources FAQ

Overview

Portals is the umbrella that gives every public-facing portal in your business a single home. Each app keeps owning its own portal feature (Field Service its Customer Portal, Recruiting its Candidate Portal, Offboarding its Former Employee Portal, AFO its visitor surface, eSig its kiosk, Drive its public links) — but the cross-cutting concerns live here. Catalog lists every portal with status, owning app, public URL, and "open preview" links. Identity & Recovery is the single home for the OTP / magic-link recovery layer (PortalIdentityRecovery concern) — configure rate limits, masking rules, lockout thresholds applied uniformly to every portal that opts in. Audit Log is a searchable browser over PortalRecoveryAudit, filterable by portal, event, identifier hash, or IP, with CSV export. Analytics rolls up cross-portal visit counts, recovery requests, success rate, and conversion. The umbrella does not own per-portal enable toggles — those stay in the owning app where they belong; Catalog reads them, never writes.

Platform

Highlights

See every public-facing portal in your business in one catalog — status, owning app, public URL, and a one-click preview.
Configure rate limits, masking rules, lockout thresholds, and the default recovery method (magic-link or OTP) once — applied uniformly to every portal that opts in.
Browse the recovery audit log filtered by portal, event, identifier hash, or IP, with CSV export.
Roll up cross-portal analytics — visits, recovery requests, success rate — without each portal needing to wire its own dashboard.
Owning apps keep their per-portal enable toggle. Portals reads catalog state from each app — never writes — so the source of truth stays where the feature lives.

Capabilities

Catalog & Discovery
  • Cross-app portal catalog (PublicPortalConfiguration registry)
  • Status badges (enabled / disabled / requires-token / public-link)
  • One-click preview link to each portal
  • Jump-to-owning-app settings
Identity & Recovery
  • Unified PortalIdentityRecovery concern (magic-link + OTP variants)
  • Per-portal recovery method override (where supported)
  • Sliding-window rate limiting per identifier per portal
  • Identifier hashing (SHA-256 — no plaintext email/phone in audit)
  • Configurable rate-limit window + max attempts
Audit Log
  • PortalRecoveryAudit browser with date / portal / event filters
  • IP and user-agent capture per request
  • CSV export of filtered audit results
  • Configurable retention (default: 180 days)
Analytics
  • Cross-portal recovery rollup (nightly DailyRollupJob)
  • Trend charts: requested / sent / consumed / failed / rate-limited
  • Per-portal totals over a 7d / 30d / 90d window
  • Unique-identifier counts per portal per window
Security
  • Repeat-failure IP feed (top N over a tunable window)
  • Identifiers near lockout (most flagged events per identifier)
  • Cross-portal access patterns (one identifier hitting many portals)
  • Recent invalid-token events
Branding
  • Per-business defaults: logo (Active Storage), primary + accent color, font
  • Portal title, support email, footer text
  • Live preview of branding while editing
Custom Domains
  • Hostname → portal mappings (PortalCustomDomain model)
  • Per-domain verification token for DNS TXT record
  • Lifecycle: pending → verified → active (or revoked)
  • DNS / TLS / edge routing handled by ops (model captures intent)
Limits & Specs
  • Default rate-limit window: 60 minutes (configurable)
  • Default max attempts: 5 per window per identifier (configurable)
  • Default audit retention: 180 days (configurable)
  • Default recovery method: Magic link (per-portal override possible)
  • Allowed roles: Admin, Super Admin

Use cases

See every portal at a glance
Open the Portals catalog to confirm which public surfaces are live in your business — Field Service Customer Portal, Candidate Portal, Former Employee Document Portal, AFO visitor surface, eSig kiosk, public Drive links, and so on. Each row shows owning app, status, and a preview link.
Tune recovery security in one place
A spike in failed OTP attempts? Drop the rate-limit max from 5 to 3 in Identity & Recovery — every portal using PortalIdentityRecovery picks up the new limit on the next request.
Investigate a recovery anomaly
A user reports they never got their portal token. Filter the audit log by their identifier-hash (or IP), see whether the request was rate-limited, dispatched, or actually consumed, and trace the failure mode without exposing plaintext PII.
Audit external access for compliance
Export the last 90 days of recovery events as CSV for SOC 2 review — every send, lockout, and consumption with timestamps, never the plaintext identifier.
Move a portal from magic-link to OTP
Field Service ships with magic-link recovery; you want OTP for parity with Candidate. Flip the per-portal override in Identity & Recovery — no code change, the concern reads the umbrella config.

FAQ

No. Each owning app keeps its own portal enable toggle (Field Service has customer_portal_enabled, Recruiting has candidate-portal config, etc.). Portals only reads — the catalog surfaces state from each app, but flipping a portal on or off still happens in the owning app's settings. This keeps the source of truth where the feature lives.

Three things: (1) the default recovery method (magic-link vs OTP) for portals that support both; (2) rate-limit thresholds for the PortalIdentityRecovery concern; (3) audit retention. Per-portal overrides are possible — the umbrella sets defaults, individual portals can override.

Every recovery event (request, send, failure, rate-limit, consume, invalid-token) is logged with timestamp, IP, user-agent, and SHA-256 hash of the identifier — never plaintext. Configurable retention (default 180 days). CSV export available. For SOC 2 / HIPAA-style audits this is generally sufficient; check with your compliance team for industry specifics.

Two reasons. First, packaging it as an app gives it real surface area — admins discover it, configure it, see analytics. An invisible "platform feature" gets ignored. Second, it gates behind a license so it ships as part of the platform tier rather than free-with-everything; the value (cross-portal control, audit, analytics) justifies the gate.

You probably don't need Portals yet. The umbrella adds the most value when you have three or more public-facing portals; under that, the owning app's built-in settings are usually enough.

You Might Also Like

Workforce Bots
Workforce Bots

Create AI assistants from your documents that answer employee questions 24/7.

View Details
Forms
Forms

Smart form builder with approval workflows.

View Details
Report Agent
Report Agent

Intelligent reporting assistant that generates custom reports from natural language queries with ...

View Details
E-Signature
E-Signature

Electronic document signing with visual field placement.

View Details
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate