Features → Customer Portal
A customer portal that's part of the PSA, not bolted on
Tickets, invoices, estimates, payments, projects, and 2FA — built into the same data model as the rest of OriginPSA. Your customers self-serve; you stop being the helpdesk for things they could resolve themselves.
What you get
A customer-facing portal that runs at /portalon your OriginPSA tenant, branded with your firm's logo and accent color. Customers log in with their own credentials, see only their company's data, and interact with the same tickets, invoices, projects, and estimates your staff sees on the back-end — without seeing the back-end. No separate customer-facing helpdesk vendor. No CRM-portal-billing-portal triple-login situation.
Capabilities
Self-Service Ticket Creation
Customers open tickets with file attachments, set their own urgency hint (subject to your triage rules), and watch status from a timeline that updates as your team works. Replies thread back into the same ticket on both sides — no separate email mailbox to babysit.
Invoice + Estimate Review
Customers see their invoice and estimate history with PDF downloads. Pay invoices online via Stripe (cards + ACH). Estimates accept e-signature inline via SignNow, PandaDoc, or BoldSign — whichever provider you've configured.
Project Status View (Read-Only)
When you link a project to a customer, their portal gets a read-only project page: current budget with stacked change-order deltas, milestone trail, signed change orders, and recent activity. Internal cost, profitability, draft change orders, and pending billing triggers stay hidden.
Per-Contact Permission Scoping
Each portal contact gets a role: 'admin' (sees everything for the company), 'user' (sees only their own tickets), or 'finance' (billing-focused, no tickets). One company can mix scopes — billing@ sees AP, ops@ sees tickets only.
TOTP Two-Factor Authentication
Portal users can enable TOTP MFA from their profile (Google Authenticator, 1Password, Authy, etc). The portal MFA secret is AES-256-GCM encrypted at rest, same as the staff side. Recovery codes issued at setup.
Contact Directory + Self-Service Profile
Portal admins manage their own company's contact list — add, deactivate, update phone numbers — without filing a support ticket. Updates audit-log on the staff side so you see who changed what.
Online Payment Methods
Customers save card and ACH payment methods via Stripe Elements + Financial Connections. Auto-charge on recurring invoices. Failed-charge retry with customer notification.
Branded for Your Firm
Sidebar logo, heading, subheading, accent color, and favicon are all per-tenant. Your customer sees your brand, not ours. Welcome emails go from your domain when you've configured outbound SMTP.
Same Identity Across Customers
A single portal user can have logins at multiple of YOUR customers (e.g. an IT director who oversees three sister companies). Login picks the right tenant context; portal scope follows.
Audit Log Per Action
Every customer-side action — ticket created, invoice viewed, payment made, profile updated, MFA enabled — is logged with user + IP + timestamp on the staff side. Useful for support call lookups and compliance audits.
Who this is for
- MSPs replacing a Zendesk-style customer-facing helpdesk. Native portal means tickets created customer-side land directly in your queue without inbound-email parsing or a Zapier glue layer. SLA timers start from creation; assignment routes via your triage rules.
- MSPs billing recurring + fixed-fee work. Customer portal shows the live A/R picture — invoices outstanding, payments applied, statements available — so the AP person at the customer can self-serve before pinging your billing inbox.
- MSPs running fixed-fee projects with milestone billing. Customers can watch the project budget burn, see signed change orders stack into the current authorized amount, and review milestone progress — without seeing your cost basis or draft change-order amounts.
- MSPs serving multi-site customers. Portal contact roles let one company have a billing person who never sees tickets and a tech contact who never sees invoices. No "create separate logins per role" workaround.
How it compares
Many PSAs treat the customer portal as a stripped-down second product — a separate codebase, a separate identity store, sometimes a separate vendor. The result is a portal that's missing the data the customer actually wants to see, or a portal that's expensive to keep in sync with the PSA.
OriginPSA's portal is the same database your staff app reads from, with portal- aware permission scoping at the API layer. New features ship to both sides at the same time. The customer never sees data they shouldn't — but they also never have to ping you to ask what their A/R balance is.
What it's not
The customer portal is not a public help center. It's authenticated and scoped to your customers. If you also need a public, indexable help center (Zendesk Guide, Intercom Articles), pair OriginPSA with a tool of your choice; the two solve different problems.
Pricing & availability
The customer portal is included on every plan starting at Starter ($29/user/month). Branded white-labeling (logo, accent color, custom subdomain) is Professional ($49/user/month) and above. The read-only project view and milestone trail require the project module, which is Professional and above. See the pricing page for the full matrix.