Help Center

Client Security

Here's a brief overview of the 2 options you have around client security: passwordless accounts and passworded accounts.

‍

Passwordless accounts:

• Clients do not need to remember password.
• We send a magic-link to client's email. The client can use the link complete questionnaire. This link expires in 1 hour thus it is highly secure.
• When the link expires, the client can easily request another link or request a verification code via SMS.
• Expiring link and verification code are more secure than password because the client may use a weak/common password.

How to Enable Passwordless Sign-In

Add a new client by clicking All Clients and the Add Client button (+ icon). This action will prompt you to add a new client to your firm.

‍

Click the Detailed Attributes below; you'll see the Passwordless sign-in option in the middle, and enable the password-less sign-in by clicking the toggle to Yes.

‍

Once you send a questionnaire to this client (it can be an open item or a reminder), the client will receive the following email, where they can click a link to automatically sign them in and redirect the client to the questionnaire. For security purposes, this magic link expires after 1 hour.

‍

If the sign-in link has expired, it will show the client options to continue.

• To send a new link to their email
• To send a verification code via SMS (only if they provided their mobile numbers)

‍

If client selects Send new link to email, a new link will be sent to the client's email. This link also expires after 1 hour.

‍

If client selects Send verification code via SMS, we will send a 6-alphanumeric code to client's phone. For security purpose, the verification code expires after 5 minutes.

Passworded accounts:

• We send a default password to client's email.
• The client can changes the password after login.

Our Security Suggestions:

• A way for clients to enable 2FA (Two-Factor Authentication) in case the client's email is compromised.
• A way to suggest that client updates password.

How to Enable Passworded Sign-In

Look for the client who requested a passworded sign-in (under All Clients), click the three dots (under Actions) and select Edit Client Information.

‍

Make sure that the toggle for Passwordless? is on No. This option will require the client to use their email and password whenever signing in. This security option is great if a client can create a secure password otherwise, it is advisable to have them use the passwordless sign-in.

‍

‍

How to Send Sign-In Links

Sign-in links can be given to passwordless clients by simply looking for the client requesting for it under the All Clients tab, click the three dots under Actions, and select Send Sign-In Link.

‍

The client will receive this email with the link to sign in into their accounts.

‍

User has to click Open Link to open their accounts on Soraban and set up a password.