Limit Profiles that can Login to the New Portal
We are enabling the new portal for Fund Advisor only for now. However, the portal does not LIMIT access to the portal to just Fund Advisor.
The portal currently allows anyone with an email address associated with a profile in our system to use the primary email and a pin to get into the portal and manage their contact information.
Is there a way to detect if the email entered is in our system and does NOT have a designation associated with an area we have enabled on the portal and then display a message that can be customized by us?
In our case, we would want to tell them that they do not have access to the donor portal at our foundation and to contact xxxx if they have questions. We would then customize the message as we open more areas of the portal.
We see this as a problem specifically for our grantees who often end up on our donor portal when they were trying to get to GLM. We do not want them to think that because they are seeing their profile, they should also be seeing grant applications.

3/12/2025:Login: We have implemented an update to the portal login process to enhance security and provide more controlled access based on profile designations. This change significantly improves security by limiting who can log in with an email and controlling which profiles are visible to the user. The enhanced login flow helps ensure that users only access profiles relevant to their designated roles. The email login method is now limited to profiles that have a designation enabled for portal access. If the email entered is not associated with any profile, no pin will be sent to the user. If the primary email on the profile does not have a designation enabled for the portal, they profile will be taken to the profile page. If the email is valid, but does not match the expected criteria, the user will be directed to the “Enter your PIN” page. The messaging will clarify that "If we have the email in our system, we will send you a pin." Logins will expire after 1 day following the same process as a logged in user. If a user has a username and password set up they will no longer be able to login with just the email. If a profile has a user set up but not a password, the login is possible with email.
-
Sally Weldon commented
My assumption is this doesn't happen if the user logs in using the login and password assigned on the Profile record. This only happens if the users log in using the email address and PIN which would limit the login to only the one user and their Fund Advisor account. Do we know?
-
Brandy Hobson commented
In the new fund advisor portal some of our advisors are experiencing a screen with multiple boxes to select from before they can enter their fund page. The boxes represent various other places their email exists in the system. In our system this included Historic Interfund profiles left over from FIMS, kept to retain the record. It also includes and commercial giving vehicles they might have used that were associated with their email. Lastly, there is box for the household and the individual. We are not currently using the donor portal.
This caused confusion to our fund advisor. She was unsure which box to select and was very curious why there appeared to be a link to her commercial DAF.
We have already gone through and removed emails from the historic interfund and commercial gift profiles. That leaves just the individual and household boxes.
Do we have a way to put some language on this page? I can not identify the page it might be based on the content tab in portal. Success recommended putting an asterisk on the individual profile name but this isn't going to work for us.
Maybe it's best to make this a toggle off option.
-
Julie commented
Yes! This is going to be a significant issue for grantees that think they're logging into GLM and Board Members who think they're logging into the secure section of our website.
-
Sally Weldon commented
also, the PIN login by anyone (owner, profile, grantee) doesn't log - so we can't see how much activity is going on in the system by the logins that bypass the login/password option. Each Portal tab or Profile Designation should have a toggle as to whether this type of login is allowed. Then a Profile with ONLY Grantee designation wouldn't have the option to "drop off" into the Profile record, they could however get a screen that there's not a portal activated at this time or better, something we could customize. The entire idea of the PIN should be optional for us.
-
Susan Lotreck commented
I was not aware of this issue. We too will be enabling the portal for Fund Advisor only at this time.
-
Jenny C commented
I just implemented the new Portal and was very surprised to learn that ANY profile with an email address in CSuite can log in with a PIN. I even made a profile Inactive (in the Sandbox) and found it can still log in. This Portal access is a large extension of functionality from the Legacy Portal, far beyond us being able to decide whether only Fund Advisors, or Nonprofits, or Customers get access.
I don't recall this being talked about in the training video and I'm wondering if other CSuite users even know this is a thing.
-
Michelle Schneider commented
If you don't want to let Hackers know what email is valid / invalid, can you send an email with customized content informing them that they are not authorized to use the portal at this time (instead of sending a PIN)?