# Manage Enterprise Portal customer access This topic describes how to manage customer access to the Enterprise Portal from the Replicated Vendor Portal. It includes information about enabling the Enterprise Portal, managing user invitations, enabling SAML authentication for Enterprise Portal logins, and more. For information about how your end customers can manage, invite, and remove team members in their Enterprise Portal, see [Log In To and Use the Enterprise Portal](enterprise-portal-use). ## Manage access to the Enterprise Portal {#manage-ep-access} You can enable the Enterprise Portal globally for all customers, or on a per-customer basis. When the Enterprise Portal is disabled for a customer, they have access to the Replicated Download Portal instead. :::note The Enterprise Portal supports Embedded Cluster and Helm CLI installation methods only. Customers that use KOTS in an existing cluster or kURL can continue to use the Download Portal. ::: ### Enable the Enterprise Portal globally {#enable-global} To enable the Enterprise Portal globally for all customers: * Go to **Enterprise Portal > Customer Access**. In the **Portal Access** section, enable the **Enable Enterprise Portal for all customers** toggle. ![enterprise portal access toggle](/images/enterprise-portal-access-toggle.png) [View a larger version of this image](/images/enterprise-portal-access-toggle.png) ### Enable the Enterprise Portal per customer To enable the Enterprise Portal on a per-customer basis: * Go to **Customers** and select the target customer. On the customer's page, go to **Enterprise Portal access** and enable the **Enable Enterprise Portal for this customer** toggle. ![customer-specific enterprise portal access toggle](/images/customer-enterprise-portal-access-toggle.png) [View a larger version of this image](/images/customer-enterprise-portal-access-toggle.png) :::note When the global **Enable Enterprise Portal for all customers** setting is on, the per-customer toggle is disabled. To manage Enterprise Portal access on a per-customer basis, disable the global setting. See [Enable the Enterprise Portal Globally](#enable-global). ::: ### Automatically invite customers on creation {#auto-invite} You can enable automatic invitations so that each new customer automatically receives an Enterprise Portal invitation on creation. You can also override this global automatic invitation setting for individual customers. For more information, see [Create a customer](releases-creating-customer#create-a-customer). #### Requirements * Enable the **Enterprise Portal > Customer Access > Enable Enterprise Portal for all customers** setting. Disabling this setting automatically turns off automatic invitations. See [Enable the Enterprise Portal globally](#enable-global) on this page. #### Enable automatic Enterprise Portal invitations To enable automatic invitations: * In the Vendor Portal, go to **Enterprise Portal > Customer Access**. In the **Portal Access** section, enable the **Automatically invite customer email to Enterprise Portal on creation** toggle. ## Configure allowed domains for user invitations You can restrict user invitations for a customer's Enterprise Portal to specific email domains. When you add allowed domains for a customer, only users with allowed email domains can be invited to the Enterprise Portal. To configure allowed domains for a customer's Enterprise Portal invitations: 1. In the Vendor Portal, go to **Customers** and select the target customer. 1. On the customer's page, go to **Enterprise Portal access**. In the **Authentication** section, enable the **Domain Restrictions** toggle. ![Enterprise Portal domain restrictions](/images/enterprise-portal-domain-restrictions.png) [View a larger version of this image](/images/enterprise-portal-domain-restrictions.png) 1. In the text box, enter a domain to add to the allowlist. Click **Add domain**. Add more domains as needed. ## View email history and delivery status {#email-history} To view Enterprise Portal email history and delivery status, do one of the following: * To view email history for a specific customer: In the Vendor Portal, go to **Customer > Enterprise Portal Access > Email History**. * To view email history for all customers: In the Vendor Portal, go to **Enterprise Portal > Customer Access > Email History**. ## Invite users This section describes how to invite users to the Enterprise Portal from the Vendor Portal. Your customers can also invite users to the Enterprise Portal from the Enterprise Portal **Team settings** page. For more information about using the **Team settings** page, see [Manage Team Settings](/vendor/enterprise-portal-use#manage-team-settings) in _Log In To and Use the Enterprise Portal_. :::note You can also configure automatic invitations so that new customers receive an Enterprise Portal invite when you create them. See [Automatically Invite Customers on Creation](#auto-invite). ::: To invite users to the Enterprise Portal: 1. Enable access to the Enterprise Portal for the customer. See [Manage Access to the Enterprise Portal](#manage-ep-access) above. 1. (Optional) Customize the Enterprise Portal invitation email. For more information, see [Configure Invitation and Notification Emails](enterprise-portal-configure#configure-customer-emails) in _Customize the Enterprise Portal_. 1. In the Vendor Portal, go to either **Customers > [Customer Name] > Enterprise Portal access** or **Enterprise Portal > Access**. Then, click **Invite user**. ![invite user button](/images/vendor-portal-enterprise-portal-invite-user.png) [View a larger version of this image](/images/vendor-portal-enterprise-portal-invite-user.png) 1. In the **Invite user** dialog, for **Email**, enter the user's email address. If the dialog includes a **Customer** dropdown, select the name of the customer where the user is associated. ![invite user dialog](/images/enterprise-portal-invite-user-dialog.png) [View a larger version of this image](/images/enterprise-portal-invite-user-dialog.png) 1. Click **Send invite**. ## Delete users To delete users from the Enterprise Portal: 1. In the Vendor Portal, go to **Customers > [Customer Name] > Enterprise Portal access**. 1. In the **Customer users** table, find the target customer and open the dot menu. Click **Delete**. ![Delete user button](/images/enterprise-portal-delete-user.png) [View a larger version of this image](/images/enterprise-portal-delete-user.png) ## Enable SAML authentication (Alpha) {#enable-saml} :::note SAML Authentication to the Enterprise Portal is Alpha and subject to change. To access this feature, a feature flag must be enabled for your team. For more information, reach out to your Replicated account representative. ::: You can enable and disable SAML authentication for the Enterprise Portal on a per customer basis. When SAML authentication is enabled, the customer can set up SAML SSO logins for the Enterprise Portal using their identity provider (IdP). When SAML authentication is disabled, Enterprise Portal users are not able to log in using SAML, even if the customer had already configured SAML for their Enterprise Portal previously. For more information, see [About SAML Logins (Alpha)](enterprise-portal-use#about-saml) in _Log In and Use the Enterprise Portal_. To enable SAML authentication: 1. In the Vendor Portal, go to **Customers** and select the target customer. 1. On the customer's page, go to **Enterprise Portal access**. In the **Authentication** section, enable the **SAML Authentication** toggle. ![Enterprise Portal SAML authentication](/images/enterprise-portal-saml-authentication.png) [View a larger version of this image](/images/enterprise-portal-saml-authentication.png) After you enable SAML authentication, the customer can configure SAML in the Enterprise Portal using their IdP. For more information, see [Configure SAML Authentication (Alpha)](/vendor/enterprise-portal-use#saml) in _Log In and Use the Enterprise Portal_.