Skip to main content
The Client Portal gives your clients a dedicated, secure interface to view evidence requests, upload files, and communicate with assessors — without needing a full Kliper account. Clients authenticate via magic link (passwordless email), so there are no credentials to manage.

Inviting a Client

Assessors invite clients to the portal from the Evidence Requests tab on any assessment or from the Engagement Hub client detail page.
1

Open the Invite Dialog

Click the Invite Client button in the Evidence Requests panel. The invite dialog appears.
2

Enter Client Details

Fill in the required fields:
FieldDescription
EmailThe client’s email address (required)
NameFull name of the contact person
CompanyCompany name — auto-filled and read-only when inviting from within a client engagement
Job TitleRole at the company (e.g., Security Engineer, IT Manager)
When inviting from a client engagement page, the Company field is pre-filled with the client’s name and cannot be changed.
3

Send the Invitation

Click Send Invite. The client receives an email with a magic link to access the portal. The invite appears in the Invited Clients section below the invite form.

Managing Invites

Active invites are listed with the client’s name, email, job title, company, invite date, and last access time. You can:
  • Revoke an invite to immediately remove the client’s portal access
  • Copy Portal URL to share the login link manually

Client Authentication

The Client Portal uses magic link authentication — no passwords required.
1

Enter Email

The client visits the portal login page and enters their email address.
2

Click the Magic Link

A one-time login link is sent to their email. Clicking the link authenticates the client and redirects to the portal dashboard.
3

Session Persistence

The session persists across browser refreshes. If the session expires, the client re-enters their email to receive a new magic link.
Magic links expire after a short period and can only be used once. If a link has expired, the client should request a new one from the login page.

Portal Dashboard

After authentication, the client sees a dashboard summarizing their evidence request status across all assessments they have been invited to.

Summary Cards

Four cards at the top provide an at-a-glance overview:
CardDescription
Total RequestsNumber of evidence requests assigned to the client
OpenRequests that still need attention
AcceptedRequests the assessor has approved
Changes RequestedRequests that need revisions
A progress bar shows overall completion percentage (accepted / total).

Assessment List

Each assessment the client has been invited to appears as a card showing:
  • Assessment name, type, and organization
  • Per-assessment request counts (open, submitted, accepted, changes requested)
  • Invitation date
Click an assessment card to view its evidence requests.

Evidence Requests List

The requests page shows all evidence requests for a specific assessment in a sortable, filterable table.

Table Columns

ColumnDescription
Req #PCI DSS requirement number (e.g., 1.2.1)
TitleEvidence request title
PriorityColor-coded badge (Critical, High, Medium, Low)
StatusCurrent workflow status (Open, Submitted, Under Review, Changes Requested, Accepted, Waived)
Due DateDeadline with overdue highlighting
FilesNumber of uploaded files

Filtering and Sorting

  • Status filter — filter requests by status using the filter dropdown
  • Sort by requirement — click the sort button to cycle through default order, ascending by requirement number (1.1 → 12.10), or descending. Uses natural numeric sorting so 1.10 comes after 1.9

Request Detail Page

Clicking a request opens the detail page where the client can:

View Request Details

  • Full description of what evidence is needed
  • Priority level and due date
  • Requirement number and tags
  • Assessor’s reviewer notes (if any)

Upload Evidence Files

Clients have three ways to attach evidence to a request:
1

Select Files

Click the upload area or drag and drop files. Multiple files can be uploaded at once.
2

Upload

Files are uploaded with a progress indicator. Once complete, they appear in the files list below.
3

Submit for Review

After uploading all required files, click Submit to mark the request as submitted. The assessor is notified that evidence is ready for review.

Managing Uploaded Files

  • Clients can delete any unsubmitted file on their request — not just files they uploaded themselves. This helps when multiple client-side contributors upload to the same request.
  • Files render inline where possible:
    • PDF — preview via blob URL (works cross-origin with the portal domain)
    • CSV/spreadsheets — rendered as a formatted table with column headers
    • Images — inline preview
    • Other file types — downloadable with a file icon

Messaging

A built-in messaging thread allows the client and assessor to communicate about the specific request:
  • View messages from the assessor with timestamps
  • Send replies with context about the uploaded evidence
  • Messages are scoped to the individual request
Use the messaging thread to ask clarifying questions about what evidence is needed rather than uploading incorrect files.

Dark Mode Support

The Client Portal fully supports dark mode, matching the user’s system preference. All pages — login, verification, dashboard, request list, and request detail — use semantic color tokens for consistent appearance in both light and dark themes. The theme can be toggled via the theme switch in the portal navigation bar.

Mobile Responsive

The full portal works on mobile screens. Specifically:
  • Tables collapse to stacked cards on the requests list so each request remains fully readable without horizontal scrolling
  • Action bars move to overflow menus on narrow viewports to keep primary content visible
  • Touch targets meet accessibility minimums for tap precision
  • Messaging and file upload flows work the same on mobile and desktop — drag-and-drop still works on touch devices that support it
Clients can submit evidence end-to-end from a phone without needing a desktop session.