Customer Portal
Self-service report portal for customer_viewer users with SSO authentication, compliance posture tracking, and PDF report download.
Overview
SOCaaS customers need a way to access their security reports, compliance status, and operational metrics without requiring full analyst access to the platform. The Customer Portal provides a curated, read-only view tailored to the customer_viewer role. Users authenticate via Azure Government SSO, and the portal surfaces only the data and reports relevant to their organization. This separation ensures that customers can self-serve their reporting needs while maintaining the security boundary between internal SOC operations and external stakeholders.
What Was Proposed
- Dedicated customer-facing portal with simplified navigation
- SSO-first authentication with Azure Government Cloud
- Role-based access restricted to customer_viewer permissions
- Quick stats dashboard: open incidents, alerts, compliance score, MTTR
- Recent reports list with PDF download capability
- Compliance posture visualization across multiple frameworks
- Searchable report archive with type filtering
What's Built Complete
- Welcome banner with personalized greeting, tenant name, SSO Verified and MFA badges
- 4 quick stats cards: Open Incidents, Alerts This Month, Compliance Score, MTTR
- Recent Reports panel (2-column layout) with report type, period, generation date, and PDF download button
- Compliance Posture sidebar with progress bars for NIST 800-171, CMMC Level 2, FedRAMP Moderate, HIPAA
- Full Report Archive table with search, type filter, status badges, and per-row PDF download
- SSO login prompt for unauthenticated users with "Sign in with Azure Government" CTA
- Auth context integration: reads user name, tenant, SSO session, MFA status
- Mock fallback data for demo when API is unavailable
- Report types: Executive Monthly, SLA Performance, Compliance Status, Detection Coverage
Architecture
Role-Based Access Control
The Customer Portal page checks the auth context for the customer_viewer role. Users with this role see a simplified sidebar (controlled by the layout component) and are restricted to the permissions defined in the SSO service: can_view_reports, can_download_reports, can_view_compliance, can_access_customer_portal, and can_view_dashboard. The API enforces these restrictions on the backend via JWT claims.
Authentication Flow:
Unauthenticated -> SSO Login Prompt -> Azure Gov Cloud -> /auth/callback
-> JWT issued with role=customer_viewer -> Customer Portal loads
Permission Matrix (customer_viewer):
can_view_reports: true
can_download_reports: true
can_view_compliance: true
can_access_customer_portal: true
can_view_dashboard: true
can_generate_reports: false
can_share_reports: false
can_view_incidents: false
can_manage_incidents: false
can_manage_users: false
can_manage_settings: falseRouting
Prerequisites
- SSO authentication via Azure Government Cloud Entra ID
- User must have
customer_viewerrole (auto-assigned for external tenant SSO users) - Reports API must be available for live data (falls back to mock data)
Data Model
Dashboard Data
| Field | Type | Description |
|---|---|---|
| tenant_id | string | Customer's tenant identifier |
| user_role | string | Always "customer_viewer" |
| auth_method | string | "sso" |
| quick_stats | object | total_reports, reports_this_month, open_incidents, alerts_this_month, compliance_score, mttr_hours |
| recent_reports | array | List of ReportItem objects |
| report_counts_by_type | dict | Count per report type |
| compliance_summary | dict | Framework name -> {score, status} |
Report Item
| Field | Type | Description |
|---|---|---|
| id | string | Report identifier |
| report_type | string | executive_monthly | sla_performance | compliance_status | detection_coverage |
| period_start | ISO 8601 | Report period start |
| period_end | ISO 8601 | Report period end |
| generated_at | ISO 8601 | When report was generated |
| status | string | completed | generating |
UI Description
Unauthenticated State
Centered layout with shield icon, "Customer Report Portal" heading, description text, and an orange "Sign in with Azure Government" button that redirects to the SSO login endpoint.
Welcome Banner
A full-width orange gradient banner showing "Welcome, {name}" and the tenant name. Right side shows "SSO Verified" and "MFA" badges when applicable.
Quick Stats
Four cards in a row: Open Incidents (orange alert icon), Alerts This Month (bar chart icon), Compliance Score (shield icon, percentage), MTTR (clock icon, hours).
Reports + Compliance (3-column grid)
Left 2 columns: Recent Reports list with clickable rows, each showing report type icon, name, period range, generation date, and download button. Right column: Compliance Posture card with framework names, percentage scores, and color-coded progress bars (green >=90%, orange >=75%, red below).
Report Archive
Full-width table with search input and type filter dropdown. Columns: Report (with icon), Period, Generated, Status (badge), Actions (PDF download button). Empty state shows "No reports found."
Source Files
| Component | Path |
|---|---|
| Frontend Page | platform/frontend/src/app/customer-portal/page.tsx |
| Auth Context | platform/frontend/src/contexts/auth-context.tsx |
| SSO Service | platform/api/app/services/sso_service.py |