Secured Magic Link & 2FA Settings – SARA

📌 Overview

Sage AR Automation (SARA) allows you to securely share portal access using Magic Links and enforce additional protection using 2‑Factor Authentication (2FA).

With these settings, you can control:

⏳ How long a portal link remains active
🔁 How many times it can be used
🔐 When 2FA is required

Important Note: The security settings described below will apply uniformly to portal links generated through manual, automated (Credit Class), and paperless processes once they have been configured.

⚙️Set Up Access Security Settings

Navigate to:
Site Options → Options → Customer Portal

➡️ Shows:

Guest Link Expire Days
Guest Link Number of Clicks
Tooltip icons next to each field

⏳ Step 1: Configure Link Expiry (Days)

🔁 Step 2: Configure Link Usage (Clicks)

🛡️ Default Secure Settings

For all new Magic Links:

Expiry = 1 day
Clicks = 1 use

These defaults:

Reduce the risk of link misuse
Ensure controlled, one-time access

Secure settings are applied by default to minimise risk and ensure safe access.

Note: These defaults apply only to new accounts. Existing customer settings remain unchanged and continue to reflect the configurations defined by account administrators.

It is recommended to use these default settings to ensure secure operation of portal links.

⚠️ Important Behaviour

If a link exceeds:
- Configured days, or
- Allowed clicks
  → The link becomes invalid
The link will expire based on whichever limit is reached first—number of clicks or expiry days.
- If the click limit is set to 1, the link will expire after one use, regardless of the number of days configured.
- If the days limit is set to 1, the link will expire after one day, regardless of the number of clicks set
Users will see an error and must request a new link

🔐 Set Up 2‑Factor Authentication (2FA)

Site Options → Security → 2 Factor Security

Step 1 Enable 2FA For

Screenshot

Description

Select which users must complete 2FA:

None – 2FA disabled
Credit/Inquiry Users – 2FA enforced for credit or inquiry users only
Portal Users – 2FA enforced for portal users only
All Users – 2FA enforced for all users

Step 2 2FA Expiration

Screenshot

Description

Defines how often users must complete 2FA again.

Never – Remembers verification on the browser until cache is cleared
Always – Requires 2FA on every login (highest security)
30 / 60 / 90 Days – Skips 2FA for the selected duration

🔐 Default 2‑Factor Authentication (2FA)

✅ 2FA is enabled for Portal Users
✅ 2FA is required on every login (Always)

2FA Settings are applied by default to minimise risk and ensure safe access for Portal Users.

Note: These defaults apply only to new accounts. Existing customer settings remain unchanged and continue to reflect the configurations defined by account administrators.

It is recommended to use these default settings to ensure secure operation of portal links.

🔑 Permissions

Only Admin users can modify settings
Support users cannot change security and 2 Factor Authentication configurations
All actions are logged and auditable

🎯 Summary

Setting	Description
Expiry (Days)	Controls how long the link stays active
Clicks	Controls number of uses
2FA Scope	Defines who must verify
2FA Expiry	Defines how often verification is required

❓ Frequently Asked Questions

Access Security Settings

▶️ What happens if I leave the expiry days field blank?

The link will not expire based on time and remains active until manually invalidated.

▶️ What happens if I leave the number of clicks blank?

The link can be used an unlimited number of times.

▶️ What happens when I enter values for days or clicks?

The link expires based on whichever limit is reached first — days or clicks.

▶️ What if I set clicks to 1 but days to a higher value?

The link will expire after one use, even if more days are configured.

▶️ Can I set both limits together?

Yes. Both apply, and the link expires when the first condition is met.

▶️ What are the default secure settings?

By default, new Magic Links are set to:

1 day expiry
1 click usage

▶️ Can I override default settings?

Yes. You can change the values, but you may be asked to confirm your selection, as it reduces security.

▶️ What happens when a link expires?

The link becomes invalid
Users cannot access the portal
A new link must be generated

🔐 2‑Factor Authentication (2FA)

▶️ What is 2FA?

2FA adds an additional layer of security by requiring a second verification step during login.

▶️ Who can I enable 2FA for?

None – Disabled
Credit/Inquiry Users – Applied to credit/inquiry users only
Portal Users – Applied to all portal users (recommended)
All Users – Applied to all users

▶️ What is the default 2FA setting?

Enabled for Portal Users
Required on every login (Always)

▶️ What does 2FA expiration control?

It defines how often users must complete 2FA verification.

▶️ What does “Never” mean?

2FA is remembered in the browser and will not be requested again unless browser cache is cleared.

▶️ What does “Always” mean?

Users must complete 2FA every time they log in (highest security).

▶️ What do 30, 60, or 90 days mean?

Users can skip 2FA for the selected duration after a successful verification.

▶️ Which 2FA setting should I choose?

Always → Maximum security
30–90 days → Balanced usability
Never → Minimal friction (use with caution)

🔑 Permissions & Security Controls

▶️ Who can modify these settings?

Only Admin users can update Magic Link and 2FA settings.

▶️ Are changes to settings tracked?

Yes. All changes are logged and auditable, including user actions and updates.

▶️ Why am I asked to confirm changes?

To ensure you understand the impact when overriding secure default settings.