Multi-tenant portals. Connected to your CRM and ERP. Fully managed.

Gateway gives every customer, partner, dealer, or location their own branded portal — wired into your CRM, ERP, and accounting. Magic-link login, code-defined access rules, tenant-level data isolation. Fully managed by RevenuePoint.

View pricing

Magic-link auth · code-defined rules · tenant-level isolation.

Pick a tenant — see the portal swap.

acme.portal.revenuepoint.com
AC
Acme CorpPortal · Salesforce
A
CaseOpen Cases
+ New
CS-10481Pallet shipment damaged on arrivalNew
CS-10479Wrong SKU shipped on PO 88241In Progress
CS-10472Replacement freight quote neededAwaiting Customer
Showing 3 of 5Active Contacts on Account: Acme Corp

The portal layer most companies are stuck with.

Three traps. One missing layer.

Experience Cloud locks you in.

Every portal you build there is a Salesforce-only object, a Salesforce-only license, and a Salesforce-only roadmap. The day your business needs SAP, NetSuite, or a custom system in the same view, you're looking at a rebuild.

Custom-built portals take months.

A bespoke Next.js portal plus auth plus connector plus permission rules plus theming is a four-to-six-month engineering project. The team that built it isn't the team that maintains it. Twelve months later, the upgrades stop.

Most "multi-tenant" portals share data.

Off-the-shelf portal SaaS markets multi-tenancy at the UI layer while sharing one database underneath. One bug, one misconfigured permission rule, and tenant A sees tenant B's records. The headlines write themselves.

4–6 months

typical custom portal build before launch

$60K+/yr

minimum Experience Cloud license cost at scale

0

portals where shared-DB SaaS keeps tenant A from seeing tenant B

Gateway is the portal layer that fixes all three at once.

Connect. Configure. Launch.

Three layers of a multi-tenant portal.

01

Connect

One pluggable connector model. Salesforce first, SAP next, anything after.

  • Salesforce + SAP connectors ship today; NetSuite, Dynamics, QuickBooks on the roadmap
  • Custom REST/GraphQL adapter for proprietary or vertical SaaS systems
  • Field-level permissions, picklists, and lookups enforced at the connector layer
02

Configure

Tenants, views, and access rules — all defined in TypeScript.

  • One config file per tenant: domain, connection, auth, views, theme
  • Code-defined access rules — server-evaluated, never client-trusted
  • Versioned in Git; deployed like any application
03

Launch

Each tenant on its own subdomain, with its own brand, in days.

  • TLS provisioned automatically; magic-link login from day one
  • Per-tenant theme — logo, primary color, header brand, email templates
  • Audit log on every action; tenant isolation enforced at the edge

Below: each layer of Gateway, up close.

TENANTS

Six portals. One framework.

Pick a tenant. Watch the subdomain change, the connection swap, the access rule rewrite, the brand color follow. Each tenant, isolated by design. Each tenant, branded their way. One Gateway deployment, every tenant on its own everything.

Tenant configuration

  • Subdomain

    acme.portal.revenuepoint.com

  • Connection

    Salesforce

  • Access rule

    Active Contacts on Account: Acme Corp

  • Brand color

    #1A56DB

Access rule (TypeScript)

access: (email) =>
  isActiveContact(email, 'Acme Corp')
acme.portal.revenuepoint.com
AC
Acme CorpPortal · Salesforce
A
CaseOpen Cases
+ New
CS-10481Pallet shipment damaged on arrivalNew
CS-10479Wrong SKU shipped on PO 88241In Progress$4,820
CS-10472Replacement freight quote neededAwaiting Customer$1,140
CS-10465Tier-2 escalation: missed delivery windowEscalated
CS-10458Refund processed; awaiting credit memoResolved$2,300
Showing 5 of 5Active Contacts on Account: Acme Corp

VIEWS

Tables, detail views, forms, dashboards — composable per tenant.

The pages your tenants actually see. Pick a view type to preview it rendered with the active tenant's data.

TABLE

Data Table

Sortable, filterable, paginated views over any connected object — cases, orders, claims, invoices, anything.

  • Sortable columns
  • Server-side filtering
  • Pagination + cursor
  • Status badges
  • Bulk actions (gated)

Sample config

casesTable({
  label: 'Open Cases',
  filter: { Status__c: 'Open' },
  columns: ['CaseNumber', 'Subject', 'Priority', 'LastModifiedDate'],
  actions: ['view', 'comment'],
})

Case

Open Cases

+ New
Case #SubjectStatusAmountUpdated
CS-10481Pallet shipment damaged on arrivalNew12 min ago
CS-10479Wrong SKU shipped on PO 88241In Progress$4,8202 hours ago
CS-10472Replacement freight quote neededAwaiting Customer$1,140Yesterday
CS-10465Tier-2 escalation: missed delivery windowEscalated2 days ago
CS-10458Refund processed; awaiting credit memoResolved$2,3003 days ago

CONNECTIONS

One framework, every system.

Salesforce first. SAP next. Anything after. Pick a connector to see the supported objects, capabilities, and the path data takes through Gateway.

Fig.Gateway request lifecycle — pick a source to trace.

Source

Live trace
§01

Request lifecycle

Total 17.5ms·req_SALESF

  1. Request

    GET /portal/metrics

    jwt · 1.2 KB

  2. Resolver

    tenant=acme

    3.0ms · cache hit

  3. Rules

    2/2 allow

    1.1ms · matched

  4. Salesforce

    Account.read

    9.5ms

  5. Response

    200 OK

    3.9ms · 1 view

§02

Inside Gateway core

Layer · 01

Tenant resolver

Decodes the magic-link JWT into a tenant context. Cached for the session window.

// signed jwt → tenant context

decode(token)

→ tenant: 'acme'

→ role:   'manager'

→ exp:    +14d

Time
3.0ms
Cache
hit
Issuer
SendGrid

Layer · 02

Access rules

Code-defined per tenant. Evaluated server-side on every read and write.

// rule.ts

tenant === 'acme'

 && obj === 'Account'

 && fields.read(['name', 'amount'])

Result
ALLOW
Matched
2/2
Time
1.1ms

Layer · 03

Audit log

Append-only, content-addressed. Every read, every write, every change.

  1. 21:04:18.123session.resolve · tenant=acme · role=manager
  2. 21:04:18.139rules.eval · 2/2 allow · Salesforce:read
  3. 21:04:18.203salesforce.read · Account
  4. 21:04:18.171view.render · metrics · 1 chart · 14 rows
  5. 21:04:18.187response.send · 200 OK · 1.2 KB

Streaming · last 5 events · tenant scope only

§03

Manifest

Auth

OAuth 2.0 / Connected App or Service User

Operations

readcreateupdate

Objects

AccountContactCaseOpportunityOrderCustom Objects

Wired into the systems you already run on

Salesforce
Salesforce Health Cloud
SAP
SAP Business One
NetSuite
QuickBooks
Microsoft Dynamics
Custom REST
GraphQL
Webhooks
SFTP

Need a connector we don't list? Tell us →

AUTH & ACCESS

Magic-link login. Code-defined access rules. Server-side sessions.

No passwords to leak, no admin UI to misconfigure. Tenants only get a link if a code-defined rule says they should — and the link only works once.

Hover to pause · click any step to jump.

Sign in to acme.portal.revenuepoint.com

We'll email you a one-time link. No password required.

CONFIGURATION

Every tenant, defined in one file. Versioned in Git.

No admin console. No click-ops. The tenant config is TypeScript — typed, reviewable in pull requests, deployable like any application.

tenants/acme.ts

One file per tenant. Domain, connection, auth, views, theme — all here, all typed, all in Git. Click a block to see what it does.

tenants/acme.ts
export default defineTenant({
  domain: 'acme.portal.revenuepoint.com',
  connection: salesforce({
    instanceUrl: process.env.ACME_SF_URL,
    auth: { type: 'service-user', secretRef: 'acme/sf-svc' },
  }),
  auth: {
    provider: magicLink({ sendgridKey: process.env.SENDGRID_KEY }),
    access: (email) => isActiveContact(email, 'Acme Corp'),
  },
  views: [
    casesTable({ label: 'Open Cases', filter: { Status__c: 'Open' } }),
    recordDetail({ sobject: 'Case', layout: 'portal-default' }),
    recordForm({ label: 'New Case', sobject: 'Case' }),
  ],
  theme: {
    logo: '/tenants/acme/logo.svg',
    primaryColor: '#1A56DB',
  },
})

Security & Compliance

Tenant isolation at every layer. Audit log on every action.

Gateway is built for companies that have to answer hard security questions about who sees what. Tenant scoping is enforced at the edge, magic-link tokens have short lifetimes, sessions live server-side, and every action — issuance, login, read, write — lands in the audit log.

Tenant isolation

  • Each tenant resolves to its own connection, its own data source, its own access rules
  • Middleware enforces tenant scoping on every request — at the edge, before any handler runs
  • No shared queries between tenants; isolation tested in CI on every change
  • Per-tenant secrets stored separately and resolved by the runtime, never bundled

Magic-link authentication

  • Email-based, password-less login via SendGrid — no password resets to reset, no breaches to disclose
  • Single-use tokens, short TTL (15 minutes default, configurable per tenant)
  • Issuance gated by code-defined access rules — no email gets a link unless the rule passes
  • Rate limiting and abuse detection on the magic-link endpoint

Server-side sessions

  • Sessions live in encrypted, HTTP-only cookies; refreshed server-side on every request
  • Idle and absolute session expiry, both configurable per tenant
  • Session revocation is instant — kill a user from the admin and they're out on the next request
  • No tokens in localStorage, no JWTs floating in the browser

Audit log on every action

  • Magic-link issuances, logins, record reads, record writes — all logged, timestamped, attributed
  • Configurable retention; default 12 months hot, longer cold storage on request
  • Per-tenant export available on demand; SIEM forwarding supported (Splunk, Datadog, etc.)
  • Reversible writes — every change captures the before-state, so rollback is one query

Compliance posture

  • SOC 2 Type II in progress; controls operating since 2026
  • HIPAA-eligible deployment configuration available with BAA
  • GDPR + CCPA workflows: right to access, right to erasure, data portability
  • Annual third-party penetration testing on the Gateway framework + sample tenant

Data residency

  • US (default), EU, and Canada regions; each is a separate deployment
  • No cross-region tenant traffic; each region's configuration is independent
  • Hosted on AWS (Vercel-managed) or directly on AWS for tighter compliance fits
  • BYO-cloud (your AWS account) available for enterprise tenants on request

99.9%

Tenant uptime SLA · per region

<15min

Magic-link TTL · configurable per tenant

12mo

Default audit-log retention · longer on request

0

Cross-tenant data leaks since first deployment

Audit specifics, certification status, and SLAs are confirmed at contract. For tenant-specific security questions, contact [email protected].

The portal layer for companies that outgrew Salesforce Sites.

Most portal options are tied to one CRM, share data underneath, or take six months to build. Gateway is fully managed by RevenuePoint, multi-tenant by design, connects to every CRM and ERP you run on, and ships under flat per-tenant pricing.

CapabilityGatewaySalesforce SitesExperience CloudCustom-builtGeneric SaaS
Multi-tenant by designLimitedVaries
Connects to non-Salesforce systemsLimited
Magic-link auth (no passwords)LimitedVariesVaries
Code-defined access rules
Tenant-level data isolationLimitedLimitedVariesVaries
Per-tenant themingLimitedLimited
Versioned config in Git
Fully managed service
Predictable per-tenant pricingLimitedVaries
Live in 4 weeksVariesVaries

Four-week go-live. Here’s how.

i

Discover

We learn your tenant model, your source systems, your access rules, and the views your tenants need. No scope surprises — we quote based on what's actually there.

ii

Configure

A RevenuePoint engineer writes the tenant configs, wires the connectors, defines the access rules, and themes each tenant. Reviewed with you in pull requests.

iii

Launch

Subdomains live, TLS provisioned, magic-link login enabled. Walk-through with your team. From here, RevenuePoint runs the framework end-to-end.

iv

Evolve

New tenants, new views, new connectors — your single point of contact handles change requests. Monthly reviews; quarterly roadmap conversations.

See Gateway running with your connectors.

Thirty minutes with a RevenuePoint architect. We walk through a working tenant — connected to your CRM and ERP — scope your tenant model, and quote a path to live.