Skip to content

Client & party access control

Athenty exposes your work to external people through a small, deliberate set of rails. This page is the single reference for who can access what, the three controls that grant and revoke that access, and — most importantly — exactly what is torn down when you disable a party or close a matter.

There are two external-access rails:

  • Client portal — a client contact signs in by email one-time-password (OTP) and sees only the matters they are explicitly granted. Access is scoped per-matter, not per-organization.
  • Participant / KYC portal — the lightweight rail an external party uses to complete identity verification (IDV) and KYC for a matter.

External parties also receive two kinds of one-off links that do not require a portal login:

  • Document share links — a link to a single document.
  • E-signature signing links — a link for a named signer to sign one envelope.

Everything below describes how those four surfaces are scoped, how long they last, and how they are revoked.

SurfaceWho gets itScopeDefault expiryHow it’s revokedCascades from
Client portal sessionA client contact on a matterMatter-scoped24h session TTLGlobal disable, per-matter access off, or matter closeGlobal disable + per-matter toggle + matter close
Document share linkAny recipientA single document7 days (hard cap 60)Revoked individually, or by cascadeGlobal disable + per-matter access off + matter close
E-signature signing linkA named signerOne envelope30 days (hard cap 60)Revoked per-signer, by whole-envelope cancel, or matter closeGlobal disable + per-matter access off + matter close

There are exactly three places to grant or revoke external access. Higher controls cascade down to lower ones.

Settings ▸ Client Portal Users. Toggling a party off here turns them off org-wide — across every matter and both rails at once. This is the break-glass control for “this person should no longer be able to reach anything we hold.”

Matter ▸ Participants tab. Grant or revoke a single client on a single matter. This is the everyday control: it does not touch the party’s access on any other matter.

Closing a matter tears down all portal access for that matter. Closing can be hard (immediate teardown) or grace (teardown after a grace window, with an emailed removal date so the party knows when access ends).

Revocation cascade — “if I disable X, what dies”

Section titled “Revocation cascade — “if I disable X, what dies””

This is the table to read before disabling anyone. Each control revokes a different blast radius.

ControlPortal sessionsDocument share linksE-sign signing linksSigned documents
Global disableALL the party’s sessions, both railsALL their share links, org-wideALL their unsigned signing links, org-wideUntouched — signed PDFs are historical and are not deleted
Per-matter access OFFThat party’s sessions on that matterThat matter’s share links for that recipientThat party’s unsigned signing links on that matter only (other signers unaffected)Untouched
Matter closePortal access removed (hard = immediate, grace = after the window)All the matter’s share links revokedAll the matter’s pending envelopes expiredUntouched

When a higher control revokes a share or signing link, the individual control reflects it. In Matter ▸ Drive ▸ Sharing the affected share shows a Revoked badge and its action becomes a greyed, locked button — you cannot turn it back on while the parent restriction holds. Hover the lock to see why it was revoked (for example, “Revoked — participant disabled for this matter”). The same applies to a signer’s signing-access control on the envelope detail page.

Lifting the parent restriction un-greys the control back to its prior state — it does not silently re-grant access. After you re-enable a party (per-matter or org-wide), you still re-share the document or re-add the signer explicitly. This keeps re-granting a deliberate act, never an accident of toggling a parent setting off and on.

Revocation does not rely on catching every active session. Every validated request re-checks the party’s disabled / removed state live. If a session was somehow missed at revocation time, the party is denied on their very next request — there is no window where a stale token keeps working after the underlying access has been pulled.

Expiry windows live in two places, by surface. Document share links are configured under Settings ▸ Matters ▸ Document Sharing; e-signature envelopes under Settings ▸ Envelopes ▸ Envelope Settings. Each setting has a sensible default and a hard ceiling that cannot be exceeded.

SettingWhereDefaultHard capNotes
Document share default expiryMatters ▸ Document Sharing7 days60 daysApplied to new share links
E-signature default signing-link expiryEnvelopes ▸ Envelope Settings30 days60 daysApplied to new envelopes
Signed-document re-download windowEnvelopes ▸ Envelope Settings7 daysAfter this window, re-download requires a staff re-share
Portal session TTL24hFixed — not configurable

Staff can revoke a single signer’s signing link without canceling the whole envelope. This is the right tool when one party on a multi-signer envelope is disabled or removed but the remaining signers should keep going — their links stay valid and the envelope continues collecting signatures.

Canceling the whole envelope (the bulk Cancel action on the Envelopes list) revokes access for every recipient at once.

Every access change emits a named audit action so the full revocation history is reconstructable. The actions you will see:

ActionEmitted when
CLIENT_PORTAL_USER_DISABLEDA party is turned off org-wide (global disable)
CLIENT_PORTAL_USER_ENABLEDA party is re-enabled org-wide
CLIENT_PORTAL_ACCESS_REVOKEDPer-matter access is turned off for a party
CLIENT_PORTAL_ACCESS_GRANTEDPer-matter access is turned on for a party
envelope.signer_revokedA single signer’s signing link is revoked
envelope.expiredAn envelope passes its expiry window (incl. matter-close expiry)
document share revoked disclosure eventsA document share link is revoked, individually or by cascade
matter.portal_access.closedMatter close tears down portal access for the matter
  • Participants — the cross-matter directory of every external party
  • Envelopes — e-signature envelope list, with per-signer and whole-envelope cancel
  • Settings ▸ Client Portal Users — the global enable/disable kill-switch
  • Matters — the per-matter Participants tab is where per-matter access is toggled