A one-time signed URL in an email that signs the customer in to their ticket or portal without a password.
Magic links remove sign-up friction at the worst possible moment. See magic-link support portals.
How it works
When a customer needs to reach their ticket or portal, the system emails them a one-time URL containing a signed, time-limited token. Clicking it proves they control that inbox — the same trust you'd get from a password reset — and signs them in. The token is single-use and expires, so an old link in an inbox is worthless to anyone who finds it later.
Why it matters
People contact support when something is already going wrong. Forcing them to create an account, choose a password, and verify an email at that exact moment is friction at the worst possible time, and it pushes them back to plain email instead of the portal where context lives. Magic links keep the bar low: prove you own the address, and you're in. They also sidestep a whole class of password problems — nothing to forget, reuse, or leak.
Security notes
- Keep expiry short so a forwarded or intercepted link doesn't stay useful.
- Make each token single-use, and bind it to the specific ticket or portal it was issued for.
- Remember the threat model is access to the customer's own data, not your agents' workspace — staff should still authenticate through your normal role-based login.
An e-commerce store can email an order-status link that drops the shopper straight onto their ticket — no account, no password — while internal agents reach the same conversation through the staff portal with full role checks.
How Cherryrise handles it
Cherryrise uses passwordless magic links for the white-label customer portal, so customers reach their tickets without an account while agents sign in through role-based access. See help center for the self-service side of the same portal.