Sign up for a live demo

Small Business CRM
Take Command. Create Demand.

Take Command. Create Demand.

The world's first and only Complete CRM.

Portal Setup Guide 2.4

Instructions for setting up your own private labeled portal.

1. Timeline and Communications

Please use portals@greenrope.com for all communications related to your Portal, as well as any additional questions or comments you may have.

Once you have provided all of the information in Section 2, we will provide you an IP address for your MTA (required for the steps in Section 3) within 2 business days.

After you've been issued and made the changes detailed in Section 3 and Section 4, please notify support@greenrope.com and we will initiate configuration of ISP Relations within 3 business days. This process can take up to 2 weeks to complete, but will only affect delivery of your emails: you'll still be able to use the portal once it is completed.

Once you've completed and sent us the graphics detailed in Section 5, and the Template HTML file from Section 6, we will begin the process of building your Portal. This will be completed within 3 business days of receipt of your graphics files.

Once your Portal is complete, additional steps (Section 6 and up) can be completed at your leisure, although they may impact the full functioning of your portal (i.e., no Authorize.net account means you can't accept payments). Keep in mind that since it can take 2-3 weeks to get your Authorize.net account set up, if you don't currently have one, you will want to get started right away. You will also need a processor, which you can find on the Help page when you log in to your GreenRope account.

2. Agreement and Initial Information

The first step is to negotiate your agreement with GreenRope. Once we negotiate pricing and a development schedule, you will need to provide your domain name, your company's or Portal's display name, and the email address of the primary controlling account.

2.1 Domain Name

The domain name that you intend to use for your Portal must be a top-level domain (not a sub-domain). You must own or control this domain and have access to the DNS settings for it.

2.2 Display Name

What is your Portal going to be called? We recommend the company name, generally, although we'll need to know exactly how it should look as far as spacing and capitalization are concerned.

2.3 Controlling Account

You will need to create an account, and let us know the login email address you used, so that we can configure that as the controlling account for your new Portal. You can use an existing account as well.

This account will get new groups added to it (named after your Portal name), into which prospects and customers get added as they sign up for accounts. This account will have access to the Portal Manager (in Settings -> Account), which allows you to view and change many of the settings within your Portal. Only one group can be the recipient of new signups, but any number of accounts can have access to your Portal Manager.

This controlling account will be moved into your Portal once the Portal is complete.

3. DNS Changes

Your domain's registrar (e.g., GoDaddy.com, Verisign.com, Gandi.net, etc) will have a place where you can modify and update your DNS settings for your domain. You need to set up several specific sub-domains, as well as the wildcard entry, as detailed in 3.1. We recommend you also add DKIM, SPF, and DMARC entries for your MTA as well.

Once you've configured your DNS settings, as well as the steps listed in Part 3, please let us know so that we can start setting up ISP Relations for your domain.

3.1 Main DNS Entries

Please note that our DNS settings have recently changed. We will continue to support the old settings, but these new settings take full advantage of the redundancy and reliability of our load-balancing solution and allow us to implement Disaster Recovery seamlessly for your Portal and any websites within your Portal.

All entries within your DNS, aside from the MTA, consist entirely of CNAME DNS entries. These are like DNS aliases.


3.1.1 MTA

Once you've provided the information outlined in Section 2, we will issue you an IP address that you will configure in your DNS as the 'mta' address. Your MTA is the dedicated IP address that you send emails from (MTA stands for "mail transport agent").

  • Host: mta
  • Type: "A" Record
  • TTL: 300
  • Points To: [provided by portals@greenrope.com]

Even though it's not required by internet standards, we've found that some MTAs don't like mail servers that don't have MX records. It's advised that you create an MX record for the MTA that points to itself. In the details below, please replace DOMAIN with your full top-level domain.

  • Host: mta
  • Type: "MX" Record
  • TTL: 300
  • Priority: 10
  • Points To: mta.DOMAIN


3.1.2 Wildcard

A wildcard DNS entry will direct any sub-domain (like any.mydomain.com) to point to your Portal, which allows the Website Manager to handle calls for your user's websites.

  • Host: *
  • Type: "CNAME" Record
  • TTL: 300
  • Points To: lb.stgi.net


3.1.3 Top-Level DNS Entry

If you host or plan on hosting your top-level website within your Portal Account's Website Manager, you will need a top-level DNS entry, typically denoted with an '@'.

  • Host: @
  • Type: "CNAME" Record
  • TTL: 300
  • Points To: lb.stgi.net


3.1.4 'app' DNS Entry

app.mydomain.com points to the main Portal application.

  • Host: app
  • Type: "CNAME" Record
  • TTL: 300
  • Points To: lb.stgi.net


3.1.5 'r3' DNS Entry

r3.mydomain.com handles email opens.

  • Host: r3
  • Type: "CNAME" Record
  • TTL: 300
  • Points To: lb.stgi.net


3.2 DKIM

DomainKeys Identified eMail (DKIM) identifies a message in transit as being authorized by the sending domain. Like SPF, it is not required, but it increases deliverability to some of the larger ISPs (including AOL, Google, and Yahoo).

If you opt to use DKIM, add the following TXT entry to the "kesp._domainkey" record within your domain, removing any quotes and line-breaks.

  • Host: kesq._domainkey
  • Text:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgiBJzQPyItkH6uzTN+hQzW0/VER4FAImcGB5RwkQo4/9U+w4o+Z7v1pyxq5G+BHG7uDLpu+v65i+bhtZnL8QIO5umFHyepE8SUG6pNp6qjILkCLkz6DhJ0qSsb55ksryOOj+Mcwt89+D5fcHUMlyXJumySJAhL8dXjqlzuPCMIyFG8Dd6yKjVvbZ3KI1qMiiWXOZPQxuFg3eCMJ8Ciycs1EbrlvgOvAc+ynhQqND9ebWSpA04zRfEb9MRmKkxpEduvjDev4eApxFBadVgsh6Gxrm+x0yXOVQNn3s6GsNVP4QY92xd94i6uspSkS36Hc134s9mpsSyu31ESRc7ROiwIDAQAB

If it doesn't allow semi-colons (";") try prefixing them with a backslash ("\;"). This must all be placed in one entry (on one line), with no spaces anywhere between 'p=' and the end of the long crypto string.

GoDaddy, Google Domains, and CloudFlare will do the right thing with the DKIM TXT entry. Unfortunately Network Solutions does not allow keys longer than 255 characters in length, so you will need to continue using the old 'kesp' DKIM until such time that they upgrade their system to support long DNS entries. For the old 'kesp' key, see the Appendix at the end of this document.

Please contact us once DKIM has been configured for your domain so that we can add your domain to the system.

Please contact us if you have problems entering the DKIM TXT record into your DNS.

3.3 SPF

Sender Policy Framework is a system used to detect and deter email spoofing by validating that the email came from identified sender. We recommend all companies that send email use SPF, as you will get better deliverability with it, but it's not a requirement. If you are using SPF, add the following TXT entry to the "mta" record in your DNS, removing any quotes.

  • Host: mta
  • Text: v=spf1 include:_spf.stgi.net ~all


Domain-based Message Authentication, Reporting & Conformance (or DMARC) is a framework allowing the major ISPs to work with email providers to reduce spoofing and phishing. Also optional, but highly recommended. You will need to add the following to the DNS for your domain, replacing the word "DOMAIN" with your domain name.

  • Host: _dmarc
  • Text: v=DMARC1;p=none;pct=100;rua=mailto:rua@mta.DOMAIN;ruf=mailto:ruf@mta.DOMAIN

4. Email

You will need to have several email addresses configured for your domain. This is important since certain default email addresses are used within the system for sending notifications and other alerts.

You will need at least the following configured.

4.1 abuse@DOMAIN

abuse@DOMAIN must forward any email it receives to abuse@mta.DOMAIN, so that our delivery management system can handle informational messages that some ISPs send to the domain. This is critical for the proper functioning of our ISP Relations department when it comes to your domain.

4.2 support@DOMAIN

This is the primary address for system notifications about new users and other activity.

If the nature of your agreement with us includes our support managing the support for your Portal, this must be forwarded to support@greenrope.com. Once this is done, please notify support@greenrope.com so that they can create the appropriate persona for their email in order to communicate with your customers under your branding.

4.3 approvals@DOMAIN

If you want import approvals to route to another address, you can create an approvals@ email, or let us know which email to send those to, otherwise this will default to support@DOMAIN.

4.4 other addresses

You should configure several other addresses, including sales@, info@, and other generic titles within your organization. This is not required, but highly recommended.

5. Graphics

Your Portal will include your company's graphics as part of the UI. The following graphics need to be provided in order for us to begin building the Portal.

  • Top left nav bar - 200px wide max, 65px high, transparent GIF/PNG example
  • Powered By - 200px wide max, 60px high, transparent GIF/PNG example
  • Banner (mostly used in email) - 650px wide (500-650px range), 170px high (100-180px range), GIF/PNG/JPG example
  • Footer Bar - 650px wide (500-650px range), 29px high, GIF/PNG/JPG example
  • Small Logo - 128px wide max, 65px high max, transparent GIF/PNG example
  • Small secure banner - 400px wide max, 100px high max, GIF/PNG/JPG example
  • App Version 2 Logo - 157px wide, 78px high , transparent GIF/PNG example
  • App Compact Navigation Logo - 200px wide, 35px high, transparent GIF/PNG example

6. Website and Template HTML

You may already have a website, or you may want to build your own specifically for this. If you do not have a website, we offer website design as a service.

Once your site is configured, you will want to link to the two pages that are automatically created for each Portal (replace DOMAIN with your domain in these links):

  • http://app.DOMAIN/app2/login.pl
  • http://app.DOMAIN/app2/create_account.pl

For the Login and Account Creation pages to look like they belong to your website, we'll need a template HTML file. If you're building your own site or integrating into an existing site, please provide this template html file. An example can be found here.

7. Sign up for a BlueSnap account for processing payment for usage of your platform

To process payments from the users of your white-labeled software, we need to be able to run credit card charges every month for the usage of the system, and deposit them automatically into your bank account.

We partner with BlueSnap to process and manage transactions. You will need to sign up for a BlueSnap account here: https://home.bluesnap.com/partners/greenrope/

Be sure to provide BlueSnap with the currencies you will be accepting. BlueSnap will coordinate this and your PCI compliance review with you. You will use the BlueSnap API Key and Password and enter it into the View Portal Pricing screen from within your Portal Manager. For every currency you plan to accept, be sure to enter in the price you wish to charge for those services (and match them to cost at least as much as what GreenRope charges in US Dollars).

Deprecated: This requires an Authorize.net account. Most banks offer this and will facilitate creating your account and tying it to your checking account. You will need to sign up for Authorize.net's Customer Information Manager (CIM) service and send us your API Key and Transaction Key. Remember you can get a processor for your Authorize.net account from looking at the Help page in your GreenRope account.

8. Send us website templates (optional)

Using this as a template, you can create any website templates you want available to your users.

9. Move Existing Accounts

If there are additional accounts (for example, testing accounts, additional staff within your organization, etc) that need to be moved over to your new Portal, please send their login email addresses to support@greenrope.com.

Any accounts created via your Portal's create_account.pl page once it is live will already be within your Portal Manager, and do not need to be moved.

10. Additional Portal Manager Accounts

Once your Portal is configured, the account identified in [1.3] will have access to the Portal Manager (if you click on Settings -> Accounts, you will see a new tab). This area allows you to configure many of the settings of your Portal, including pricing, and allow you to review and control the accounts that are created within your Portal.

If there are any additional accounts that need to be given Portal Manager access, please notify support@greenrope.com.

Also, please coordinate with support@greenrope.com to schedule a screen-share in which the Portal Manager can be demoed, and any questions answered.

11. Create Welcome Email

Everyone who signs up through your new Portal will receive a welcome email. You should update the email that gets sent with your own language, design, and branding. You can do this by creating an email within the system's Email page, saving it into your Media Library, and then modifying the App2NewAccountFollowUpEmailURL setting in the Portal Manager with the direct link to the Media Library asset.

You can reach this area of the Portal Manager by hovering over "Settings" and clicking Account. Then, select the "Portal Manager" tab, select your Portal from the drop-down list and hit Update. Then, click the "View Portal Settings" button and the App2NewAccountFollowUpEmailURL setting is there, closer to the bottom of the page.

You can copy the existing one for GreenRope and Teamr, which can be found here.

12. SSL

SSL (Secure Sockets Layer) is a cryptographic protocol that allows for secure communications over the internet. By implementing this for your Portal, we greatly reduce the possibility that someone could penetrate your Portal and access any of your, or your user's, data.

Due to the notable increase in exploits and hacking attempts, the relative ease of these exploits, and the ever-increasing potential business impact of a breach, securing every VAR/Portal is no longer optional.

You have two options: let us manage it for you, or purchase your own, which we'll host.

12.1 Managed

We will provide an SSL Certificate for each VAR/Portal that licenses the GreenRope Application.

The SSL certificate will cover the following domains/sub-domains when hosted on our servers. Note, when linking to other domains for content on your login page, that data will need to be SSL encrypted as well to be displayed properly by modern browsers.

  • DOMAIN.com (the top-level domain)
  • www.DOMAIN.com
  • app.DOMAIN.com
  • r3.DOMAIN.com

Note that we can only issue an SSL certificate for the above if the IP addresses (or CNAME DNS entries) point to our servers.

We now have a system to create SSL certificates dynamically. If you or your users create a custom top-level domain or sub-domain within the Website Builder, an SSL certificate will be created within 24 hours and applied to that sub-domain.

12.2 Purchased

If you would like more sub-domains covered by SSL, you will need to purchase your own wildcard certificate. This would protect any sub-domains that your customers create within the website management portion of our system.

If you need to provide a CSR (Certificate Signing Request), please contact us and provide the following information for your business:

  • Type/Domain (wildcard certificate, or specific only to app.DOMAIN)
  • Country Name (2 letter code)
  • State or Province Name (full name)
  • Locality Name (eg, city)
  • Organization Name (eg, company)

We can then generate your private key and the CSR. You can then upload the CSR to your SSL provider, and they will provide you the SSL Certificate. If you're given a choice as to which bundle to download from your SSL provider, please pick the "Apache" bundle. We'll install the certificate on our load balancers, and you'll be up and running and secure.

If you generate the SSL Certificate with your own CSR, you will have to provide the Private Key to us as well. We recommend sending that securely (encrypt the Private Key with a pass-phrase and provide us the pass-phrase via phone or another secure channel and not via email).

13. Model Account Setup (Optional)

You can create a Model Account, which is used as a template for all new accounts created within your portal. This allows you to create a base configuration for your users, which can ease training and support.

You can configure this by navigating to Settings -> Account -> Portal Manager, and click Update, and then click "View Portal Settings". Halfway down the page you'll find an attribute named NewAccountsFromModelAccountNum. If you set this to the account number of the model account you've created, all new accounts will be created with the model's settings and assets.

The following areas are copied into the new account:

  • Groups and Seasons
  • Custom Object Definitions
  • Invoices
  • Projects
  • Surveys
  • Ticketing
  • Signup Forms
  • Stores
  • Learning
  • Wiki
  • Workflows
  • Journeys
  • User Fields and User Field Triggers
  • Opportunity Phases
  • Lead Scoring
  • Locations

Note that the Model Account is copied as-is at the time of account creation; any changes made to the Model Account will not be reflected in accounts that have already been created.

14. Social Network Connections

As we setup your portal, we will create tokens at each of the three primary Social Networks (Facebook, LinkedIn, and Twitter). In order to do that, we're going to need the following information.

14.1 Facebook

Facebook requires every API token to go through a Login Review. The following is required to start the Login Review process:

  • A logo image. It can be a JPG, GIF or PNG file. The size of the image must be 1024 x 1024 pixels. Maximum file size is 5 MB. The background should be transparent.

  • A short text regarding what your company does. It should be less than 130 characters. An example:

    Small business marketing software providing powerful and easy to use CRM, email marketing, and social media integration.

  • A long text about your company. An example:

    GreenRope's mission is to provide the most Complete and intelligent sales and marketing platform, backed by the best support for maximum ROI and growth. GreenRope is a CRM and marketing automation software aimed at streamlining businesses processes, operations and strategies. Combining sales, marketing, and operations into one single platform, GreenRope makes your life easier by saving you time, money, and helping you successfully organize your business, so you can focus on what you love to do, and we can focus on what we do best, helping you grow.

  • A Privacy Policy and Terms of Service. These are now required, and are considered by Facebook during the App Review process.

14.2 LinkedIn

  • An application logo. "Please provide a secure (HTTPS) URL of your application's logo image, in PNG or JPG format. To avoid distortion,the image should be 80 x 80px."

  • A description. We can re-use one of the texts from your Facebook entry.

14.3 Twitter

  • A short description. We can re-use the short text from your Facebook entry.

14. Additional Services

There are a number of additional and 3rd party services and features that GreenRope offers that can be re-branded for your Portal. These include Outlook, QuickBooks, and WordPress plugins, Social Media audits, and the Mobile App.

These can be purchased at the packages page.

If you'd like private-labeled versions of the videos on the GreenRope website, please contact Chris Luckey cpluckey@gmail.com.



We include the old DKIM settings here for those users on Network Solutions or on another Registrar that uses a DNS system that does not support long text strings.

  • Host: kesp._domainkey
  • Text:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC61RrUNTIcNbf/+f5Co2V37GMvPQdbUVyjgvLXrUKAXeJDwYVumAtE9BovuDZNYxcgG2oy7mkcZX/3rBF2SJX9Cp5yw0axuMpzkuzPQq26h+2+MLuvtJtfDIaHgNeEJOjMeq7s9RFQHRr9g26lkZQTRAob8YevaA9KHiNNyIaZuQIDAQAB;

If it doesn't allow semi-colons (";") try prefixing them with a backslash ("\;"). There must be no spaces or line-breaks in the long crypto string after "p=" and before the ending semi-colon.