Glad you asked!
We call these 'Portal Users' and they are available on the customer detail screen.
Table of Contents
Overview
Portal User Permission Groups
Adding a Portal User
Enabling MFA
Overview
They are meant to work with contacts, so you can add contacts, then assign them portal user groups with different permissions.
Here are some technical details:
- If a customer has no portal users, they will be able to use their secure token login link that is on by default and linked to from the customer detail screen in the app
- If there is at least one portal user, the secure login link will no longer be enough, they will be redirected to also use their username/password combination
- If there is a portal user and no contacts, once they login, they should see what they had before - everything by default
- If there is a portal user assigned to a contact, they whatever default portal permission is set at Admin > Customers > Portal permissions
- If you as a technician log into a customers portal account, it doesn't log you out for a long time, if you then click a link to another customers portal that does not have portal users, instead of just 'being logged into it' the system will detect your prior login, and have to log you out of that session - end result, if you log in and out of a lot of portal accounts, some you'll have to click the link twice
Portal User Permission Groups
Portal user permission groups will allow you to set permission levels on what can be accessed and viewed within the customer portal. Then you can give your customers and contacts access to their portal based on these permission groups and choose what they can and cannot view.
To set these up head to Admin > Customers > Portal User Permission Groups:
From here you can edit an existing Permission Group or add a new one. You can select which permission group you would like to be the default group that is automatically applied to new portal users. To edit an existing group, select the icon next to the group and hit 'edit'. 
Here you can choose what permissions you want each portal user in that permission group to have access to in their customer portal.
Once the Portal User Permission Groups have been set up, they can now be applied to your customers and contacts.
Adding a Portal User
Here is a screenshot tour:
1. You can find the Contacts on the customer detail screen under the "Contacts" tab:
2. You can see the Portal Users by scrolling down the main customer detail page until you find the "Portal Users" box. Click the + and you'll get a new one:
3. Click the down arrow to expand the change password section and assign the portal permission group for that customer or contact
4. Add contacts, then (refresh the page) and you can assign them to portal users
5. Then you'll find on your portal login, a new link for the password option
(available at YOUR_URL/my_profile)
6. Feel free to just put a link to your login page in your email templates - or linked from your website
Enabling MFA for a Portal User
You can enable multi-factor authentication (MFA) for any newly created or existing portal user.
To enable MFA select the dropdown arrow under the Portal Users section on the customer's detail page. Then select the checkbox next to 'Require MFA For This User' and save by selecting 'Update Portal User': 
Customers will then be prompted to set up MFA the next time they log in to the customer portal.
You can disable MFA by unchecking the box above and updating the portal user. Please note you will need to require MFA for each individual portal user added.