User Authentication by Email (Previously Passwordless Authentication)
Zephr includes a feature allowing end-users to register and login to your site, via Zephr, without the need to enter a password.
This process works through the use of email verification – users logging into your site will enter their email address, and an email with an access link is sent. Clicking on this link redirects your users to your website, and logs them in.
The tokens generated for this access link are for single use only. If a user tries to use the link for a second time, they will receive an error and Zephr will not log them in. When configuring this feature, you can also choose how long a token is valid. If a User clicks on the link outside the token validity, they will not be logged in and will need to complete the process again.
Configuring User Authentication by Email
To allow Users to login via email, first head to Settings > Identity Management within your Zephr Admin Console.
Once here, scroll to Authentication, and tick Require Email Verification.
Below, enter the message you want Users to see on screen after they submit their email, then set the Authentication Link Timeout (Hours). This field determines how long a login link will be valid for once sent.
Click Save, then navigate to UI > Forms. Create or edit an existing Registration Form and select Authentication Link By Email under the Authentication settings.
Once this is saved within your Registration Form, add the form to one of your Feature Rules and publish the new version. You users will not be able to Register and Log In without setting a password.
If you choose to turn this off, Users will need to click ‘Reset Password’ the next time they log in, in order to set a password and continue accessing your site.
How do I minimise login issues for users with firewalls?
In some cases, a user’s firewall or email security system will check or open links before a user clicks them. When using Zephr’s user authentication by email, this will mean that the user token has been used by the time your user tries to login.
To minimise this, Zephr has the functionality to change the email verification link to use an interstitial page during the login process. Put simply, this opens a new page in the user’s browser, which the spam filter will check, and then provides the login token following this, which will log the user into the site. This process is seamless and doesn’t alter the user experience.
To use this link, complete the following steps:
- Login to the Admin Console
- Navigate to Settings > Emails
- Under Email Templates, select Passwordless Authentication Email Template
- Replace the current template variable with the variable passwordless-authentication-interstitial (surrounded by double curly bracket) - Note, this will likely be passwordless-authentication-link (surrounded by double curly bracket) by default.
- Click Save.