Difference between revisions of "Client Email Verification"

From WHMCS Documentation
 
(16 intermediate revisions by 7 users not shown)
Line 1: Line 1:
'''Email Verification''' is an optional feature which allows admins to request that users confirm their email addresses on signup or change of email address.  This adds a layer of security when manually accepting client orders, as well as ensuring that correct information is provided.  To enable email verification, navigate to ''Setup >> General Settings >> Security tab''.  Tick the '''Email Verification''' checkbox and save the changes. [[File:Enable_email_verification.png|Enable email verification in general settings]]
+
'''Email Verification''' checks to ensure that the email address a client registers with is valid and their own. When a user or admin creates a new client account or changes a client's email address, the system sends an email asking the user to confirm that they intended to register or make the change to the email address.
 
When viewing the '''Client Profile''' page, a warning banner displays notifying admins if that specific client has an unverified email address on file.  By clicking the '''Resend Verification Email''' button, a new verification email is sent to the client, which contains a link that is valid for 24 hours and invalidates the previous link.  No banner will display after the client has verified their email address.  
 
  
[[File:Client_profile_verification_banner.png|thumb|Client profile verification banner]]
+
This helps protect against signups using incorrectly-typed and unauthorized email addresses. It can also act as part of order review and fraud screening procedures.
  
A similar banner displays on the Manage Orders page, with the same option to resend the verification email, advising the admin when the email address on file has not been verified.
+
==Enabling Email Verification==
  
[[File:Manage_orders_verification_banner.png|thumb|Manage orders client verification status]]
+
You can enable email verification in the '''[[Security Tab|Security]]''' tab at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > General Settings''' or, prior to WHMCS 8.0, '''Setup > General Settings'''. 
 
A badge will also display alongside the client's email address throughout the admin backend denoting whether the client's email address is verified or not.
 
  
[[File:Unverified_badge.png|thumb|Unverified email badge]] [[File:Verified_badge.png|thumb|Verified email badge]]
+
<div class="docs-alert-info">
+
Enabling '''Email Verification''' will not send an email verification request to any existing users automatically. Their accounts will display as unverified and continue to operate unaffected.
The client will be able to log into their account associated with the unverified email address, however, a banner reminding them to take action will display, as well as the '''Resend Verification Email''' button. No functionality is limited in the client area for clients with an unverified email address.
+
</div>
  
[[File:Client_verification_banner.png|thumb|Email verification banner on client side]]
+
==Default Behaviour==
 
Clicking the '''Resend Verification Email''' button sends an email with a link that is valid for 24 hours.  If the link is followed after the 24 hour window or if the button is clicked (which invalidates the previous link), then an error will display when the client tries to log in, but they will be allowed to generate and send a new email once they authenticate.
 
  
[[File:Expired_verification_warning.png|thumb|Expired verification key warning]][[File:Expired_verification_banner.png|thumb|Expired verification key banner]]
+
WHMCS sends email verification notices when the following events occur:
 
Upon the client following the link sent in the verification email, the client will be required to log into the client area.  Even if the client is already logged in, they will be required to re-authenticate.  Once logged in, the client will see a success message on the first page.
 
  
[[File:Verified_banner.png|thumb|Verified email successfully]]
+
* A new user completes registration.
 +
* An existing user's email address changes.
  
In the admin area, the email verification banner will no longer be present and a Verified badge will display alongside the client's email address.  
+
<div class="docs-alert-info">
 +
To help reduce the number of emails new clients are sent after signing up, the client will not receive the separate ''Welcome'' email when '''Email Verification''' is enabled.
 +
</div>
  
[[File:Verified_client_profile.png|thumb|Verified email in client profile view]]
+
User access is not restricted to the client area, services, or support resources prior to email verification completion. This is to allow the user to access the services and support resources they have paid for.
  
Changing of the email address, whether via the admin interface or in the client area will cause the email verification banner and Unverified badge to re-appear.
+
After the user follows the link in the verification email, the user must log in to the client area to complete the verification process. Once they successfully authenticate, a success message will display on the next page.
  
'''Email Verification''' is a useful optional feature which assists admins in judging whether to manually accept an order and encourages correct information from clients. While no functionality is limited in the client area for clients with unverified email addresses, the verification email's link is masked when viewing email history in the client area.  The link is not masked when viewing the email from the admin area.
+
In the admin area, the email verification banner will no longer display.
 +
 
 +
==The Validation Link==
 +
 
 +
The validation link in each verification email is valid for 60 minutes for WHMCS 8.0 and higher or, prior to WHMCS 8.0, 24 hours. If the link expires, the user can request a new verification email by logging in to the Client Area.
 +
 
 +
Users who have not verified their email address will see the option to resend the verification email in the banner notice in the Client Area.
 +
 
 +
Admins can view the client's email verification status from the '''[[Clients:Summary Tab|Summary]]''' tab in the client's profile and a banner will also display when viewing orders from that account. A badge will also display alongside the user's email address, denoting whether the email address is verified.
 +
 
 +
Clicking '''Resend Verification Email''' sends an email with a new link in a new verification email.

Latest revision as of 19:10, 19 April 2022

Email Verification checks to ensure that the email address a client registers with is valid and their own. When a user or admin creates a new client account or changes a client's email address, the system sends an email asking the user to confirm that they intended to register or make the change to the email address.

This helps protect against signups using incorrectly-typed and unauthorized email addresses. It can also act as part of order review and fraud screening procedures.

Enabling Email Verification

You can enable email verification in the Security tab at Configuration () > System Settings > General Settings or, prior to WHMCS 8.0, Setup > General Settings.

Enabling Email Verification will not send an email verification request to any existing users automatically. Their accounts will display as unverified and continue to operate unaffected.

Default Behaviour

WHMCS sends email verification notices when the following events occur:

  • A new user completes registration.
  • An existing user's email address changes.

To help reduce the number of emails new clients are sent after signing up, the client will not receive the separate Welcome email when Email Verification is enabled.

User access is not restricted to the client area, services, or support resources prior to email verification completion. This is to allow the user to access the services and support resources they have paid for.

After the user follows the link in the verification email, the user must log in to the client area to complete the verification process. Once they successfully authenticate, a success message will display on the next page.

In the admin area, the email verification banner will no longer display.

The Validation Link

The validation link in each verification email is valid for 60 minutes for WHMCS 8.0 and higher or, prior to WHMCS 8.0, 24 hours. If the link expires, the user can request a new verification email by logging in to the Client Area.

Users who have not verified their email address will see the option to resend the verification email in the banner notice in the Client Area.

Admins can view the client's email verification status from the Summary tab in the client's profile and a banner will also display when viewing orders from that account. A badge will also display alongside the user's email address, denoting whether the email address is verified.

Clicking Resend Verification Email sends an email with a new link in a new verification email.

Retrieved from "http://3.17.75.209/index.php?title=Client_Email_Verification&oldid=32150"