Client Email Verification

From WHMCS Documentation

Revision as of 19:07, 7 March 2016 by Cole (talk | contribs)

Email Verification is an optional feature which allows admins to request that users confirm their email addresses on signup or change of email address. This adds a layer of security when manually accepting client orders, as well as ensuring that correct information is provided. To enable email verification, navigate to Setup >> General Settings >> Security tab. Tick the Email Verification checkbox and save the changes. Enable email verification in general settings

When viewing the Client Profile page, a warning banner displays notifying admins if that specific client has an unverified email address on file. By clicking the Resend Verification Email button, a new verification email is sent to the client, which contains a link that is valid for 24 hours and invalidates the previous link. No banner will display after the client has verified their email address.

Client profile verification banner

A similar banner displays on the Manage Orders page, with the same option to resend the verification email, advising the admin when the email address on file has not been verified.

Manage orders client verification status

A badge will also display alongside the client's email address throughout the admin backend denoting whether the client's email address is verified or not.

Unverified email badge
Verified email badge

The client will be able to log into their account associated with the unverified email address, however, a banner reminding them to take action will display, as well as the Resend Verification Email button. No functionality is limited in the client area for clients with an unverified email address.

Email verification banner on client side

Clicking the Resend Verification Email button sends an email with a link that is valid for 24 hours. If the link is followed after the 24 hour window or if the button is clicked (which invalidates the previous link), then an error will display when the client tries to log in, but they will be allowed to generate and send a new email once they authenticate.

Expired verification key warning
Expired verification key banner

Upon the client following the link sent in the verification email, the client will be required to log into the client area. Even if the client is already logged in, they will be required to re-authenticate. Once logged in, the client will see a success message on the first page.

Verified email successfully

In the admin area, the email verification banner will no longer be present and a Verified badge will display alongside the client's email address.

Verified email in client profile view

Changing of the email address, whether via the admin interface or in the client area will cause the email verification banner and Unverified badge to re-appear.

Email Verification is a useful optional feature which assists admins in judging whether to manually accept an order and encourages correct information from clients. While no functionality is limited in the client area for clients with unverified email addresses, the verification email's link is masked when viewing email history in the client area. The link is not masked when viewing the email from the admin area.