Validating user actions during submission is an essential safeguard against errors, especially when dealing with sensitive activities or processes. With this in mind, we came up with the notion of validating records submission in generic and public apps (Embed & Guest) with an OTP. This helps organizations retain security during vital transactions.
This mechanism ensures that only authenticated users can access or submit forms, helping organizations protect vital transactions.
This validation now applies only to the process's initial step (first workflow step). There are two aspects that an app creator needs to keep in mind when enabling OTP verification.
Note
The OTP validation works for both generic and public apps. However, the configuration varies slightly, as listed below.
For generic apps, enabling the Validate using the OTP property for the first workflow step-action button will do the job.
For public apps, along with enabling the Validate using OTP property for the first workflow step-action button.
- App creators must navigate to App Settings → Accessibility → Validate Submission → OTP Validation.
¶ OTP Validation Modes and Options
The OTP configuration panel allows Citizen Developers (CDs) to customize when the OTP verification should take place and how it is delivered to users.
¶ Timing Options
CDs can choose one of the following trigger points for the OTP check:
- Before Form Load: Users must complete OTP verification before they can access the application or form.
- On Submission: OTP is required only when users submit the form, ensuring data authenticity at the point of entry.
- Both Before Form Load and On Submission: Users are required to verify both before accessing the form and at the time of submission. This option provides the highest level of security.
¶ Validation Method Options
CDs can select the preferred channel(s) for OTP delivery:
- Mobile Number OTP Validation: Sends the OTP to the user's registered mobile number.
- Email ID OTP Validation: Sends the OTP to the user’s email address.
- Mobile & Email with Different OTP Validations: Users must independently validate both their mobile number and email address using separate OTPs.
Note
When Before Form Load is selected, users will be required to complete OTP verification even before accessing the application. This ensures an added layer of security and user authentication.