Hi All,
I'd like to setup an email validation process which sends an email to the respondents email account with a random code that they then enter in to verify their email address (and be sure that they've entered in the correct email address). Has anyone done this and have an example in how best to do the verification part? For our respondents this would be better than just doing a validation check.
Thanks
Rod Pestell
Rod_Pestell
We did something similar and I hope this helps you.
We concatenated a respondents first3 digits of social security number and date of birth and last 2 digits of their mobile number and used as external data reference. We then included an authenticator on email and this ext data ref which when entered correctly they will be allowed to take survey.
They were instructed over email the combination of password.
The approach you suggested would be difficult as you would need that exact same number within Qualtrics system as well what has gone out to verify the person. Hence, a combination would be advisable.
Hope this helps!
Hi Deepak,
Thanks for the suggestion. I've not looked into an authenticator - would that be more secure than using a validation technique that could refer to an embedded field containing a random number generated in the survey flow? Would the embedded field be visible unencrypted to the end user on their PC?
I've only used an authenticator with a mailing list (contact) so not sure how you would do that if you were to create a random number in the survey flow. I guess you'd need to save a random number to a new field in their contact details but.... the problem is that this is an anonymous form and we don't record their details in a directory / mailing list. The details they provide is used to create a ticket as this is a form used to raise a complaint by any person.
Another issue I'm aware of is that the email trigger task doesn't like sending an email to the same person twice within 24 hours. I've tried to get round that by amending the subject text manually (which works) but you can't do that programatically (ie using a piped text string of say a timestamp) at present as Qualtrics systems do a duplicate check before the the piped texted is parsed it seems (I raised a ticket with them about this but not heard anything back from them on this at the moment).
Thanks
Rod Pestell
Rod_Pestell
would that be more secure than using a validation technique that could refer to an embedded field containing a random number generated in the survey flow?
- Yes, it will be more secure because it is a Qualtrics OOTB feature if you had the details in the directory. The approach you are suggesting would not work either as the random number generated would have to be known to the end user and in survey flow prior to filling the survey, if I understand the use-case correctly here. But, since this is an anonymous form the authenticator also would not work. I would like to ask how are you sending the link to someone to register complaint and if you have their email address then why not include it in directory and use authenticator against an additional field. If you have included that link/QR on a website then it would be difficult.
Hence, I would like to suggest an approach of Querying the URL something like this:
Anonymouslink?Ra=${rand://int/9999:100000}
And include this variable in this case Ra as embedded field (keep value empty) and below the block just include branch logic if Ra is equal to what the user entered. Make sure to uncheck allow respondents to finish later from survey options as random number changes once refreshed.
You would not be able to share the code over email, hence you will have to customize and show it as single page text/graphic question your one time code is: ${e://Field/Ra}
Would the embedded field be visible unencrypted to the end user on their PC?
- Unsure as to how one would include 2-factor authentication here.
Regarding the email task you can include piped text like (${date://CurrentTime/MS}) and you would not have to worry about emails getting duplicated.
Hope this helps!
HI Deepak
Yes I'm afraid it's a link on a website that the user would click on to begin filling in and raise a complaint. The creation of a random number sounds feasible via the URL route but I'm assuming it could easily be done in the survey flow also? If you're saying you can't do this in the survey flow, I'm not sure I understand why?
If the user provides an email address, I'd like to send an email to this address (whilst they are still filling in the form) with the one time code (ie the random number generated earlier on). The user then receives this email and confirms the code and enters is into a text box. This is then validated but it's this validation I think I still need guidance on to ensure it doesn't become visible to the end user. Can you provide a little more guidance on that?
We won't have a directory or mailing list to refer to at the time as it's an anonymous link. However and with reference to keeping things in the cloud instead of on the user's desktop, one thought i had is I could save the user details temporarily in a list once they've entered their details (ResponseID, email, name, random code) which could then be used to trigger an email with a verification link inside it. If they click on the link then (somehow) that data set could record that they've verified the email and then are free to move on. That all sounds fiddly but it could be a way to verify their email. Is there a simpler method, am I re-inventing the wheel?!
Re the time stamp in the email body / subject. I have tried this for the email task specifically and it doesn't work for me. This trick seems to work fine for normal survey distributions / automations but it doesn't work for the email task. Have you been more successful in this case? Perhaps I need to go back and test again.
Thanks
Rod Pestell
Rod_Pestell
The creation of a random number sounds feasible via the URL route but I'm assuming it could easily be done in the survey flow also? If you're saying you can't do this in the survey flow, I'm not sure I understand why?
- Yes, it can be done within the survey flow as well.
If the user provides an email address, I'd like to send an email to this address (whilst they are still filling in the form) with the one time code (ie the random number generated earlier on). The user then receives this email and confirms the code and enters is into a text box. This is then validated but it's this validation I think I still need guidance on to ensure it doesn't become visible to the end user. Can you provide a little more guidance on that?
- You can create 2 surveys and redirect them to the second survey when they enter the email address and within the first survey create workflow to send them a random number and pass this number via a encrypted embedded data along with anonymous link in the second survey via a query parameter. The respondent will receive the email and you will be able to validate the respondent as well.
Re the time stamp in the email body / subject. I have tried this for the email task specifically and it doesn't work for me. This trick seems to work fine for normal survey distributions / automations but it doesn't work for the email task. Have you been more successful in this case?
- I believe it works as I have used it, if at all it doesn't you can pass the random number generated in the subject as well which would make it unique each time.
Hope it helps!
Hi Deepak,
Thanks for the reply. Do I really need a second survey? The person would need to return back to the original survey in order to complete the rest of the survey. I'm also not sure how I would tell the first survey that the code / email address has been verified.
Also when you say "encrypted embedded data", I presume you mean 'encoded' as I've just read up about Base64 and it's not for encrypting, just encoding / transforming data so that eg it can be put in a URL address. My trouble is I don't really understand why you'd need to encode it.
So after a little more thought, I've written down a better breakdown of what I think the validation process would be. But do please put forward a more detailed description of using the two survey approach as perhaps I've misunderstood your idea.
Below is my idea but I'm stuck on step 3 as I'm not sure if the email trigger will work half way through a survey or whether it has to wait until the survey is completed (which then scuppers my whole method!!)
1) Survey flow: create random number
2) Person enters email address in one of the questions (this is half way through the survey (complaint form)).
3) On submitting the email question, check if email address already exists in a contact list through an authenticator. If the email address isn't found, trigger an email task and include the code in the email body. Then record the code and email address in a temporary contact list using a web service (i don't know how to do these steps at present).
4) Person checks email and enters code in the following question
5)Authenticator refers to contact list and using the email address checks that the code they've entered matches the code in the contact list for that email.
Contacts will last for eg. 28 days and then are removed (again not sure how you do this).
Thanks
Rod Pestell
Rod_Pestell
Your step 3 can be done but would require at least 2 API's
- Use the mailing list id to create a contact in mailing list and set contact id in embedded data (https://api.qualtrics.com/fc43c25b3f3c3-create-contact-in-mailing-list)
- Use this contact id to send an email distribution use message text instead of ID and you can use random numbers embedded data piped in it. (https://api.qualtrics.com/573e3f0a94888-create-distribution)
- Add the block of One time password question after these API.
To do the deletion you can run the delete contact API after the survey is submitted on a workflow using the contact ID you recorded on the first API call. The calculation of 28 days is complex as scheduled workflow will allow you to run it on a frequency-basis.
Hope it helps!
Hi Deepak,
That sounds like a plan. I had a little play with the JSON trigger (using a webservice task from within the survey flow but then realised that you do need to do a raw API call as you suggest, as I need the contact ID in the response from the API called to then be able to refer to the contact in the authenticator part. However, the send email distribution is a sticking point. It would be great to just use a send email task instead of having to have a fake survey but it looks like it would be hard to deliver a well formatted message template. So I could use two webservices in the survey flow. One to setup the contact (and return the contact ID) and then the second webservice to use that info and pass it to a JSON trigger event.. That way I could then have a visual workflow to send the email out with the code to the user.
Hope that sounds ok
Thanks for the advice and talking it through with me. I'll come back with results once I've go it working.
Rod Pestell
Leave a Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.