Verification methods in the WebApp (administrator)

Introduction

The administrator can configure the verification methods for each recipient in the Verification methods window. These settings apply to the entire organization.

In this guide, you can find information about the available verification methods and how to configure them.

SMS code

In the SMS code section, you can enable or disable the options below.

Info
The mobile phone number will automatically be saved in the user’s personal contact list after sending the message. After the recipient successfully verifies their identity, the mobile phone number will also be saved in the organization contacts list.
The data from these lists can only be used if the corresponding verification method is enabled.

  • SMS to new number: If enabled, users can set a new mobile phone number as a verification method for a recipient in the conversation. This is useful if the recipient does not have a mobile phone number saved in their contact details.
    Info
    For conversation starters, this option is always enabled.
    Note

    If you only enable SMS to new number, these are the consequences:

    • Users must enter a mobile phone number for every new conversation with each recipient.
  • SMS to a personal contact: If enabled, users can select a mobile phone number from their personal contacts list as a verification method for a recipient in the conversation. This is useful if the recipient has a mobile phone number saved in their personal contacts.
  • SMS to an organization contact: If enabled, users can select a mobile phone number from the organization contacts list as a verification method for a recipient in the conversation. This is useful if the recipient has a mobile phone number saved in the organization contacts.

Access code

In the Access code section, you can enable or disable the following options:

  • New access code: If enabled, users can set a new access code as a verification method for a recipient in the conversation. This is useful if the recipient does not have an access code saved in their contact details.
    Note
    The new access code will automatically be saved in the user’s personal contact list after sending the message. The access code can only be reused if the Access code to personal contact setting is enabled. If this setting is not enabled, the user must enter the access code again for each new conversation with the same recipient.
  • Access code to personal contact: If enabled, users can select an access code from their personal contact list as a verification method for a recipient in the conversation. This is useful if the recipient has an access code saved in their personal contacts.
  • Access code to organization contact: If enabled, users can select an access code from the organization contact list as a verification method for a recipient in the conversation. This is useful if the recipient has an access code saved in the organization contacts.
  • Users can add access codes to organization contact list: If enabled, users can add an access code to the organization contact list if no organization access code exists yet. This is useful if the recipient does not yet have an access code saved in their contact details.
    Info
    This option is only available if the Access code to organization contact option is enabled, to prevent users from adding an access code to the organization contact list without having the option to use this organization access code.

Verification email

In the Verification email section, you can enable or disable the following options:

  • Verification email: If enabled, users can send a verification email to the recipient. This is useful if the sender doesn’t have a mobile phone number and cannot share an access code with the recipient.
  • Automatically fall back to verification email: If enabled, the verification email is sent automatically when the sender does not have a mobile phone number or access code for the recipient. The user can still select another verification method if available.

Our best practice is to set up the verification methods as follows:

SMS code

For the SMS code, we recommend enabling the settings SMS to new number and SMS to an organization contact.
The setting SMS to a personal contact should be disabled.

Access code

For the Access code, we recommend enabling the settings Access code to organization contact and Users can add access codes to organization contact list.
The settings New access code and Access code to personal contact should be disabled.

Verification email

For the Verification email, we recommend enabling both Verification email and Automatically fall back to verification email.

Trusted device authentication for recipients

In the Trusted device authentication for recipients section, you can enable or disable the following option:

  • Recipients can stay authenticated on their device: If enabled, recipients can stay authenticated on their devices. This means they do not have to verify their identity every time they access a conversation on the same device. This is useful for recipients who frequently access conversations on the same device, but it may pose a security risk if the device is shared, not secure, or lost.

When the recipient selects the option to stay authenticated, they will receive a confirmation email. This email contains a link to remove the device from the list of trusted devices. The recipient can also remove the device from the list of trusted devices by opening a received Zivver message on that device, clicking the button in the top right corner of the message, and confirming the logout by clicking the button in the confirmation dialog.

Organization contacts

You can add the organization contacts manually or with a CSV file import. The list will also be automatically populated with contacts if the SMS to new number and/or Users can add access codes to organization contact list setting is enabled and a user adds a new mobile phone number or access code to the organization contacts list.

Info
Zivver users have two separate contact lists: a personal contacts list and an organization contacts list. The latter is shared with all users in the same organization or organizational unit.

For more information about verification methods, refer to Recipient verification methods.