Switching to SMS account confirmation

Currently am using email for users to verify their account, which is going thru SparkPost some users just never get the verification email.

I am in the planning stages to convert to an SMS-based notification system. Is there play-by-play advice on how to convert this over?

The user currently enters their account number, a phone number on their account, and an email address they will also need to provide another number that is a number that accepts SMS messages. The registration script check that their account and phone are valid and then it should send of the notification with a pin code that will show up on their mobile device.

They will need a verification page that has a field to enter the code in order to enable the account for access. (currently, this is handled thru a link in the email)

I assume this processs is part of the SMS service api that they are getting the confirmation to acccept sms messages - haven’t looked too far in.

Can I fall back if needed to eamil verification?

Guideance would be most appreciated.

Also too may wish to have a process that a person in the office can enter a phone number click a button send off some PIN and URL to the site they can go to the url and simply enter a PIN to gain access to their account?

(staff doesn’t have access to the helper file.)

I might be making quite a few assumptions in my response, please feel free to correct me…

To do this using the BetterForms built-in user validation system, you’d just need to modify the onAuthNotifier script which sends the email. Under the branch for "verifySignup" you can gather the data you need about which user is requesting the verification link and then just call your routine for sending SMS notifications instead of your routine for sending emails. If you do it this way, you’ll be able to text them a link to click to verify their phone number, and thus it would work in nearly the exact same way that the email verification does. This makes it easy to switch to email verification if you need that as a fallback.

I might be wrong depending on your business use-case, but verifying a user’s phone number is different than verifying a user’s email address. Typically you do this verification to make sure that they didn’t have any kind of typos, so you probably want to verify both a user’s email and their phone number, not simply verify the user using either method. Remember that account verification is not required for a user to use BetterForms—that’s a business rule that you must choose to enforce if it makes sense for your app.

To build the kind of workflow that you describe where a PIN code gets texted to your phone and they enter it on a webpage, that workflow would involve these steps:

  1. User requests a code from the browser (possibly by submitting the registration form with a valid phone number)
  2. A hook script runs in FileMaker to generate the PIN code and save it to the database. Then text the user with this code.
  3. At the end of the hook script, use a BF_Action to redirect the user to a new page that prompts them the enter the PIN code.
  4. Upon submitting that page, run another hook script in FileMaker that verifies that the PIN code entered matches the one stored in the database and either mark their account verified or show an error back to the user.

Your comment about staff not having access to the helper file confuses me though, because access to the helper file is intended to be restricted and isn’t needed for any of this to work. However, you may need to establish a one-to-one relationship between the users table in your legacy FM system and the users table in the helper file if you are attempting to relate any information about the BetterForms user account with your legacy system.

Thinks for your reply, I think I get it.

In the wild I have seen sites do this both ways a PIN and or just a link to verify, Not sure which is better. A pin is certainly more moving parts.

If users started registration on a computer they would get a link texted to their mobile they would click the link it would open the mobile browser and validate their account then they would need to refresh the browser so they can proceed to log in on their computer.

If the computer says" Check phone for message and click it then press continue below,"
Then they don’t need to refresh, the continue button carries on with the rest of the workflow.

Also you can use a URL shortener for texts messages if you want.