Authenticated Forms

Enhance form security by optionally restricting form access to just members of your organization. With the ability to configure authentication settings for both public links and workflow links, you can ensure the identity of workflow participants and create a custom experience for every form user.

Step 1: Invite organization members

Quick Tip

Organizations on the Pro, Team, and Enterprise plans can add additional users. Your account must have Owner or Administrator permissions to invite new users.

Organization members are users that 1) have a Cognito Forms account and 2) have access to your Cognito Forms organization. Before you invite a new user, you must set the user’s permission level. If you want to grant the user access to authenticated public links/workflow links without allowing them to build forms or manage entries, we recommend setting their permission to Limited Access.

Once you invite a user, all they have to do is look out for the email and accept the invitation. If you shared an authenticated workflow link with someone before they accepted their invitation, no need to worry – they can access the form as soon as they become a member of your organization.

chrome_fH65Dlwawg.png

Step 2: Enable authentication

When you create a new form, authentication is not required by default. To update the authentication settings on your form:

To enable authentication for public links:

chrome_OWjRbHEZLL.png

  1. Open your organization’s Dashboard and select the form you want to update.
  2. Select Workflow at the top of the Build page.
  3. Select Public Links from the Workflow menu and set Require Authentication to Always.
  4. Make sure to save your form.

Now, only members of your organization can access the public form. And if they’re not logged in to their Cognito Forms account, they’ll be prompted to do so.

If your form is embedded on another webpage, please note that requiring authentication for public links will replace the embedded form with an ‘Open Form’ link.

chrome_9bqPgvFawU.png

Save & Resume

The authentication settings for public links also apply to Save & Resume links. When you require authentication for public links, the email address in the Save & Resume dialog is automatically populated with the user’s email address. In order to access their Save & Resume link, the user must be logged in to their Cognito Forms account.

chrome_ru4dQ5ezNO.png

Similar to public links, you can require authentication for workflow links to ensure the identity of workflow participants and prevent unauthorized form access.

To enable authentication for workflow links:

chrome_uk97hcL4sb.png

  1. Open your organization’s Dashboard and select the form you want to update.
  2. Select Workflow at the top of the Build page.
  3. Select Workflow Link Sharing from the Workflow menu and set Require Authentication to Always. Or, select For Roles to only require authentication for specific roles in your workflow.
  4. Make sure to save your form.

Now, in order to access workflow links, users must be logged in to the Cognito Forms account associated with that particular workflow link. And if they’re not logged in to the correct account, they’ll be prompted to do so.

Additionally, when you use the Share Entry option on the Entries page, you cannot share workflow links with users outside of your organization.

chrome_OFYBUUVxDe.png

Step 3: Test authentication

Once you’ve enabled authentication for public links and/or workflow links, you can open the form preview to see how the form will appear to organization members. The form preview is especially useful when you’re prepopulating fields with a member’s information (like name and email).

To see how the form appears to users outside of your organization, simply log out of your Cognito Forms account and open the public form or workflow link. Alternatively, open the public form or workflow link in a private/incognito browser window. (Ex: Chrome, Microsoft Edge, Firefox, Safari on Mac, Safari on iPhone)

chrome_dUYtC5q8Cb.png

You can reference values like name and email in calculations to create a seamless experience for workflow participants.

  • Entry.User.Name – Displays the name (first and last) associated with the user’s account.
  • Entry.User.Email – Displays the email address associated with the user’s account. The email address can be a unique identifier in cases where users share the same name.

Creating authenticated workflows

Only allow organization members to access the form

  1. Select Workflow at the top of the Build page.
  2. Select Public Links from the Workflow menu.
  3. Set Require Authentication to Always.
    chrome_fB80JK8tdZ.png

Require authentication for all workflow participants

  1. Select Workflow at the top of the Build page.
  2. Select Workflow Link Sharing from the Workflow menu.
  3. Set Require Authentication to Always.
    chrome_D1G5IqfAzr.png

When you require authentication for workflow links, users must be logged in to the Cognito Forms account associated with that particular workflow link in order to access the form.

Require authentication for specific workflow roles

  1. Select Workflow at the top of the Build page.
  2. Select Workflow Link Sharing from the Workflow menu.
  3. Set Require Authentication to For Roles and select the relevant roles.
    chrome_4JkkpYB4WT.png

Show user-specific details when authenticated users access the form

Organizations on the Team and Enterprise plans have the ability to create data lookups.

In some cases, you may want to prepopulate certain values (like name and email) for authenticated users. Using the Lookup field, you can pull information from one form (ex: an employee database) to another form (ex: an expense report form).

  1. Select Workflow at the top of the Build page.

  2. Select Public Links from the Workflow menu.

  3. Set Require Authentication to Always.

  4. Add a Lookup field to the form. In this case, we’re looking up information from list of employees.
    chrome_73UIi6OaPg.png

  5. Set Include and Default Choices to only include entries where the email address value from the Employees database form matches the authenticated user’s email address (Entry.User.Email).
    chrome_KUqiNKW4Mt.png

  6. Set the Read-Only option for the Lookup field to Always.
    chrome_1zpmMJwOAj.png