OTP Verification - Email | Zoho Forms - User Guide

Setting up OTP Verification via Email

When you configure Email OTP verification, respondents who access your form via public links will be required to enter their email address to receive a One-Time Password and verify it before they can access the form.
OTP Received via email

To configure Email OTP verification,

  1. In your form builder, navigate to Settings > Spam Control.

  2. Click OTP Verification and click Configure Now.

    Click Configure Now

  3. In the pop-up, select Email.
    Click Email


  4. Select the From address. If you wish to display a From Name while sending emails, click Add From Name.
    Notes
    Note : If you select notifications@zohoforms.com to be the From address, then the form admin's email address will be set as From Name by default and this cannot be modified.

  5. You can change the default email Subject and the OTP message to be sent in the email as required. You can also include the link to the OTP Verification page where the respondent is required to enter the received OTP in the email message by clicking the   icon. If the respondent has entered the OTP, then the link in the email will redirect to the form and not to the OTP Verification page.

    Email OTP configuration

    OTP Expiry Settings

  6. OTP expiration time:  Set the time within which a respondent is required to enter the OTP verification code. Select the 'Set the same expiration time for OTP session' checkbox to apply the same time limit to the OTP session on the verification page.
  7. Number of OTP resend requests allowed:  You can set the number of times a respondent can opt to resend the OTP code to their email.
  8. Show OTP resend option after: You can set the time interval after which the resend OTP option has to be displayed for the respondents to request for new OTP code.
  9. OTP validated form expiry: Choose whether you would like to set up expiry for an OTP validated form. Upon checking Yes, you'll be able to configure the expiration time limit and the message displayed when the form link expires. 
    Learn more about OTP Expiry Settings.

    OTP Expiry Settings

  10. Map OTP Verification Field: 
    You can pre-fill an email field in the form with the verified email address by selecting the required form field from the dropdown. 


    Map OTP Verification field

    You can choose to use the prefilled value of the selected field for OTP verification by selecting the checkbox as shown above. The value can be prefilled from integrated sources like CRM/ Dynamic prefill from Webhooks/ Field Alias/ Static Prefill URLs.
    Notes

    Note :

    • The following properties configured for the selected Email field  will be applied to the email address entered by the respondent for verification:

      • Domain Validation

      • Character Limit

      • No Duplicates Validation

      • Email input confirmation 

    • If you want to restrict your respondent from editing the pre-filled Email field in the live form, select the Disable Field option under Email field Properties.   

    • If the email field is pre-filled through an integrated service or Field Alias, it cannot be modified on the OTP page. The OTP will be sent exclusively to this pre-filled value.

  11. Instructions & Consent: You can configure Instructions and Consent Declaration for your form respondents in the OTP verification page as well. 
    Instructions & Consent
  12. You can upload your logo to display it on the OTP verification page for consistent branding. To add a logo, click the Choose Image option in the Logo section and select your logo file.
    Supported File Formats: PNG, JPG, JPEG, GIF, BMP 
    Upload Logo

  13. To add an extra layer of security and prevent spam entries, you can include a Zoho Forms CAPTCHA under Spam Control and evaluate if it is a human or a bot that is filling your form. Learn more  
    CAPTCHA
  14. Click Save.
You can check the OTP method, Email, and  the number of times OTPs have been re-sent for each submitted entry (Retry Count) in the All Entries section of your form under the  OTP Verification Details  column.
Info
Plan wise limit for the maximum number of forms that can have OTP configuration:
Basic - 25
Standard - 100
Professional - 200
Premium - 200
Express - 200
Zoho One Enterprise - 200
Zoho One Enterprise Trial - 3

OTP Audit for Non-submitted Records

This lists the following cases:
  1. OTPs were not received
  2. Form entries were not submitted after the OTP was received.
To do this, 
  1. Click the  OTP Audit: Non-submitted Records  in the top-right corner of the OTP Configuration - Email page.

    OTP Audit of non-submitted records

  2. Here, you will find the number of times the respondent has retried receiving OTP under the Audit Info column.
  3. Under the Verification Status  column, you will find if the OTP has been verified and a link to the OTP-Verified form if the OTP was verified but the form was not submitted.

    Verification Status column
Check out the FAQ on how to access an OTP Verification enabled form with the same email address when the field is mapped to a form field with the No Duplicate  property.
Notes Note : Only records from the last 30 days will be listed under OTP Audit: Non-submitted Records.

Info You can change the default live form OTP messages under Settings tab > Custom Messages.
If you choose to translate your form into different languages, the OTP verification messages displayed on accessing the form link will also be translated into the respective languages.

Notes

Note The option to configure OTP Verification is available only in our paid plans.