OTP Verification - Mobile | Zoho Forms - User Guide

Setting up OTP Verification via SMS

When you configure SMS OTP verification, respondents who access your form via public links will be required to enter their mobile number to receive a One-Time Password and verify it before they can access the form.
To configure mobile OTP verification,
  1. In your form builder, navigate to  Settings > Spam Control.
  2. Click OTP Verification and click  Configure Now.

    Click Configure Now


  3. In the pop-up, select SMS.
    Click SMS


  4. In the OTP configuration, select the SMS Gateway. The list of all the SMS Gateway connections you have created will be listed here. If you have not created a connection yet, click +Add a new connection to create one.
  5. You can change the default OTP message to be sent to the respondents' mobile as required.

    SMS Gateway


    OTP Expiry Settings

  6. OTP expiration time:  Set the time within which a respondent is required to enter the OTP verification code in minutes. Select the 'Set the same expiration time for OTP session' checkbox to apply the same time limit to the OTP session on the verification page.
  7. Number of OTP resend requests allowed:  You can set the number of times a respondent can opt to resend the OTP code to their phone.

  8. Show OTP resend option after: You can set the time interval after which the resend OTP option has to be displayed for the respondents to request for new OTP code.
  9. OTP validated form expiry: Choose whether you would like to set up expiry for an OTP validated form. Upon checking Yes, you'll be able to configure the expiration time limit and the message displayed when the form link expires. 
    Learn more about OTP Expiry Settings.

    OTP Expiry Settings

  10. Map OTP Verification Field: You can pre-fill a phone field in the form with the verified mobile number by selecting the required form field from the 
    dropdown.
    Info
    Make sure to include Country Code in the the Phone field Properties in your form builder.



    You can choose to use the prefilled value of the selected field for OTP verification by selecting the checkbox as shown above. The value can be prefilled from integrated sources like CRM/ Dynamic prefill from Webhooks/ Field Alias/ Static Prefill URLs.
    Note :
    • The following properties configured for the selected Phone field will be applied to the phone number entered by the respondent for verification:
      • Field Format
      • Allowed Country codes
      • Default Country code
      • Input Range
      • Allow only numbers validation
      • No Duplicates validation
      • Phone input confirmation

    • If you want to restrict your respondent from editing the pre-filled Phone field in the live form, select the Disable Field option under Phone field Properties.  

    • If the phone field is pre-filled through an integrated service or Field Alias, it cannot be modified on the OTP page. The OTP will be sent exclusively to this pre-filled value.

  11. Instructions & Consent: You can configure Instructions and Consent Declaration for your form respondents in the OTP verification page as well. 
    Instructions & Consent
  12. You can upload your logo to display it on the OTP verification page for consistent branding. To add a logo, click the Choose Image option in the Logo section and select your logo file.
    Supported File Formats: PNGJPGJPEGGIFBMP 
    Upload Logo
  13. To add an extra layer of security and prevent spam entries, you can include a Zoho Forms CAPTCHA under Spam Control and evaluate if it is a human or a bot that is filling your form. Learn more

  14. Click Save.
You can check the OTP method, Phone Number, OTP Verification Status, and  the number of times OTPs have been re-sent for each submitted entry in the All Entries section of your form under the OTP Verification Details column.
Note:
  1. Make sure there is sufficient balance in your chosen SMS gateway service to send OTPs; else, the form access may be restricted to your respondents.
  2. The option to configure OTP Verification is available only in our paid plans.
  3. If you have changed the ownership of your form, the configuration for mobile OTP Verification may not work as intended. The new owner must reconfigure the OTP Verification via mobile for the form with an authorized SMS Gateway service.

Info
Plan wise limit for the maximum number of forms that can have OTP configuration:
Basic - 25
Standard - 100
Professional - 200
Premium - 200
Express - 200
Zoho One Enterprise - 200
Zoho One Enterprise Trial - 3

OTP Audit for Non-submitted Records

You can check the status of OTP delivery in your SMS gateway service when:
  1. OTPs were not received
  2. Form entries were not submitted after the OTP was received.
To do this, 
  1. Click the OTP Audit: Non-submitted Records in the top-right corner of the OTP Configuration - SMS page.
  2. Here, you will find the SMS Gateway used, Id , Time of OTP Generation for each phone number entered in the OTP verification page.
  3. Copy the Id from here and use the same in the SMS Gateway service used to check the OTP delivery status.
    Copy the Id
Under the  Verification Status  column, you will find if the OTP has been verified, and a link to the OTP-Verified form if the OTP was verified but the form was not submitted.

Verified form link

Check out the FAQ on how to access an OTP Verification enabled form with the same phone number when the field is mapped to a form field with the No Duplicate property.
Notes Note : Only records from the last 30 days will be listed under OTP Audit: Non-submitted Records .
Info
You can change the default live form OTP messages under the Settings  tab > Custom Messages.
If you choose to translate your form into different languages, the OTP verification messages displayed on accessing the form link will also be translated into the respective languages.