Validate Email ID or Phone Number for Returning Candidates
There's an extra layer of security for returning candidates who sign in using either an unverified phone number or email address by having them verify their identity using verified information. This extra security applies to any place a candidate logs in, such as application flows, talent communities, events, and candidate self service.
For example, let's say that a candidate begins an application flow using an unverified email address. They must first complete a PIN challenge. Next, they're asked to verify that they're the legitimate owner of the candidate profile associated with that email address by correctly identifying the verified phone number associated with the profile.
NOTE: We recommend that you also enable the feature that verifies date of birth and allows email claim. This helps ensure that genuine candidates can proceed through the phone validation screen by creating a new profile, even when using an email address previously used by another (potentially malicious) candidate. See Steps to Enable for instructions.
Verify Phone Number
If they enter the correct phone number, their unverified email address would be marked as verified and they're allowed to proceed with the application using that profile. If they don't enter the correct phone number, they're allowed to proceed as a new candidate, and basic info is prepopulated with the phone number and email address they provided on the verification screen. If this candidate submits an application, they are treated as a new candidate with email verified, phone unverified.
Similarly, if a candidate begins an application flow with an unverified phone number, they're asked to verify the email address.
Verify Email Address
If they enter the correct email address, their unverified phone number would be marked as verified and they're allowed to proceed with the application using that profile. If they don't enter the correct email address, they're allowed to proceed as a new candidate, and basic info is prepopulated with the phone number and email address they provided on the verification screen. If this candidate submits an application, they're treated as a new candidate with phone verified, email address unverified.
This feature lets candidates validate their identity by providing the verified information. This prevents a bad actor from being able to access a candidate's real personal information in the profile.
Steps to Enable
To also enable the "verify date of birth and allow email claim" feature, follow these steps.
- In the Setup and Maintenance work area, go to:
- Offering: Recruiting and Candidate Experience
- Functional Area: Recruiting and Candidate Experience Management
- Task: Enterprise Recruiting and Candidate Experience Information
- Expand the Candidate Experience section and click Edit.
- Select the option Verify date of birth and allow email claim.
- Apply the validation to:
- Ex Workers - includes ex-employees and ex-contingent workers
- All Candidates - includes ex-workers, contingent workers as external candidates, external candidates
Tips And Considerations
If the system identifies a candidate as having recently logged in via a stored cookie, then this challenge might not be presented to them.