Email and SMS for Candidate Identity Verification and Communication

You can use email and SMS to verify candidate identity and as a communication channel throughout the selection process.

By default, the candidate email address is used for identity verification and communication. When SMS communication is enabled, candidates can confirm their identity and receive communication using their email address or phone number.

The communication channel (email or SMS) used by candidates for their first authentication on the career site is automatically marked as their preferred communication channel, and that's where the recruiting related communication will be sent by default. Candidates can manage their communication preferences on the candidate self service page and in the application flow, but they always need to have at least one channel marked as preferred. If the SMS feature isn’t enabled, the checkbox to change the communication preference isn't displayed to candidates, so email is used as the communication channel.

Note: The phone number provided by candidates must be able to receive SMS. Otherwise, candidates won't be able to confirm their identity.

Here are examples of when email and phone number are used:

Verify the identity of new candidates and confirm that talent community sign up (through email) and job applications (through email or phone number) were made by the candidate who has that email or phone number.
Verify the identity of returning candidates to reuse data they provided in previous job applications.
Verify the identity of returning candidates when they access their candidate self service dashboard on career sites.
Verify the identity of returning candidates when they schedule interviews, provide more information, or view and accept job offers.
Verify if the email belongs to current employees. If so, redirect the employee to the company's internal career site.
Communicate with candidates during the selection process. When new external candidates apply for a job, they will receive communication by email or SMS depending on whether they used email or phone number to confirm their identity at the beginning of the application process. After that, candidates can change their communication preference to receive communications by email, SMS, or both when needed.

All candidates using an email or phone number are authenticated using a 6-digit verification code. Let's say for example that a candidate uses an email to apply for a job. The candidate will receive an email with a 6-digit code to confirm their job application. Similarly, the candidate will receive an SMS with a 6-digit code if applying for a job using a phone number. Candidates are locked out after they enter an incorrect code 5 times. They have to wait for 30 minutes before another authentication attempt.

You must use the Candidate Verification Notification email template to authenticate candidates on their preferred communication channel. This sends an automated email to candidates with a 6-digit verification code. Note that this automated email is sent using the no-reply email. This email will be visible in the Messages tab if the Capture Message feature is enabled for this notification in the Content Library.

Candidates can choose to be signed in instantly when they go to career site to schedule interviews, provide more information, view offers, or apply to another job. When candidates select the option Keep me signed in, the next time they visit the site on the same browser and within validity period, a verification won't be required. For details, see Enable Keep Me Signed In.

Verification of New Candidates

When candidates apply for a job, they're asked to provide an email or phone number. If that email or phone number isn't already being used, candidates are treated as new candidates. Communication with the candidates is done by email or SMS depending on what the candidates provided.

Candidates must confirm that they own the email or phone number they used to apply for the job. They're sent a 6-digit verification code by email or SMS. To confirm their identity, candidates enter the 6-digit code into a form presented after the job application is submitted.

When candidates remain in the same session, their identity has already been verified and they can apply to other jobs or access their candidate self service dashboard without the need to confirm their identity again. In general, the identity of candidates is confirmed within the same session for 4 hours. After that time, candidates need to reconfirm their identity.

Note: You must use the Job Application Confirmation Notification email template in order for candidates to receive the verification code the first time they submit an application from an external career site. This email notification is sent using the no-reply email. It’s displayed in the Messages tab if the Capture Message feature is enabled for this notification in the Content Library.

When candidates want to join a talent community, they're asked to provide an email address. The same verification process described above applies when joining a talent community.

Verification of Returning Candidates

When candidates apply for a job, they're asked to provide an email or phone number. When they want to join a talent community, they're asked to provide an email address. If that email or phone number matches the info provided by an existing candidate, the candidate is treated as a returning candidate.

Returning candidates can start the job application process or join the talent community only after their identity is verified. They're sent a 6-digit verification code by email or SMS to confirm their identity. Upon confirmation of the email or phone number, the candidates land in the application flow and the application form is prefilled with data from previous job applications. The most recent data that was submitted is used. Candidates can overwrite that data and submit their job application with updated details. Their candidate profile data is updated respectively.

Returning candidates won't be asked to confirm their identity if they previously selected the option Keep me signed in and they're using the same browser and are within the validity period.

Verification of Email or Phone Number for Returning Candidates

If returning candidates try to sign in using either an unverified phone number or email address they're asked to verify their identity using verified information. This extra security applies to any place a candidate logs in, such as application flows, talent communities, events, and candidate self service. This prevents bad actors from being able to access a candidate's real personal information in the profile.

For example, let's say that a candidate begins an application flow using an unverified email address. They must first complete a PIN challenge. Next, they're asked to verify that they're the legitimate owner of the candidate profile associated with that email address by correctly identifying the verified phone number associated with the profile.

If they enter the correct phone number, their unverified email address is marked as verified and they're allowed to proceed with the application using that profile. If they don't enter the correct phone number, they're allowed to proceed as a new candidate, and basic info is prepopulated with the phone number and email address they provided on the verification screen. If this candidate submits an application, they're treated as a new candidate with email verified, phone unverified.

Similarly, if a candidate begins an application flow with an unverified phone number, they're asked to verify the email address. If they enter the correct email address, their unverified phone number would be marked as verified and they're allowed to proceed with the application using that profile. If they don't enter the correct email address, they're allowed to proceed as a new candidate, and basic info is prepopulated with the phone number and email address they provided on the verification screen. If this candidate submits an application, they're treated as a new candidate with phone verified, email address unverified.

Note:

If a candidate is identified as having recently logged in via a stored cookie, then this challenge might not be presented to them.

Note: We recommend that you also enable the feature that verifies date of birth and allows email claim (SeeEnable Email Authentication and Email Reuse Enable Email Authentication and Email Reuse for instructions). This helps ensure that genuine candidates can proceed through the phone validation screen by creating a new profile, even when using an email address previously used by another (potentially malicious) candidate.

Verification of Employees

When former employees or alumni provide their personal email to confirm their identity, they're treated as returning external candidates and they can access their talent profile data when applying for a job.

When current employees provide an email tied to their employee record, they're treated as internal candidates and they're redirected to the company's internal career site.

Candidate Authentication Path

When a phone number or email address is used for authentication, it gets verified. From this point, the field is disabled for editing and data isn't imported to that field if candidate imports profile from LinkedIn, Indeed or resume.

Candidates can easily edit the phone or email using an edit icon next to the field. They can also change their communication preference by clicking Use for communication next to either Email Address or Phone Number.

Brand new candidates can only select one communication method. Returning candidates can select both.

The candidate authentication path depends on these criteria:

If a candidate profile is associated with the email or phone number used for authentication.
If there's a draft associated with the email or phone number even if a candidate profile doesn't exist yet.
If the Candidate Autoconfirmation setting is enabled. For details, see Enable Candidate Autoconfirmation.

Here's what happens when the Candidate Autoconfirmation setting is disabled:

If there's no candidate profile:
- And there's no draft associated with the email or phone number: the verification code is sent at the end of the apply flow.
- And there's a draft associated with the email or phone number: the verification code is sent before entering the apply flow.
If there's a candidate profile:
- When the candidate enters the apply flow, the verification code is sent as soon as the candidate provides the email or phone number. After a successful verification, the candidate can enter the flow and see profile data associated with the email or phone number that was used.
- When the candidate enters the talent community flow, the verification code is sent as soon as the candidate provides the email (there's no phone verification when entering the talent community flow).
- After successful verification, the candidate can access the self-service dashboard on the career site to manage their profile (there's no entry to the talent community flow because the candidate already has a profile).

Here's what happens when the Candidate Autoconfirmation setting is enabled:

If there's no candidate profile, and or draft associated with the email or phone number, the verification code isn't sent after completing the apply flow or the talent community flow, and the email or phone number is auto confirmed.
If there's a candidate profile, the behavior is the same as when the Candidate Autoconfirmation setting is disabled.

Note:

If a returning candidate edits their communication preference in the apply flow, they'll have to verify immediately that they own the email or phone number using an inline PIN challenge during the apply flow. New candidates verify the communication channel after submitting application.