Multi-Factor Authentication is straightforward to set up, but there are a few steps involved to make sure your campaign and the related documents are as secure as possible. You should be comfortable with creating Emails, SMS, and Landing Pages in Which50. Below you will find the 3 steps needed to create a MFA enabled campaign, and some examples of existing campaigns setup and in use.
Create the initial communication for your contacts (whether Email/SMS). This communication must include a link to a Landing Page/Webform, which is used for the 2nd authentication step.
If this is an email, it can have a document attached to it, or else a link to access the personal document online.
Create the Webform that will be used to trigger an SMS/Email containing a passcode for the personal document. This is where your initial communication will link to. See the example below for how this can look:
The contact will use this page to click the button to 'Request PIN code', and then will return to this page once they have received their code, to enter it and access their document. If the document has instead been attached to the initial email they received, they will enter the passcode there, and won't need to return to this Webform.
NOTE: Webforms can only be built inside Multi-views (Read more on Multiviews here), and the above webform uses 2 submit buttons, so will require 2 separate Multi-views. These are illustrated by the dotted red lines around each button. One to trigger the passcode to be sent, and the other to submit when entering the passcode.
Create the 2nd piece of authentication (either SMS or Email, depending on which method you've already used). This communication will contain the individual passcode, and an SMS example can be seen below:
Once the contact has received this passcode, the MFA journey is complete. They will now have received an Email and SMS, and have the details needed to access the personal document. This requires a contact to have access to both their email and their mobile phone, and will reduce the potential for any un-authorised visitors accessing their personal details.
Once all the comms are set up and ready, the campaign needs Activities to be able to send them out. You will need the initial send, and then a Landing Page submission trigger, as shown in the example below.
In Summary, you should have 1 Email, 1 SMS, and 1 Webform in your campaign. In the example above, the Email is the initial communication, and contains a link to the Webform. The Webform contains a button which triggers the SMS sent to the contact, and that SMS contains the passcode required for the document attached to the initial Email.