Using an Access Code to Retrieve Case Details
Sometimes you may want to allow anonymous users to view the details of a case but you still want some protection on who can view the details of the case. For example you may want to share some of the case details with a third party but not give the third party access to the full case in CXM.
The most secure way of protecting the information on a case is by requiring a user to be signed in and giving them access to only view cases that they have CXM permissions to see.
Using an access code to view the case is not 100% secure, an access code could still be brute forced until the correct access code is found to gain access to the case. Consider your use case carefully before using an access code.
Creating and Saving an Access Code
The access code needs to be saved somewhere after it has been generated. Save the access code in a case field in CXM.
In you CXM case create a field to store the access code
Add the field to the Create Case form for you CXM service
In your form that created the case use the "Generate Access Code" logic to generate a random access code.
Map the logic in the CXM Create Case template to the field used to store the access code
Now when the form is completed an access code will be generated and stored against the case.
Verifying Access with an Access Code
In order to allow third parties to view some or all of the case details from a form you should verify the access code they have provided is correct agains the case.
Create a page template with fields to capture the CXM Case Reference and the Access Code.
Validation can be applied to the Access Code question which will validate the response is in the correct format (it will not validate that the access code is correct for the case reference entered). Enable Use validation on the question and select Access Code from the list of validations.
Now create a logic to get the access code value for the case identified by the case reference entered into "CXM Case Reference".
Make sure Run as signed in user is set to No. The logic will need to be able to retrieve the field value without the user being signed in.
With the access code entered by the user and the access code retrieved from the case, use a conditional logic to compare the two values.
Use the outcome of the conditional logic to branch to a dead end page when the access code doesn't match the expected value
Now complete the rest of the form by using logics to retrieve the case values and use prefills or placeholders to display these to the user using the form.
To the user filling in the form they will need to provide both the CXM Case Reference and Access Code to access the form.
After filling in the details and clicking next the user will either be shown the next page of the form or a dead end page informing them that they cannot access the case.