Alright folks, my users are really frustrated with the email pin for login method. I need to keep the data secured, and I need to know who is logged in to show the right data/options. Usage of my app is really suffering as a result of this frustration.
I know there are several feature requests related to this, and I hope official changes are made to this soon. In the meantime, who has figured out any viable workarounds?
No workarounds that Iām aware of. You should vote hereā¦
edited:
Iām a little curious about this.
Normally, once a user is signed in the authentication cookie will keep them signed in indefinitely.
So in theory, they should only have to go through the sign in process once.
If users had to go through that process every time they open the app, I could understand the frustration - but that shouldnāt be the case?
Can you tell us more about what they find frustrating and what alternative you would prefer?
Thank you for the responses, @david, @Darren_Murphy, @Eric_Penn!
My users hop around from workstation to workstation frequently. They work at a hospital, and they may only have a few minutes before they need to get up and do something else. So, they are frustrated that every time they sit down at a new workstation, they need to spend a couple of minutes in the email verification process. The mobile version certainly helps, but itās not optimal for some of their use cases (reading an article, printing a policy).
Alternatives that I think would help would be:
In an ideal world, my users would most want a SSO solution, but that might be a reach for now
Currently, I am looking into duplicating the app and making a version that is public with email and only accessible on a range of IP addresses (aka, hospital computers). This is a lot of work and not really ideal.
One other solution that could really work for me would be to allow users to assign two email addresses to one account. I need to use institutional emails for the whitelist, but if users could add a secondary gmail address, they could use the login with Google option for faster access.
One possibility could be to whitelist a domain. Not necessarily a solution to your problem but its something.
I donāt think that helps me, because I do need to limit access to certain people. Thanks for your thoughts, though!
If there is a possibility of using two email accounts for one user of which one should be Gmail, why donāt you use it now? Google Sign in is great and fast option. Why do you need email adresses from hospital domain?
Maybe I didnāt get it, sorryā¦ Just trying to understand the logic.
This is a great question. I grant access to this app by having their institutional emails on the white list. I do not know who has a gmail account, and if they do, what they are. I would be open to letting people change their email address to gmail, but that messes up a lot of logic throughout the app that matches email for visibility conditions.
It could be done, it would just take a ton of time that I donāt really have.
Yes, I do understand now. It depends on how many users you are expecting. Since you have a whitelist, I assume that you have an exact number. If it is not too many, it can be done quite fast I believe.
If you let your users change their email addresses, I think that it should not mess up your logic unless you hardcode some of them inside components or computation columns.
Or, Iām wrong?
There are several areas of the app that are individualized based on āemail is signed-in-userā. As in, the email address of the person who posted this is the signed-in user. If the user changes their email after posting, these wonāt match. So, that kind of thing would be an issue in a lot of features.
Yes, youāre right. My bad.
Maybe, after their initial sign-in, prompt them to immediate email update(change)?
yeah, that can work for new users moving forward, but the users that are frustrated with me right now are existing ones with data already saved to their accounts
Okā¦Obviously, I canāt help, sorry.
Just one more thingā¦ Usually, the user stays signed in unless he or she manually sign out, or their phone turns off or they kill all active apps occasionally. Iāve never had some issues with users because of the log-in process. That is the main reason I engaged in this discussion. Sorry one more time for wasting your time for nothing.
If you donāt need to apply row owners to your data (for data security), you could consider adding a unique id to your whitelist sheet. If a user adds a secondary email, you could automatically carry over that same unique id to that second record. Otherwise you would assign a new unique id for a new user. If your user profile sheet is a different sheet, then you can pull in that unique id with an email relation/lookup to pull the unique id into the user profile. Both user emails should get the same unique id. Once thatās set up, then you can create a relation/lookup to pull that same unique id into all of your other data tables. Finally, you can change all of your visibility, filter, and If conditions to compare the lookup unique id to the user profile unique id.
That way a user can have multiple accounts, but access there own data from multiple accounts. Again, this is assuming that you are not using row owners. Also, this should have minimal impact, so it really shouldnāt affect users if they are currently using the app. The only hard part is manually assigning unique IDs to existing user records in your whitelist.
Turns out hospital administration has banned access to Gmail, so this wonāt work. Best options would still be SMS Verification, Username/Password, or other customizable methods
Good to know ty. I voted here now instead.
