When creating forms, there are important differences between what authenticated (logged in) and unauthenticated users (not logged in) can do when interacting with forms. The following sections describe these differences.
Contact creation forms
Contact creation forms are a form type that can be selected on the Form content item configuration page.
Authenticated users
- A new contact is created upon submission.
- Authenticated users stay logged in after a contact is created.
Unauthenticated users
- Submitting a contact form creates a new contact.
- If a user account is created, the following occur:
- The user becomes logged in.
All information entered in the form is associated with the new contact.
- If a contact has been created, but not a user account, an empty form or the redirect page is shown if the Submit button has redirect instructions. The following occur:
- An empty form or the redirect page is shown if the Submit button has redirect instructions. No user is logged in.
- Only the first name, last name, and email are saved for the new contact; information added to additional fields is not stored.
Note: When designing forms for unauthenticated users to add new contacts without a user account, only include first name, last name, and email fields. If the account Signup fields are absent, any additional information entered, such as address details or panel source properties, will not be saved upon form submission.
Anonymous forms
Anonymous forms are a form type that are locked to a specific ID in the configuration. Form designers would typically create a new contact for each anonymous form and lock the form to that new contact. Staff users then check the user's information to access anonymously submitted data, such as survey results. All data in the anonymous form is generated by the contact to which the form is locked.
During form configuration, a contact is chosen as the contact from which all submitted data appears to come. This contact can be added at the time of form configuration. The form is then locked-to that contact's ID.
Authenticated users
- Information from the form is applied to the locked-to contact’s entries in the affected multi-instance tables.
- Information from the form is not applied to the logged-in user's entries in the affected multi-instance tables.
- The logged-in user remains logged in after form submission.
- Access to the input information is restricted by permission defined by party claims.
Party claims set up permissions for classes of items or individual pieces of content. For example, if a form designer sets up a user-defined table or business object for an anonymous form, that table or business object should be given an access level that restricts the user classes or roles who can read or change the data in the table or business object.
Common access levels include All Staff, Full Control, Everyone Full Control, and Admin Full Control. For anonymous data sources, Everyone Full Control is strongly discouraged.
Note: Multi-instance tables can be created in Panel Designer through data sources. For more information on multi-instance tables, see Creating a panel that allows multiple entries.
Unauthenticated users
- Information from the form is applied to the locked-to contact's entries in the affected tables.
- Information from the form is not applied to the GUEST account entries in the affected tables.
- No user is logged in after form submission.
- Access to the input information is restricted by permissions defined by party claims.
Other forms
The following applies to all other form types.
Authenticated users
- The form is visible.
- Submitting the form saves information to the logged-in (or On behalf of) user's entries in the affected tables.
- The logged-in user remains logged in after submission.
- Any activity using On behalf of remains in effectafter submission.
Unauthenticated users
- The form is not visible.
- The user is automatically redirected to the login page.
- After authentication, the form is automatically displayed and form processing continues as for any other authenticated user.