Some credential content and actions can be made available only to verified credential owners. This helps you protect sensitive credential information and prevent third parties from using someone else’s credential actions, such as downloading, sharing, embedding, or adding the credential to a social profile.
👤 Who is a credential owner?
A credential owner is the recipient whose email address was used when the credential was issued.
💡 For example, if a credential was issued to [email protected], the credential owner is the person who has access to [email protected].
Certifier uses the email address to determine whether someone can access owner-only content or perform owner-only actions on the credential page.
What is credential owner verification?
Credential owner verification confirms that the person trying to access protected credential content or actions is the actual owner of that credential.
When verification is required, Certifier asks the visitor to enter an email address and sends a confirmation code to that address. After the visitor enters the code, Certifier verifies ownership of that email address and checks whether it matches the email address associated with the credential.
If the email address matches the email address associated with the credential, Certifier treats the visitor as the verified credential owner. This means they can access owner-only content and actions, while public visitors and third parties cannot.
⚠️ Credentials issued without an email address have no owner.
If a credential is issued without an email address, the credential cannot be associated with a specific recipient and has no credential owner.
As a result, owner-only features such as:
private design templates,
restricted recipient actions,
contact issuer requests,
cannot be accessed because ownership of the credential cannot be verified.
🔎 When is verification required?
Credential owner verification can be used in several places on a public credential page. Currently, it applies to:
Contacting the issuer & submitting a change request.
Viewing private design templates.
Performing restricted recipient actions, such as sharing, downloading, adding to wallet, or embedding a credential.
Contacting the issuer & submitting a change request
Credential owners may need to contact the issuer from the credential page, for example, to report a typo or request an update. To do this, they must confirm that they have access to the email address used to issue the credential.
After verification, they can submit the request. The same verification session also gives them access to other owner-only content and actions for 24 hours, so they do not need to verify again during that time.
Private design templates
A credential can include multiple design templates. Some of them may be public, while others may be private. A private design template is visible only to the verified credential owner.
Public visitors do not see the private design content. Instead, they see a locked placeholder indicating that the credential view (design) is private.
💡 To view a private design, the credential owner needs to verify their identity. After successful verification, the private design becomes visible during the active 24-hour verification session.
To manage design privacy, go to the Design Template page and enable the "Private" toggle:
You can also manage design privacy from the Credential Template page by clicking “Make Private” on any design attached to the credential:
Restricted recipient interactions
Recipient interactions are actions that recipients and visitors can perform on a credential page. These may include:
sharing the credential on social media;
adding the credential to a LinkedIn profile;
adding the credential to a mobile wallet;
downloading the credential;
embedding the credential.
Depending on your settings, these actions can be available to all credential page visitors or restricted to credential owners only. If you restrict actions to verified credential owners only, users must complete the verification flow and prove ownership of the credential before they can perform any of these actions:
To manage recipient interactions go to Advanced Settings section in the credential template form. These settings control which actions are available on the credential page:
📍 By default, all enabled recipient actions are available to anyone who visits the public credential page.
If you turn on "Restrict actions to verified credential owners only", enabled recipient actions become available only after the credential owner verifies their identity:
❗️ Note: The "Restrict actions to verified credential owners only" setting does not enable actions. It only changes who can use actions that are already enabled.
When "Restrict actions to verified credential owners only" is turned off, enabled actions are available to anyone who visits the credential page. When it is turned on, enabled actions are available only to the verified credential owner.
Example: If PDF downloading is enabled and PNG downloading is disabled, only PDF downloading can appear on the credential page. If you also enable "Restrict actions to verified credential owners only", the credential owner will need to verify their email before downloading the PDF. PNG downloading will remain unavailable.
How credential owners verify their identity?
When a recipient tries to access protected content or perform a protected action, Certifier asks them to verify their identity.
⚠️ Note: credentials issued without an email address cannot be associated with a a credential owner and cannot be verified.
The verification process works like this:
1. The recipient clicks a protected action, a private design, or the Contact Issuer button:
2. Certifier asks them to enter the email address used to receive the credential:
3. Certifier sends a confirmation code to that email address:
4. The credential owner opens the email and copy the confirmation code:
5. The credential owner enters the confirmation code:
6. Certifier confirms their identity and unlocks the requested content or action.
💡 If the owner is already signed in to Issuer Portal with the same email address that was used to issue the credential, verification is skipped.
How long does verification last?
After successful verification, the credential owner remains verified for 24 hours. During this time, they can access protected content and perform protected actions without verifying again on credentials associated with the same email address.
This may include:
viewing private design templates;
performing restricted recipient actions;
submitting change request forms.
🕔 After 24 hours, the session expires.
The next time the credential owner tries to access protected content or perform a protected action, they will need to verify again.
FAQ
Can someone else verify with their own email?
Can someone else verify with their own email?
No. Anyone can request a confirmation code for their own email address, but access to protected content and actions is granted only if the verified email address matches the email address associated with the credential.
What happens if someone verifies a different email address?
What happens if someone verifies a different email address?
Anyone can request a verification code for an email address they control. However, protected content and actions are unlocked only when the verified email address matches the email address associated with the credential.
What happens if a signed-in user opens someone else’s credential?
What happens if a signed-in user opens someone else’s credential?
Being signed in does not automatically grant access to protected content on credentials issued to a different email address. Protected content and actions are available only when the verified email address matches the email address associated with the credential.
Does the credential owner need a Certifier account?
Does the credential owner need a Certifier account?
No. They can verify their identity by entering a confirmation code sent to the email address associated with the credential.
Will private designs be visible on shared credential pages?
Will private designs be visible on shared credential pages?
No. Public visitors see a locked placeholder. The private design becomes available only after the credential owner verifies their identity.
What happens after 24 hours?
What happens after 24 hours?
After 24 hours, the verification session expires. The credential owner must verify their identity again to access protected content or perform protected actions.