We have a private customer support portal, available only to "Verified" customers.
To make that work, Freshdesk recommended that we could simply turn off the Email Notification - User Activation Email and verify customers manually.
This does prevent a person who's emailed in an issue from automatically getting an activation email.
When a user visits the portal url they are asked to log in. As they've not been verified, they cannot. So far, so good.
But unfortunately, if they click on the "forgot your password?" link, they are prompted to enter their email address and are sent a link to set a new password.
Once they do this they are verified.
For this mechanism to work:
The forgot password process should check first to see if the user is verified.
If they are not verified:
- If the User Activation Email is enabled: it should be resent with a new timed link.
- If the User Activation Email is not enabled: the user should be sent a message, configurable by a Freshdesk administrator, informing them of what will happen.
If they are verified:
- The password reset should be processed.