Assigning steps to an email field

Steps can be assigned to the email address value of an email field allowing users without a WordPress user account to participate in a workflow.

IMPORTANT: Assigning steps to email fields is not as secure as assigning steps to WordPress users. If you decide to assign steps to email fields, it's strongly recommended that your site uses HTTPS/SSL and that you don't expose highly sensitive data.

When a form has email fields, they will appear in the 'Fields' section of the list of assignees that can be selected.

As email field assignees can't login, they can't use the admin UI, so you'll need to add the inbox shortcode to a page and use the {workflow_entry_link} or {workflow_entry_url} merge tag in the assignee email to send them a unique URL which they will use to access the workflow. Use the page_id to specify the ID of the WordPress page containing the inbox shortcode. You can find the ID of the page in the URL when you open the page for editing (it's the post_id parameter). The text attribute is optional.

The unique URL includes a secure access token which authenticates the user using a cookie stored on their computer for as long as their browser is open. Once the browser is closed, the user will need to click on their unique URL again in order to access the entry.

The unique URLs are valid for a duration of 30 days. This can be modified using the gravityflow_email_token_expiration_days filter .

The purpose of the email field is to allow people without user accounts to participate in workflows as assignees. It doesn't look up the user account with that email address which means that you have to be careful testing - if you're logged in you'll see the tasks assigned to your user account.