SYSTOPIA Extension of the Month #3: Self-Service

2024-03-20 06:28
Written by

What is the best way to let your supporters view and change their CiviCRM data? With our Extension of the Month series, we at SYSTOPIA would like to share some of our most useful extensions. This month, we are spotlighting Self-Service, a smart little addition to improve your constituent experience.

What is Self-Service?

The Self-Service extension allows constituents to enter their email address and receive a personalized link to a prefilled webform. There, they can view and update selected CiviCRM data - without needing a Drupal account.

What are the benefits?

This extension has been created to offer your constituents a user-friendly and secure way to update CRM data themselves, like changing their preferred contact method or a new address after a move.

Sometimes user accounts are used for constituents to gain access to their data. By bypassing this need for a login process, Self-Service saves implementers the effort of managing Drupal user accounts for all their CiviCRM contacts. It eliminates the constant amount of work involved in creating new accounts and blocking unused ones. A nice aspect is that users can request their personal link themselves, just by entering their email address in a one-field web form.

We are aware you can send custom links to your users to direct them to a prefilled CiviCRM profile or Drupal webform integrated with the webform_civicrm module. However, we wanted to improve that functionality and make it more secure and user-friendly. Data exchange between front end and CiviCRM happens only via REST API.

Constituents profit from a more seamless process and the enhanced user experience of self-service. The front end can be styled completely to your organizations preferences with a custom Drupal theme (if you want that).

How does it work?

The self-service workflow starts with the constituent entering their email address in a webform, integrated into any Drupal website. The email address input is matched with data in CiviCRM.

If the email address cannot be found or several contacts with this email address exist, CiviCRM sends an email with relevant instructions, e.g. registering to the organization or contacting support. If there is a unique contact with this email address in CiviCRM, a link is sent for the constituent to view and edit their data. In any case your messages can be tailored with message templates.

The update link leads to a form that is prefilled with data of the corresponding CiviCRM contact. You can customize which fields are readable, writable or required. Submitting the form will send the updated data to CiviCRM. You can also configure what happens with the submitted data and if someone of your organization should be informed about the change.

Is this safe?

The update link created by the Self-Service extension contains a token which cannot be guessed by external parties. Plus, the self-service link is only valid for a fixed amount of time, by default it expires after seven days.

Since we all are used to using the login password method for access, a Drupal account feels more secure at first. But if you look a little bit closer, the email address is always the linchpin. It's where the initial login data and new passwords are sent, especially if you use the password forgotten workflow. So if somebody is in control of the mailbox or monitoring the email traffic, they will gain access. Because of this, we see no heightened security issues from the self-service method compared to tying access to a Drupal account.

How can you implement it?

Self-service has a somewhat complex setup as several components are involved. Read the documentation for a step-by-step guide on how to configure Self-Service, the webforms, message templates, Drupal modules and other extensions required.

Wait… what other extensions?

We follow a modular approach to software development. Each extension and module is designed to perform a specific job. It’s what keeps CiviCRM efficient, flexible, customizable, collaborative, fixable... in short: alive.

Self-Service utilizes (and only works with) these CiviCRM extensions:

  • CiviMRF provides the CiviCRM Modular Remote-Access Framework,
  • Extended Contact Matcher (XCM) is a super-flexible tool to match the user input with existing CiviCRM data - and has some more tricks up the sleeve.
  • Form Processor makes it possible to process the update form in CiviCRM.

If you are interested in a more detailed presentation of these or any of the other extensions we maintain, feel free to suggest a candidate for the next Extension of the Month!

What else?

We are committed to maintaining our extensions and providing comprehensive documentation to keep them accessible for other implementers and users. Reach out to us via if you want to get involved in sustaining our efforts.


Filed under