Tap the link. You're in.

No email login, no password, no reset loop. When a candidate needs to act, the agent texts one short-lived, secure link. They tap it and land straight in their file.

The candidate experience

Every step of friction, gone.

R

Riverside Staffing

● credentialing agent

SMS
Hi James — to finish your Riverside file, tap to open it and upload your license. No password needed.

Signed in as James Carter

Riverside RN · no password, no account

Upload RN licenseopen →
Sign placement packetopen →

Configurable

The agent decides exactly what a link can do.

How long it lives, how many times it opens, which device and IP it binds to, and what it's allowed to touch — set per link, per task.

New access link

agent-generated

Expires in

23:58:12 left

1h24h7d

Max uses

1 of 3 used

13

Bind to first device & IP

locks after first open

This link can

Upload documentsE-sign packetView file statusPayment details

crd.is/9fK2xQ

live

Secure by design

A stolen link is a useless link.

Every link is short-lived, scoped to one person and one task, and locked to the first device that opens it. Each issue, open, and use is logged — and a forwarded or expired link simply won't work.

Access log

crd.is/9fK2xQ
  • Link issuedtexted to James · 9:42 AM
  • OpenedChicago, IL · iPhone · 9:43 AM
  • Device boundfuture opens locked to this device
  • Packet signeduse 1 of 3 · evidence logged
  • Stale link tapped → blockedfresh link auto-sent to James
Short-livedSingle deviceIP-checkedRevocableFully logged

Removing the password wall is one of the biggest levers on candidate completion.

Questions

How is a passwordless link secure?

A lot of engineering goes into it. Each link lives on our crd.is domain, is short-lived, and is scoped to one candidate and one action. The agent can cap it by expiry, number of uses, and bind it to the first device and IP that opens it — so a forwarded or stale link simply stops working. Every issue, open, and use is tracked and logged to the operation.

What can the agent configure about a link?

How long it lives (an hour, a day, a week), how many times it can be opened, whether it locks to the first device and IP that uses it, and exactly what it's allowed to do — upload, e-sign, view status — set per link, per task.

What happens when a link expires or is misused?

It stops working, and a fresh short-lived link is issued automatically — carried on the next reminder or sent the moment the candidate taps an old one. There's no reset flow and no support ticket.

Does this work with our own login?

Yes. For candidates already signed in to your app, the embeddable portal accepts a signed JWT so they never see a login screen. Magic links on crd.is cover everyone else.

See it work a real file.

Thirty minutes, one placement, worked live — start to submit-ready.