(Example) Use Anonymous Authentication in a Form-Based App

Prerequisites

• AgilePoint NX OnDemand (public cloud), or AgilePoint NX PrivateCloud or AgilePoint NX OnPremises v7.0 or higher.

Good to Know

• This example uses the Customer Request app from the AgilePoint NX App Store.

  For more information, refer to How to Get the App

• Customer Request is an application that allows user to enter new customer details.

  For the use case in this example, you configure the New Customer Request form for anonymous authentication in a Customer Request app so that the customer can access the Customer Request form with no AgilePoint NX account and enter the new customer details.

• To enforce strict security, AgilePoint highly recommends you use anonymous forms for data entry only, and avoid using lookups that connect to your backend systems.

  However, the decision whether to use lookups in anonymous forms is based on your business requirements. If your requires you to use a lookup to backend system, make that design choice as necessary.

• An application designer who configures an eForm to use anonymous authentication (used with anonymous forms) must have a role with the Allow Enabling Anonymous Access access right.

  The Allow Enabling Anonymous Access role lets the application designer create an anonymous form in App Builder at design time. It does not control the security for the anonymous form or the anonymous form user at runtime. The user credentials used for the anonymous authentication access token do not require this access right.

• As a security best practice, in your access token for anonymous forms, AgilePoint recommends using a user with minimum access rights. This is a user with the Users role with the default access rights.
• Optionally, in AgilePoint NX OnPremises and AgilePoint NX PrivateCloud, anonymous forms can use the AgilePoint Service Account for authentication if you select User System Account when you configure an access token for anonymous forms. However, this practice carries security risks. It is not recommended unless you have a specific business requirement for Service Account access, and the security risks are mitigated.

  If you use the AgilePoint Service Account, the credentials are not stored in the database.

• If you have questions about the security impacts or best practices for anonymous forms, contact AgilePoint Professional Services.

Good to Know

• An application designer who configures an eForm to use anonymous authentication (used with anonymous forms) must have a role with the Allow Enabling Anonymous Access access right.

  The Allow Enabling Anonymous Access role lets the application designer create an anonymous form in App Builder at design time. It does not control the security for the anonymous form or the anonymous form user at runtime. The user credentials used for the anonymous authentication access token do not require this access right.

How to Start

1. In the Manage Center, click Access Control > Roles.
2. On the Roles screen, click Expand on the Application Designer role.

   
   
   

Procedure

1. On the Application Designer role, in the ACCESS RIGHTS section, click Edit Role .

   
   
   

2. Click the Application Builder tab.

   
   
   

3. On the Application Builder tab, select Allow Enabling Anonymous Access.

   
   
   

4. Click Update.

Good to Know

• As a security best practice, in your access token for anonymous forms, AgilePoint recommends using a user with minimum access rights. This is a user with the Users role with the default access rights.

How to Start

1. In the Manage Center, click Access Control > Users.
2. On the Users screen, click Add User .

   
   
   

Procedure

1. On the User Information screen, in the User Name field, enter ExternalUser.

   
   
   

2. In the Full Name field, enter Anonymous External User.

   
   
   

3. In the E-mail Address field, enter the e-mail address for the user.

   
   
   

4. Click Add User.
5. On the Create New User screen, click Access Rights.

   
   
   

6. On the Access Rights screen, select Users.

   
   
   

7. Click Finish.

Prerequisites

• Account credentials for anonymous authentication. This is the account the eForm uses to connect to AgilePoint NX, and get and submit data in the application. You can use an AgilePoint NX account or an account in Active Directory.

  If you do not use any of these authentication methods in your organization, you can create an AgilePoint NX account to use for anonymous authentication.

  Active Directory authentication is not available for AgilePoint NX OnDemand.

• As a security best practice, in your access token for anonymous forms, AgilePoint recommends using a user with minimum access rights. This is a user with the Users role with the default access rights.
• An application designer who configures an eForm to use anonymous authentication (used with anonymous forms) must have a role with the Allow Enabling Anonymous Access access right.

  The Allow Enabling Anonymous Access role lets the application designer create an anonymous form in App Builder at design time. It does not control the security for the anonymous form or the anonymous form user at runtime. The user credentials used for the anonymous authentication access token do not require this access right.

Good to Know

• Optionally, in AgilePoint NX OnPremises and AgilePoint NX PrivateCloud, anonymous forms can use the AgilePoint Service Account for authentication if you select User System Account when you configure an access token for anonymous forms. However, this practice carries security risks. It is not recommended unless you have a specific business requirement for Service Account access, and the security risks are mitigated.

  If you use the AgilePoint Service Account, the credentials are not stored in the database.

• If you have questions about the security impacts or best practices for anonymous forms, contact AgilePoint Professional Services.
• This example shows how to create a global access token for anonymous forms. You can also create an application level access token for anonymous forms.

How to Start

1. Click Manage .

   
   
   

2. Click App Builder > Global Access Tokens.

   
   
   

3. On the Global Access Tokens screen, click Add Token .

   
   
   

4. On the Add Global Access Tokens screen, select Anonymous Forms .
5. Click Next.

Procedure

1. On the Add Global Access Tokens screen, in the Token Name field, enter Anonymous Customer Request.

   
   
   

2. In the Domain field, enter nxone.

   You can find the domain name in the Portal Instance URL field on Tenant Settings.

   For more information, refer to Find your Portal Instance URL.

   
   
   

3. In the User Name field, enter ExternalUser.

   
   
   

4. In the Password field, enter the password of the user.

   
   
   

5. To make sure the specified credentials are correct, click Validate .

   
   
   

6. Click Done.

How to Start

1. Click Build Apps .

   
   
   

2. On the Application Explorer screen, in the My Applications pane, click Customer Request Application.

   
   
   

3. Click Anonymous .

   
   
   

Procedure

1. On the Application Settings screen, click the Anonymous Access tab.

   
   
   

2. On the Anonymous Access tab, in the Anonymous Access Name field, enter Anonymous New Customer Request.

   
   
   

3. In the Access Token list, select Anonymous Customer Request (Global).

   
   
   

4. Click the URL tab.

   
   
   

5. In the Base URL field, enter https://mysite.nxone.com.

   This URL is an example. You can find the actual value in the Portal Instance URL field on Tenant Settings.

   For more information, refer to Find your Portal Instance URL.

   
   
   

6. In the Value list, select Customer Request Application_New Customer Request.

   This is the value for the Create form. In a form-based app, anonymous access is usually desired for the Create form, but you can specify a different form.

   You can specify your own query string parameters and values. Any custom values you specify are used in the URL for the anonymous form.

   
   
   

7. Click Generate.

   
   
   

8. On the Access Token screen, click Save.

   You can use this URL to open and complete an eForm with no authentication.

   
   
   

   The Application Settings screen shows.

   
   
   

Procedure

1. On the Application Settings screen, click View.

   
   
   

2. On the Access Token screen, click Copy To ClipBoard.

   
   
   

3. Click Cancel.
4. On the Application Settings screen, click OK.

   
   
   

5. On the Application Explorer screen, sign out of AgilePoint NX Portal.

   
   
   

6. In your web browser, paste the URL for your eForm.

   The Customer Request Form opens with no authentication.

   
   
   

7. Complete the fields on the eForm.

   
   
   

8. Click Submit.

How to Start

1. On the AgilePoint NX Portal, click Work Center .

   
   
   

2. On the Work Center screen, click Inbox .

   
   
   

Procedure

1. On the AgilePoint NX Portal, click Work Center .

   
   
   

2. On the Work Center screen, click My Applications .

   
   
   

3. On the My Application screen, click Customer Request Application.

   
   
   

4. The View form shows the records you submitted in an eForm.

   
   
   

Prerequisites

• AgilePoint NX OnDemand (public cloud), or AgilePoint NX PrivateCloud or AgilePoint NX OnPremises v7.0 or higher.

Good to Know

• This procedure is optional. It is provided so you can test the example with an out-of-the-box app.
• This is part of the Background and Setup procedures, but many users preferred this step to appear after the example, not before it.

Procedure

1. Click App Store .

   
   
   

2. In the PRODUCT section, click Form Based App.

   
   
   

3. Click Customer Request app.

   
   
   

4. On the Customer Request screen, click Add.

   
   
   

5. On the Trust App screen, click Trust it.
6. Click Return to site.
7. Publish the Customer Request app.

   For more information, refer to Publish a form-based application.