Access Token for Anonymous Forms

Configure an access token to connect to an anonymous form. This type of access token provides credentials that let non-authenticated users complete an eForm in AgilePoint NX.

Figure: Anonymous Forms Access Token Configuration screen

Anonymous Forms Access Token Configuration screen

Background and Setup

Examples

Prerequisites

Good to Know

  • To enforce strict security, AgilePoint highly recommends you use anonymous forms for data entry only, and avoid using lookups that connect to your backend systems.

    However, the decision whether to use lookups in anonymous forms is based on your business requirements. If your requires you to use a lookup to backend system, make that design choice as necessary.

  • Optionally, in AgilePoint NX OnPremises and AgilePoint NX PrivateCloud, anonymous forms can use the AgilePoint Service Account for authentication if you select User System Account when you configure an access token for anonymous forms. However, this practice carries security risks. It is not recommended unless you have a specific business requirement for Service Account access, and the security risks are mitigated.

    If you use the AgilePoint Service Account, the credentials are not stored in the database.

  • If you have questions about the security impacts or best practices for anonymous forms, contact AgilePoint Professional Services.
  • In most cases, you can use a global access token or an application level access token:
    • Global access tokens are shared across all users and applications. If you want all process designers and runtime app users in your AgilePoint NX tenant to be able to connect to an external data source, use a global access token. An example is a SharePoint site on an intranet that all employees in a company can access.
    • Application level access tokens are shared with all processes in a process-based app, or restricted to use within a form-based app. Use application level access tokens if only process designers or runtime app users for a particular application should access an external system — for example, a Google Drive account that is only used to share files within a small team.
  • Access tokens are collections of credentials that are used to authenticate communication directly between AgilePoint NX and an external system. Because it is the AgilePoint NX system that uses these credentials, rather than an app, there is no difference between design time and runtime access tokens. Access tokens are never checked in or published, and they do not use version control. If you change an access token in the App Builder or Manage Center, the access token changes immediately everywhere the access token is used. Changes to application level access tokens apply to all versions of an application, including running application instances. Changes to global access tokens apply everywhere they are used in AgilePoint NX. You can not roll back an access token to a previous version.

    For more information, refer to What Data Is Deleted When I Delete an App or Application Resource?

Fields

Field Name Definition

Token Name

Function:
Specifies the unique name for your connection to AgilePoint.
Accepted Values:
A text string that can have letters, numbers, and spaces.
Default Value:
None
Example:
Refer to:

Description

Function:
A description for your access token.
Accepted Values:
More than one line of text.
Default Value:
None
Example:
Refer to:

Domain

Function:
The authentication domain.
Accepted Values:
A valid domain.
Default Value:
None
Example:
Refer to:

User Name

Function:
Specifies the user name of the user in Active Directory or AgilePoint NX.
Accepted Values:
A valid user name.
Default Value:
None
Accepts Process Data Variables:
No
Example:
Refer to:

Password

Function:
Specifies a password for the user.
Accepted Values:
A valid password.
Default Value:
None
Accepts Process Data Variables:
No
Example:
Refer to:

User System Account

Function:
Specifies to use the AgilePoint Service Account for anonymous authentication. (This is sometimes also called the AgilePoint System Account.)
Accepted Values:
  • Selected - Uses the AgilePoint Service Account as the credentials for anonymous authentication.
  • Deselected - Does not use the AgilePoint Service Account for anonymous authentication.
Default Value:
Deselected
Limitations:

Validate

Function:
Makes sure the specified Active Directory or AgilePoint NX account is correct.
Example:
Refer to:

Encrypt

Function:
Stores the access token in the AgilePoint database as encrypted data.
Note: AgilePoint recommends you to store this access token in the database in encrypted format.
Accepted Values:
  • Deselected - The access token is in plain text in the database.
  • Selected - The access token is encrypted in the database.
Default Value:
Selected
Limitations:
  • This field was removed from the UI in AgilePoint NX OnPremises and PrivateCloud v7.0 Software Update 2. Access token credentials are encrypted by default. If you want to store credentials in unencrypted format, contact AgilePoint Customer Support.