(Example) Use Anonymous Authentication in a Form-Based App

This example shows how to use an anonymous form in a form-based app.

An anonymous form is an eForm that a runtime app user can submit with no authentication credentials. This is useful if you want people to use your form-based app with no user account.

Background and Setup

Prerequisites

Good to Know

  • This example uses the Customer Request app from the AgilePoint NX App Store.

    For more information, refer to How to Get the App

  • Customer Request is an app that allows user to enter new customer details.

    For the use case in this example, you configure the New Customer Request form for anonymous authentication in a Customer Request app so that the customer can access the Customer Request form with no AgilePoint NX account and enter the new customer details.

  • To enforce strict security, AgilePoint highly recommends you use anonymous forms for data entry only, and avoid using lookups that connect to your backend systems.

    However, the decision whether to use lookups in anonymous forms is based on your business requirements. If your requires you to use a lookup to backend system, make that design choice as necessary.

  • An app designer who configures an eForm to use anonymous authentication (used with anonymous forms) must have a role with the Allow Enabling Anonymous Access access right.

    The Allow Enabling Anonymous Access role lets the application designer create an anonymous form in App Builder at design time. It does not control the security for the anonymous form or the anonymous form user at runtime. The user credentials used for the anonymous authentication access token do not require this access right.

  • As a security best practice, in your access token for anonymous forms, AgilePoint recommends using a user with minimum access rights. This is a user with the Users role with the default access rights.
  • Optionally, in AgilePoint NX OnPremises and AgilePoint NX Private Cloud, anonymous forms can use the AgilePoint Service Account for authentication if you select User System Account when you configure an access token for anonymous forms. However, this practice carries security risks. It is not recommended unless you have a specific business requirement for Service Account access, and the security risks are mitigated.

    If you use the AgilePoint Service Account, the credentials are not stored in the database.

  • If you have questions about the security impacts or best practices for anonymous forms, contact AgilePoint Professional Services.
  • After you create a form-based app, you cannot change the app to use a different data source. For example, you can not change a form-based app to use a different entity or SharePoint list than the one specified when the app was created. This limitation also applies to cloned apps. That is, you cannot clone a form-based app, and then change the data source in the cloned app.

Step 1: Add the Acces Right "Allow Enabling Anonymous Access" to the Global Application Designer Role

Add the Allow Enabling Anonymous Access access right to the Application Designer role.

Good to Know

How to Start

  1. In the Manage Center, click Access Control > Roles.

    Click Roles
  2. On the Roles screen, click Expand on the Application Designer role.

    Expand Application Designer Role

Procedure

  1. On the Application Designer role, in the ACCESS RIGHTS section, click Edit Role Edit Role icon.

    Edit Admin Role screen
  2. On the Edit Role screen, in the Access Rights tab, click the App Builder tab.

    Application Builder screen
  3. On the App Builder tab, select Enable Anonymous Forms.

    Application Builder screen
  4. Click Update.

Step 2: Create an NX User for the Anonymous Access Token

Create a user with an AgilePoint ID to use in the credentials for the anonymous access token.

Good to Know

  • As a security best practice, in your access token for anonymous forms, AgilePoint recommends using a user with minimum access rights. This is a user with the Users role with the default access rights.

How to Start

  1. In the Manage Center, click Access Control > Users.

    Click Users
  2. On the Users screen, click Add User.

    Add User

Procedure

  1. On the User Information screen, in the User Name field, enter ExternalUser.

    User Name
  2. In the Full Name field, enter Anonymous External User.

    Anonymous External User
  3. In the E-mail Address field, enter the e-mail address for the user.

    Email Address
  4. Click Add User.

    By default, the new user is added with the User role.

Step 3: Create an Access Token for Anonymous Authentication

Configure an access token to connect to an anonymous form. This type of access token provides credentials that let non-authenticated users complete an eForm in AgilePoint NX..

Prerequisites

Good to Know

How to Start

  1. Click Manage.

    Manage
  2. Click App Builder > Global Access Tokens.

    Manage App Builder
  3. On the Global Access Tokens screen, click Add Token.

    Add Global Access Token
  4. On the Add Global Access Tokens screen, select Anonymous Forms.

    Click Anonymous Forms
  5. Click Next.

Procedure

  1. On the Add Global Access Tokens screen, in the Token Name field, enter Anonymous Customer Request.

    Global Access Tokens Name
  2. In the Domain field, enter nxone.

    You can find the domain name in the Portal Instance URL field on Tenant Settings.

    For more information, refer to Find your Portal Instance URL.


    Global Access Tokens Domain
  3. In the User Name field, enter ExternalUser.

    Global Access Tokens UserName
  4. In the Password field, enter the password of the user.

    Global Access Tokens password
  5. To make sure the specified credentials are correct, click Validate .

    Validate Global Access Tokens
  6. Click Done.

Step 4: Configure Anonymous Access for an eForm

To configure the anonymous access for an eForm in a form-based app, do the procedure in this topic.

How to Start

  1. Click App Builder.

    Build Apps screen
  2. On the Application Explorer screen, in the My Apps pane, click Customer Request App.

    Application Explorer Customer Request
  3. Click Anonymous.

    Anonymous

Procedure

  1. On the App Settings screen, click the Anonymous Access tab.

    Anonymous Access tab
  2. On the Anonymous Access tab, in the Anonymous Access Name field, enter Anonymous New Customer Request.

    Anonymous Access Name Field
  3. In the Access Token list, select Anonymous Customer Request (Global).

    Anonymous Access Token
  4. Click the URL tab.

    Anonymous Access URL tab
  5. In the Base URL field, enter https://mysite.nxone.com.

    This URL is an example. You can find the actual value in the Portal Instance URL field on Tenant Settings.

    For more information, refer to Find your Portal Instance URL.


    Anonymous Base URL
  6. In the Value list, select Customer Request Application_New Customer Request.

    This is the value for the Create form. In a form-based app, anonymous access is usually desired for the Create form, but you can specify a different form.

    You can specify your own query string parameters and values. Any custom values you specify are used in the URL for the anonymous form.


    Anonymous Value field
  7. Click Generate.

    Anonymous URL Generate
  8. On the Access Token screen, click Save.

    You can use this URL to open and complete an eForm with no authentication.


    Anonymous Access Token screen

    The App Settings screen shows.


    Anonymous Application Settings

Step 5: (Optional) Open Your eForm as an Anonymous User

To open your eForm as an anonymous user, do the procedure in this topic.

Procedure

  1. On the App Settings screen, click View.

    URL tab screen
  2. On the Access Token screen, click Copy.

    Access Token Screen
  3. Click Cancel.
  4. On the App Settings screen, click OK.

    App Settings screen
  5. On the Application Explorer screen, sign out of AgilePoint NX Portal.

    AgilePoint Sign Out Screen
  6. In your web browser, paste the URL for your eForm.

    The Customer Request Form opens with no authentication.


    Web browser screen
  7. Complete the fields on the eForm.

    Eform screen
  8. Click Submit.

Step 6: (Optional) Verify the Records in Your eForm

To verify the records that you submitted in an anonymous form, do the procedure in this topic.

Procedure

  1. On the AgilePoint NX Portal, click Work Center Work Center icon.

    Work Center screen
  2. On the Work Center screen, click My Apps My Apps icon.

    My Application screen
  3. On the My Apps screen, click Customer Request App.

    Customer Request App
  4. The View form shows the records you submitted in an eForm.

    Customer Request Form

How to Get the App

This example is based on the Customer Request app from the AgilePoint NX App Store. Use this procedure to get the app.

Prerequisites

Good to Know

  • This procedure is optional. It is provided so you can test the example with an out-of-the-box app.
  • This is part of the Background and Setup procedures, but many users preferred this step to appear after the example, not before it.

Procedure

  1. Click App Store App Store icon.

    App Store
  2. In the PRODUCT section, click Form Based App.

    AgilePoint NX Home Page Screen
  3. Click Customer Request app.

    Customer Request App
  4. On the Customer Request screen, click Add.

    Customer Request Screen
  5. On the Trust App screen, click Trust it.
  6. Click Return to site.
  7. Publish the Customer Request app.

    For more information, refer to Publish a form-based app.