Anonymous eForm Access screen

Configures anonymous access for an eForm in a form-based app.

An anonymous form is an eForm that a runtime app user can submit with no authentication credentials. This is useful if you want people to be able to use your app with no account in your organization..

One example where this is useful might be a customer feedback form. In this case, the runtime app user is not an employee in your organization, and you do not need to track the customer like you might if they were making a purchase..

Configure the Anonymous eForm Access screen

Examples

Prerequisites

Good to Know

  • To enforce strict security, AgilePoint highly recommends you use anonymous forms for data entry only, and avoid using lookups that connect to your backend systems.

    However, the decision whether to use lookups in anonymous forms is based on your business requirements. If your requires you to use a lookup to backend system, make that design choice as necessary.

  • As a security best practice, in your access token for anonymous forms, AgilePoint recommends user credentials with minimum access rights. This is a user with the Users role with the default access rights.

    It is not recommended to use an Administrator, Application Designer, or Developer account of any kind for anonymous access.

    In AgilePoint NX OnPremises and AgilePoint NX PrivateCloud, anonymous forms can use the AgilePoint Service Account for authentication if you select User System Account when you configure an access token for anonymous forms. However, this practice carries extreme security risks. This is not recommended unless you have a specific business requirement for Service Account access, and the security risks are mitigated.

    If you use the AgilePoint Service Account, the credentials are not stored in the database.

  • If you have questions about the security impacts or best practices for anonymous forms, contact AgilePoint Professional Services.

How to Start

  1. Click App Builder.

    Click App Builder
  2. On the App Builder Home screen, click All Apps.

    Click All Apps
  3. On the All Apps screen, on a form-based app, click Edit Edit icon.

    Click Edit
  4. On the App Details screen, select a form.

    Select New Form
  5. Click Anonymous Anonymous icon.

    Click Anonymous

Anonymous eForm Access > Anonymous Access tab

Specifies an access token for anonymous authentication.

Figure: Anonymous eForm Access > Anonymous Access tab

Anonymous eForm Access Anonymous Access tab

Fields

Field NameDefinition

Anonymous Access Name
Description:
Specifies the name of the anonymous authentication.

This name is used to create a URL for the anonymous form. This is not a display name, and it does not show in other places in AgilePoint NX.

Allowed Values:
One line of text (a string).

Accepted:

  • Letters
  • Numbers
  • Spaces
Default Value:
None
Accepts Variables:
No
Example:
Refer to:

Access Token
Description:
Specifies the access token that connects to AgilePoint NX.
Default Value:
None
Accepts Variables:
No
Example:
Refer to:

Generate
Description:
Gives the URL for the anonymous form.

This URL can be used to access and complete an eForm with anonymous authentication at runtime.

Example:
Refer to:

Expiration
Description:
Specifies whether to set an expiration date for the URL of the anonymous form.
Allowed Values:
  • Never Expire - The URL for the anonymous form does not expire.
  • Set Expiration Date - Specifies the date the URL for the anonymous form expires.

    When the URL expires, it can no longer be accessed. The eForm can still be accessed in the other ways an eForm can be accessed in AgilePoint NX, such as through Work Center, but it requires authentication.

Default Value:
Never Expire

Delete
Function:
Deletes the selected connections in the Schema Mapper for this activity.

View
Description:
Shows the URL for the anonymous form.
Example:
Refer to:

Anonymous eForm Access > URL tab

Specifies your proxy or external URL to show your eForm to anonymous form users. You can also add your own query string parameters to show form controls completed with the values for the query string parameter.

Figure: Anonymous eForm Access > URL tab

Anonymous eForm Access URL tab

Fields

Field NameDefinition

Base URL
Description:
Specifies the AgilePoint Portal Instance URL. You can also specify a proxy or external URL to expose the form externally.
Allowed Values:
A valid Portal Instance URL.
Default Value:
The Portal instance URL for your AgilePoint NX tenant.

The default portal instance URL is the same as the portal instance URL on the Tenant screen.

Example:
Refer to:

Parameter
Description:
Shows the query string parameter. You can not change the default parameter and its value. You can specify your own query string parameters and values. This shows the specified values on your eForm.
Allowed Values:
A query string parameter.
Default Value:
WID
Accepts Variables:
No

Value
Description:
Shows the value for the query string parameter.

You can not change the default parameter and its value.

Allowed Values:
A value for parameter.
Default Value:
${TaskID}
Accepts Variables:
No
Example:
Refer to:

Add Add icon
Function:
Creates a row to specify your own query string parameter and its value.

You can send this query string parameter to your form.

Delete Delete icon
Function:
Deletes the row.

Generate
Function:
Gives the URL for the anonymous form.

This URL can be used to access and complete an eForm with anonymous authentication at runtime.

Example:
Refer to:

Update
Description:
Saves the values in the configuration fields in the URL and Firewall tab.

Delete
Function:
Deletes the selected connections in the Schema Mapper for this activity.

View
Description:
Shows the URL for the anonymous form.
Example:
Refer to:

Anonymous eForm Access > Firewall tab

Specifies an IP address range to limit the access of an anonymous form.

Figure: Anonymous eForm Access > Firewall tab

Anonymous eForm Access screen Firewall tab

Fields

Field NameDefinition

IP From
Description:
Specifies the lowest IP address that can open the eForm.

If this field is blank, it allows all IP addresses to access an eForm.

Allowed Values:
A valid IP address.
Default Value:
None
Accepts Variables:
Yes
Example:
192.168.88.1

IP To
Description:
Specifies the highest IP address that can open the eForm.

If this field is blank, it allows all IP addresses to access an eForm.

Allowed Values:
A valid IP address.
Default Value:
None
Accepts Variables:
Yes
Example:
192.168.88.98

Generate
Function:
Gives the URL for the anonymous form.

This URL can be used to access and complete an eForm with anonymous authentication at runtime.

Example:
Refer to:

Update
Description:
Saves the values in the configuration fields in the URL and Firewall tab.

Delete
Function:
Deletes the selected connections in the Schema Mapper for this activity.

View
Description:
Shows the URL for the anonymous form.
Example:
Refer to:

Anonymous eForm Access > Security > Restrict APIs tab

Prevents unauthorized access by allowing only APIs on your whitelist to make API calls to or from your anonymous form. If an API is not on the whitelist, and it tries to make calls against the anonymous form, an error message shows.

Figure: Anonymous eForm Access > Security > Restrict APIs tab

Anonymous eForm Access Security Restrict APIs tab

Fields

Field NameDefinition

Enable API Whitelisting
Description:
Specifies whether to enable the API whitelisting to make changes to the APIs.
Allowed Values:
  • Selected - Enable the API whitelisting to add the APIs to make API calls to or from the anonymous form.
  • Deselected - The APIs are not whitelisted, and changes are not permitted.
Default Value:
Deselected
Example:
Refer to:

Show All APIs
Description:
Specifies whether to show the required APIs in the API's whitelist.

AgilePoint NX creates the APIs by default that are required for the anonymous form. You cannot delete these APIs.

Allowed Values:
  • Selected - Shows the required APIs in the API's whitelist.
  • Deselected - Shows the APIs that are retrieved from the anonymous form or that you added in the API's whitelist.
Default Value:
Deselected
Example:
Refer to:

Start Capturing APIs Start Job icon
Function:
Opens the anonymous form in the preview window where you can run the rules to activate the APIs that are used on the form. The system captures and records the APIs as they are activated, and adds them to the whitelist.

Only the APIs you activate by interacting with the form will be added to the whitelist. add the APIs in the APIs whitelist to give the access to users. Thus, it is possible to have APIs embedded in the form an anonymous user cannot activate when they use the form.

Example:
Refer to:

Stop Capturing APIs Stop icon
Function:
Stops the process of capturing the APIs that are used on the anonymous form. After the capturing ins complete, the captured APIs are added to the whitelist, so the form can access them.
Example:
Refer to:

Generate
Function:
Gives the URL for the anonymous form.

This URL can be used to access and complete an eForm with anonymous authentication at runtime.

Example:
Refer to:

Delete
Function:
Deletes the selected connections in the Schema Mapper for this activity.

View
Description:
Shows the URL for the anonymous form.
Example:
Refer to:

Anonymous eForm Access > Security > Restrict System Tokens tab

Prevents the anonymous form from using specified system data variables.

This option can prevent sensitive information from showing on an eForm.

Figure: Anonymous eForm Access > Security > Restrict System Tokens tab

Anonymous eForm Access screen Security tab Restrict System Tokens tab

Fields

Field NameDefinition

Exclude Selected System Tokens
Description:
Specifies whether to show the system data variables that are used in anonymous forms at runtime.

This option can prevent sensitive information from showing on an eForm.

Allowed Values:
  • Selected - Shows the list of system data variables. You can select the system data variables from the list that you do not want to resolve in anonymous forms at runtime.
  • Deselected - The anonymous form field shows the resolved values for all system data variables at runtime.
Default Value:
Deselected

Excluded System Tokens
Description:
Specifies whether to select all system data variables.
To Open this Field:
  1. On the Security tab, in the Restrict System Tokens tab, select Exclude Selected System Tokens.
Allowed Values:
  • Selected - Selects all system data variables.
  • Deselected - Lets you select specific system data variables.
Default Value:
Deselected

Search By Token Name
Description:
Searches the specified system data variable.
To Open this Field:
  1. On the Security tab, in the Restrict System Tokens tab, select Exclude Selected System Tokens.