1800-345-6789

Category: News

GDPR Security Improvements

Changes coming soon.

Security Improvements

New Password Policy Options

The platform has to date enforced a simple 6 character minimum length password, with a focus on making it easy for users to get started with our service. We’re adding a Password Policy drop-down to the Organisation Setup page which gives you more control over user password requirements. Aside from our default Basic policy, there will be two further options based on current best practice recommendations:

  • NIST SP 800-63
    A phrase-based policy based on the latest recommendations of NIST, which encourages human-friendly passwords that are still hard to crack.
  • OWASP 2017
    A strict policy which favours complex passwords that are hard to crack but also harder for people to remember.

Both of these new policy options will add stronger password security requirements for your user accounts, so consider what is best for you.
For now, our platform will continue to set our Basic 6 character minimum policy as the default on new company accounts, but you can change this at any time. When you change the Password Policy, this will be applied to existing users when they next change their passwords.

Maximum Password Attempts Lockout

We’re adding a temporary lockout feature to user accounts which will be applied when an incorrect password is attempted more than 5 times in a row.  This is based on NIST recommendations and provides better security against brute force password attacks.  For now, this will apply to our web platform, but we’ll be extending this behaviour to app logins within the next few months.

Validation of Passwords Against 10,000 Most Common

We’ve loaded up the 10,000 most common passwords – as found by NIST linked security researchers – and will be blocking users from setting/updating their passwords to be any of these. This enforces NIST and OWASP guidance on preventing users from having easily crackable passwords.

Regenerable Integration API Keys 

When working with our API there has been only one secret Key value per company account, and this Key value was fixed at the date of account creation. We’re adding a second Key which works just the same as the existing one, thus allowing you to rotate between using Key 1 and 2 in your integrations. This also unlocks the ability to regenerate an unused Key at any time, thus enabling you to enact greater security procedures (i.e. key rotation/regeneration) when using our API.

 

New Personal Data Options

We wanted to make it easier for you to export data out of our platform while still being able to meet obligations you may have around personal data. Basic user account information like name and email is also considered to be personal data by default.
For other data that you control, we’re adding a new “Is Personal Data” checkbox into key areas of the platform including Forms, Data Sources and Connectors.

This new checkbox allows you to indicate that a field or column may contain personal/sensitive data.  In of itself, this option does not add any further security or protection, but it enables the platform to offer anonymisation of those data values when exporting.
You’ll notice this through new “Anonymise Personal Data” options that will appear on most system exports and Form Connectors when the presence of personal data has been indicated.

For API users, we adding a new set of “Anonymise” Keys.  These work the same as our existing Full Access keys, with the difference being that any responses to requests authenticated on Anonymise keys will result in personal data values being converted to non-human readable formats.

 

 

EU Move Completed for FormsFly

Moving VanAs planned, the FormsFly cloud’s move to the Netherlands data centre has now been completed successfully.

Users of the FormsFly mobile app will automatically be connected to the new location when they next sync, so long as they are running app version ending 4.46 or greater.

 

Metadata on Company and Users

Metadata

You now have the ability to associate key/value metadata on both the Company/Organisation and User level on our platform.
This enables you to record additional information against these entities, and then access this data in Forms and other areas of the system via new META formula functions.

Adding/Editing Metadata

To get started with adding or editing metadata, simply head over to the “Edit User” and “Organisation Setup” pages in the secure website.
There you will see a new “Metadata” field, which lets you add key/value sets of information.
Don’t forget to hit the Save button to persist your changes :)

Screen Shot 2015-09-07 at 9.19.22 pm

The new metadata is also available right now on our v2 Company and User APIs, so you can programatically get and set metadata values as desired.

Accessing Metadata

To make use of the metadata you have loaded, we’ve added two new formula functions:

  • ORGMETA(‘keyname’)
  • USERMETA(‘keyname’)

Both the above functions will get you the value for the given key name at Organisation and User level respectively.
As this is part of our formula engine, you can make use of these functions anywhere formulae are supported – Form screens, data templates, conditions etc.

 

Geo Update Now In Preview

We’ve just launched a host of new functionality for location and other related geo areas.
This includes adding heading/direction information to geo data, reverse geocoding address support for Location fields in Forms, and a new option to geo-stamp images captured with the app.
Plus we’ve also added new System (built-in) data sources for Active Users and Published Docs.

Geo Data Now Includes Heading, Altitude and Accuracy Info

We’ve upgraded our geo data fields to support more information when its available from the device.
This extra info is stored in the Location field, and is also available through new formula functions:

  • HEADING() provides the true north based direction that the device was facing at the time of GPS capture.
  • ALTITUDE() gives the number of meters above sea level that the device GPS detected it to be at.
  • ACCURACY() is the device provided accuracy rating for the geo data, measured in meters.

We expect this extra information will open up a range of new geo-based scenarios for our customers.

Lookup Addresses on Location Fields

We’ve added a new “Enable Address” option to the Location field in the Form designer.
Turning this option on will allow the user to find address information for a given location point, through a new “Find Address” button on the app.

Screen Shot 31 Aug 2015 1.48.14 pm Screen Shot 31 Aug 2015 1.48.19 pm

The app uses standard Android and iOS geocoding functionality to perform a reverse geocode lookup of the location coordinates.
Addresses are returned in data fields that correspond to the global OASIS address standard.
You can access these data fields through new formula functions (OASIS field equivalents in brackets):

  • STREETNUM() – The street number (“sub_thoroughfare” in OASIS)
  • STREET() – The street name (“thoroughfare” in OASIS)
  • CITY() – The city or locality (“locality” in OASIS)
  • COUNTY() – The county or district (“sub_admin_area” in OASIS)
  • STATE() – The state or province (“admin_area” in OASIS)
  • COUNTRY() – The ISO country code (“country” in OASIS)
  • POSTCODE() – The postal / zip code (“postal_code” in OASIS)

Having formula support means that you can dynamically assign address data into other form fields via the Dynamic Value option.
Use this for cases where you need to allow the user to edit the address found.
You can also use the address data in your data templates and anywhere else formula functions are supported.

Specify Map Type On Location Fields And User Interactions

There’s now a new “Display Map Type” option on the Location field in the Form designer which lets you specify the style of map to display when the user selects or views a location through the field.
We’ve also added parameter support for specifying the map type onto the “Open Address in Map” and “Open Coordinates on Map” user interaction type.
Simply add a “|” character followed by the type of map (Satellite, Hybrid or Standard).

Geo Metadata Can Now Be Captured On Image Fields

Photo images have the ability to embed GPS information into the file through the EXIF standard.
We’ve now added support for reading this EXIF data from existing images, as well as stamping GPS data into images captured with the app.
You can turn this on through the new “Include GPS Information” option found on Media fields in the Form designer.

This means that GPS data can now be stored in image fields, allowing you to track the individual GPS locations of each picture when it was taken.
The geo data is available through our location formula functions too, so you can again make dynamic use of this information in your apps.

For forms that require the user to walk around a large area while capturing images, this gives a new level of information to those pictures.
Coupled with the new Heading data, this means you can even tell the direction a user was facing when taking each picture :)

Copy Files To Device Gallery

Previously any media files captured using the app would be stored in the app’s private secure area on the device and as such were not available for use by other apps on the device.  The files could also not be copied off the device for external use and backup.
We’ve now added a “Copy to Gallery” option on the Media field type in the Form designer, which allows you to specify when a file should be copied to the public gallery / album area of the device.
The app will still keep the original file in it’s secure area, but this way you can enable cases where the files need to be more generally accessible to the user.

Improved Data Display

We’ve improved and standardised the display of GPS data on the app and the website, providing a consistent and easily readable display of geo data.
On the website particularly, this means that the geo data is now displayed inline on the Data page, allowing quick access to the GPS coordinate info.
The “View Map” and “View Entry” pages also now include improved geo data display.
Additionally, you can now play video and audio files directly from the “View Entry” page, instead of simply getting the file name displayed.

Log User Location During App Use

A new option is available on the App Setup page (App Builder -> App Setup), which lets you control whether or not the app should log the user’s location.
This option is turned off by default to avoid any possible issues with privacy or legal concerns – this is something each client must answer for themselves before turning on this feature.

If enabled, the app will send the user’s location every time the app performs a synchronisation with the web platform.
Location data is logged in a new Location History that can be viewed on the “Edit User” page (Menu -> Users -> Edit User).
The Location History contains the last 50 logged locations, along with the date/time of the record.
Our Users v2 API has also been updated with a new LocationHistory property, allowing external integration access to this information.

We’re planning to add visualisation options in the future to leverage this new user location information, and we also have designs on improving our Tasking area with this data to make for easier scheduling of Tasks.

New System Data Sources

With a system as dynamic as ours, often there arises a need to have access to an up to date list of Active users and currently published Docs.
For example in a Process Step scenario, where you want to show a list of the current app users in the Form screen for the user to choose from.
Or if you’re maintaining a lot of Docs on our platform, and you want to show a Listing screen of these for the user to view.

So we added two new built-in Data Sources that the system automatically maintains –

Active Users

and

Published Docs

Active Users is like the name says, an always up to date list of all active users on the organisation account.  This data source uses the user email as the unique key for each row, and includes a “Last Location” column that contains the user’s last known GPS coordinates, leveraging the new “Log User Location” option mentioned earlier.

Published Docs provides a listing of all Docs in published status, using the Doc’s key as the unique row identifier.
This makes it easy to create a Listing screen driven by the Published Docs data.
Set the user interaction of the Listing rows to “Open Doc”, and you can pass in the Doc’s identifier as a parameter using our {{this[0]}} syntax.

New External User Auth Functionality

If your users are already maintained in a separate external system, then today’s update is for you!

We have a new option on the Organisation Setup page which allows any Platform Administrator to configure external “pass through” authentication.
This lets your users authenticate against an external system when they log in, avoiding the need to have your user’s passwords stored on our platform.

Once external auth is configured, every time a user logs in (on our website or apps) our system will receive the login request and first ensure the user email is registered on our platform.
Assuming the user email is found, our system will then transparently “pass through” the login credentials to the external service you configured for authentication.
The external service MUST return a 200 HTTP status code to be considered authenticated by our platform; any other response will be deemed a login failure.

Currently HTTP/REST endpoints are supported, we’re looking at adding Active Directory support in the future.
User passwords are never stored on our platform when external auth is configured.

The following placeholders can be used to inject the user’s login details, use these to form a dynamic URL, Headers and/or Body:
{{USEREMAIL}}
{{USERPASSWORD}}
{{ORGID}}

Android Update 1 Available in Preview

IMPORTANT NOTE:

All items described below are considered to be in BETA.

The new features/changes included in this release are:

Title Bar Navigation Text Color option

New option in App Setup page, lets you specify the colour of title bar navigation text (e.g. “Exit”, “Back” etc)

Remember App Logins

New in App Setup page, lets you specify that the app should remember logins for all users of that company account.
This means that after the user’s first initial login, the app will auto-login on subsequent app launches.
Of course users can still log out manually via the Settings screen in the app.

Task Attachments

On the Activities page of Tasks, you can upload files for the user to access on the app.
The new V2 of our Tasks API will include support for Task Files as well as pre-setting answers on the new Table field type in Forms.
Tasks V2 API is due out in the next few weeks.

Push Notifications for Tasks

When a Task is Sent, a push notification will appear on the target user’s registered devices.
This is feature is being switched on progressively across company accounts – we expect full operation by Wednesday.

Download on Demand option for Docs

Previously, Docs were always downloaded to the device when a user had access to them.
This could be heavy on data allowances and often the Docs in question were not needed offline.
Use the Download on Demand option to prevent the pre-emptive downloading of Doc files – when the app user attempts to access the file, it will be downloaded at that point.

Show a Pages tab on Forms

This is a new option in the Title bar part of Form Designer (click on the Title Bar in the design preview to see these options).
When enabled, the app will show a horizontal tab at the top of the Form, with every visible Page name displayed.
Can be useful for quick navigation to Pages, though in complex Forms where Pages are conditionally displayed this may prove confusing for users.

New Table field on Forms

Display a set of captured rows in a tabular format within your Form.
The user can add new rows to the Table, and they can edit existing rows by tapping on the chosen row to enter an editing Page.
In the Form Designer, you define the fields in the Table by dragging fields into the Table field itself.
Control which fields will display as columns by using the “Disable Table Display” property found on fields within the Table.

New “IN” Data Source Filter option on Choices fields

A long requested filter option – allows you to filter a Choices field by looking for all Data Source column values that are found within a given comma or pipe delimited text list of values.

Removed “max 50 column” limit when referencing columns using [] syntax in Forms

For those with larger Data Sources containing more than 50 columns, previously a limit was applied when referring to columns via our [ ] syntax in Form formulae.  This restriction no longer applies.

Settable Background color of horizontal Choices option buttons

Another highly requested improvement, you can now set the “unselected” background of option buttons via the “Option Background Color” property on Choices fields set to use horizontal field layout.

Hosted GET connected Data Sources now display the rows pulled from the given GET url on the Rows page

Key Fixes & “Under the Hood” Improvements

– File downloads to the app have been made more robust and efficient
– Improvements to app handling of timezones in date/time Form fields
– Fix sporadic app crash when no data source sort order is defined
– Fix bug with MIN() formula function returning zero is certain scenarios
– Fix bug with data source filters in certain Form user cases
– Fix Detail screen not refreshing when editing row on Form screen that was access from a field link on said Detail screen
– Fix issues with assigning default or dynamic co-ordinates to Location field in Forms
– Fix bug with Listing screen ordering in cases where not set correctly in Listing Designer