Create a token access management app

In Flowfinity, access can be granted to temporary or ad-hoc users through tokens. Unlike User Access Management apps, token access works best when a user needs to view or edit data on a one-off or short-term basis.

Example

ABC Property Management uses Flowfinity to manage a portfolio of rental buildings. Cleaning and maintenance work orders are created, dispatched, and tracked using a property management work orders app. These work orders are usually dispatched to a team of ABC Property Management's own technicians. However, occasionally external contractors are required to perform specialist work.

ABC Property Management would like to improve their workflow by extending access of the Property Management Work Orders application to external contractors for the duration of these work orders. To further automate this workflow and to ensure security, a software robot will automatically create, distribute, and delete access tokens at different stages of the workflow.

Note: For this article, a simple Property Management Work Orders app has been preconfigured. The app includes basic data collection fields and one transition operation, Complete Work Order, that moves records from an Active to a Close state.

Steps

Configuring a Token Access Management Application

1. Navigate to the Configure tab, select 'Apps,' and click 'Design New App.'
   
2. Name the application (e.g., Contractor Tokens) and select 'Token Access Management' from the Application type dropdown menu. Click 'Next.'
   
   
   Note: The 'Application type' field is new in Flowfinity Actions 20.1 and includes two new access management application types, 'User Account Management' and 'Token Access Management.'
   'Data Collection' is selected by default, choose this option to create a data collection or workflow Flowfinity application.
   Please ensure you select the appropriate application type as this selection cannot be amended later.
3. The App Editor will generate a preconfigured form that includes several required fields. These fields cannot be removed from the form as they are needed to create temporary users within Flowfinity. Field properties marked as grey cannot be modified, all other field properties (e.g., Label) can be modified.
   
   
   
4. Additional fields can be added to the application if necessary, such as telephone number or an address. However, for this example these are not necessary so we can publish the application.
5. Users can now be added to the Contractor Tokens application manually by using the default 'Add User' operation. Once a user record has been submitted in Token Access Management application, a unique token is autogenerated and this token cannot be edited.
   Note: other default operations include:
   - View User, a read-only operation
   - Edit User, an edit operation that will allow changes to be made to user information but will not change the generated user token
   - Delete User, a delete operation will delete the app record and remove the corresponding user from the system

Configurating User Access Tokens into a Workflow

ABC Property Management now needs to connect their existing application to the Contractor Tokens app. The first step is to amend the existing Property Management Work Orders application to support token users.

1. Add a Checkboxes field to the form and configure a 'Yes' option. The final completed field should be configured as follows:
   
2. Add a three new input fields: Contractor Name, Contractor Email, and Contractor Token to the form. Configure each of these fields to be visible only if this 'Yes' checkbox is selected.
   
3. For the Contract Token field only, remove the option to edit this field.
   
4. Save the application draft. Navigate to the Contractor Tokens application and customize this application.
   
5. To ensure external contractors only have access to specific operations (e.g., Complete Work Order), a 'Property Contractors' custom role class needs to be created in the Users tab.
   
   Note: Custom roles are only available in Enterprise Edition
6. Select the Roles field, amend the 'Role class' to all custom roles and enter 'Property Contractors' as the formula calculated default value.
   
7. Save the form and return to the Property Management Work Orders application.
8. To ensure external contractors only have access to specific records within this application, a personalized view (e.g., Contractor – My Work Orders) should be created.
9. Navigate to the Views tab and click 'Add view.'
   
10. Select the appropriate fields in the Layout section, then select 'Filter.' Add a condition as follows:
    
11. Click the Permissions tab and select the Property Contractors role options. Save the view.
    
12. Navigate to the Operations tab, then select Tasks. Click 'Add Task' and complete as follows:
    
13. Click 'Add data action' to open the Task Action Editor. Provide a title and optional design comment in the Source tab.
    
14. Click the Target tab and complete the configuration as follows:
    
15. Click the Fields tab and complete the configuration as follows:
    
16. Click the Return tab and complete the configuration as follows:
    
    Note: When the task is triggered, this configuration will ensure the values of the Token and Self user fields are mapped to Contractor Token and Assigned to fields in the Property Management Work Orders.
17. Click 'Save' and navigate to the Operations tab. Edit the Add New Record operation.
    
18. Click 'Add task' and select the 'Create Contractor Token & Copy to Work Order' task you have just created. Then click 'Save operation.'
    
19. Navigate to the Form tab and add a URL field. Select 'formula field' and enter the following formula:
    'https://myserver.flowfinity.com/Flowfinity/?token=' + ContractorToken
    This will create a URL link that can be added to a notification email. For Display value, type 'Click Here' as this will be the clickable text in the email.
    Note: to ensure the link will work, remember to enter your own server in place of 'myserver' in the URL.
    
20. Navigate to the Notifications tab and click 'Add notification.'
    
21. Complete as follows:
    
22. To send an automatic notification to the external contractor's email, click 'Add recipient' and complete the configuration as follows:
    
23. To ensure the external contractor has instant access to their assigned work order(s), include the URL field we configured in Step 24.
    
24. Save the notification and navigate to the Operations tab.
25. Edit the Add New Record operation and ensure the Contractor – Work Order Notification is selected.
    
26. Click 'Save operation' and review the Permissions section, ensuring that the custom Property Contractors role has access to only the appropriate operations for this application.
    
27. The workflow is nearly complete. The final step is automating the removal of this access token once the contract has completed the work order. This can be done by creating a task within Flowfinity that will automatically delete the user and token created by the Contractor Tokens app.

Deleting User Access Tokens as Part of a Workflow

1. Customize the Contractor Tokens app. Add a new view called 'By Token' and then navigate to the Parameters tab.
2. Add an input parameter (e.g., Token) to the view.
   
3. Click on Filter tab then add a condition as follows:
   
4. Save the view and return to the Property Management Work Orders tab.
5. Customize the application, navigate to the Operations tab, and then select Tasks.
6. Click 'Add task' and name the task 'Delete Contractor Token.'
7. Click 'Add data action' and complete the Source tab as follows:
   
   
8. Select and complete the Target and Return tabs as follows:
   
   
9. Edit the Complete Work Order operation and select the Delete Contractor Token task from the dropdown menu. Save the operation.
   
   
   Once a contractor has submitted the Complete Work Order operation, this task will automatically delete their corresponding in the Contractor Tokens app. This ensures one-time access to the system, preventing repeating access that can lead to security or data integrity issues.
10. Click 'Publish' and ensure both Property Management Work Orders and the dependent Contractor Tokens application are selected. Click 'Next', and follow the remaining steps including assigning a software robot to perform the two tasks.
    

ABC Property Management has completed their new workflow. When an external contractor is required. a token will automatically be generated and included in the work order, then sent to the contractor via an email notification. The contractor will be able to view and complete their assigned work order using this URL and once the record has been submitted, a software robot will instantly remove this temporary user from the Contractor Tokens application.

Creating a URL link is an important step in the managing tokens in Flowfinity, as Token Access Management Users can only access Flowfinity using a browser and not through the Flowfinity Actions mobile app.

Note: Process for activating tokens in Flowfinity Actions

1. Navigate to the Configure tab and select Token Billing from the menu. Only Public site administrators can activate tokens for a server.
2. Click the button to activate tokens and complete the form.
3. Once you receive a confirmation, tokens will then be available, and a summary of monthly token submissions will be viewable in the Token Billing tab. Use the Event Journal to view individual record transactions.
4. To deactivate tokens: click the deactivate button, fill in and the form, and a final monthly report will be generated.