Introduction
Forms are everywhere. We use them to collect information from our customer, submit support requests, ask for sales quotes. Almost every website out there contains at least one form of some sort.
Ultimate Forms allows you to easily create sophisticated dynamic forms based on SharePoint lists or on external data sources. These data sources could be databases, web services, APIs and even simple files. Once you create a form, you can choose to host it:
- On SharePoint pages themselves.
- On Microsoft Teams tabs.
- External form hosting - on pages hosted by our website.
- Embedded forms - include form script on your own pages of your own websites.
Depending on whether you work with SharePoint lists or with external data sources, your starting point will be different. But we put in a tremendous effort to make the whole process as similar as possible.
SharePoint Lists
When you work with data stored inside SharePoint, you start by creating a list (or a document library). Create all the columns you need for your data (you can do it directly within the list or through Form Designer). Then design and customize the form using Form Designer.
Once you click on Publish, the form is ready for use inside SharePoint. In certain cases you want to be able to offer access to the form to people outside your organization. Then you need to provide some sort of external access.
The simplest approach would be to use the external sharing capability of SharePoint. But in many cases it won't be the right approach, as it still requires the user to log in, with their external credentials.
We built External form functionality into our Form Designer. Through it you can expose your list to external anonymous user, thus creating public SharePoint forms.
You can accomplish it on a page hosted by us or embed within your own page. People, who are not users in your organization, will then be able to enter information through the form. They won't have direct access to the underlying list. This functionality provides the easiest way to implement secure external forms in SharePoint.
External Data Connections
You can create connections directly to external data sources to create, view and edit information. Users will utilize the form and list view infrastructure of Ultimate Forms. The access can happen inside SharePoint sites, Teams, hosted on our pages and embedded into your own pages.
We offer a variety of connection types, differing in their features and limitations. Some connection types limit you to only adding new items. Examples of such connections would be Email or Document connections.
Other connection types offer the whole range of operation. You can add, view and edit items via database connections, web services and REST APIs.
Hosted Pages
The easiest option to allow external access is to host your form on the pages we provide. Simply allow this inside your External form or External data connection settings, no additional configuration necessary. This option is best for quick and easy solution, but it provide very limited customization options.
Embedded Forms
You can embed forms inside your own pages using the script snippet we provide. Make sure to specify the page URL in the form or external data connection settings. We will only allow forms to load on pages with authorized URLs. Copy the script snippet inside an element of your page that will contain the form (such as <div> element).
Security and Abuse Prevention
External forms allow external, anonymous users to submit information into your internal systems. Thus security is of the highest importance. Let's review some of the security measures we incorporated into the forms:
- Limit type of access - by default, in External forms, only New form is exposed. You have to be a site collection administrator to enable Display and Edit forms. In any case, external users never communicate with your SharePoint directly. They communicate with our app only. The app first performs security checks on the requested resource and ensures that it is allowed by the external form settings.
- Specify embedded page URL - only pages specified in the form or data connection settings will be allowed to load the form.
- CAPTCHA, which stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" is an automated mechanism that is able to determine if whoever is trying to submit a form is in fact a human or a bot.
We use Google ReCAPTCHA v3, which is the latest iteration of CAPTCHA technology. It accomplish the check without requiring any user input, purely based on the way users interact with the form. All pages hosted by us already have ReCAPTCHA built in. If you are embedding forms on your own pages and those pages are open to everyone, without any authentication, it is highly recommended that you enable ReCAPTCHA. To do so, sign up for ReCAPTCHA v3, then specify Site key and Secret key in the embedded form properties. You can read more and sign up here. - Monitoring - site collection administrators are able to see which list within their environment have External form settings turned on. Just click on the Monitoring tab in the app, then switch to External form.
Conclusion
External access is available for both SharePoint and non-SharePoint data. It allows to further leverage technology to provide fast and powerful solution for your organization's challenges.
