Hi,

Forms are everywhere. We use them to collect information from our customer, submit support requests, ask for sales quotes. Almost every website out there contains at least one form of some sort.

Ultimate Forms allows you to easily create sophisticated dynamic forms based on SharePoint lists and, as a recent addition, based on external data sources, such as databases, web services, APIs and even simple files. Once created, those forms can be hosted:

• On SharePoint pages themselves.
• On Microsoft Teams tabs.
• On pages hosted by our website.
• Embedded into your own pages on your own websites.

Depending on whether you work with SharePoint lists or with external data sources, you starting point will be different, but we put in a tremendous effort to make the whole process as similar as possible.

SharePoint Lists

If you want to work with data stored inside SharePoint, you start by creating a list (or a document library). Create all the columns you need for your data (you can do it directly within the list or through Form Designer). Then design the form using Form Designer.

Once you click on Publish, the form is ready to be used, inside SharePoint. If you want to be able to offer access to the form to people outside of your organization, you need to provide some sort of external access. You can always use the external sharing capability of SharePoint, but in many cases it won't be the right approach, as it still requires the user to log in, with their external credentials.

Using External form functionality, built into Form Designer, you can expose your list on a page hosted by us or embed within your own page. People, who are not users in your organization, will then be able to enter information through the form, without having direct access to the underlying list.

External Data Connections

You can create connections directly to external data sources to create, view and edit information through form and list view infrastructure of Ultimate Forms, inside SharePoint sites, Teams, hosted on our pages and embedded into your own pages.

Depending on the connection type, you might be limited to only adding new items (such as with Email or Document connections) or add, view and edit (database connections and soon, web services and REST APIs).

Hosted Pages

The easiest option to allow external access is to host your form on the pages we provide. Simply allow this inside your External form or External data connection settings, no additional configuration necessary. This option is best for quick and easy solution, but it provide very limited customization options.

Embedded Forms

You can embed forms inside your own pages using the script snippet we provide. Make sure to specify the page URL in the form or external data connection settings, to ensure it is allowed to load on your page. Copy the script snippet inside an element of your page that will contain the form (such as <div> element).

Security and Abuse Prevention

External forms allow external, anonymous users to submit information into your internal systems, thus secuity is of the highest importance. Let's review some of the security features we incorporated into the forms:

• Limit type of access - by default, in External forms, only New form is exposed. You have to be a site collection administrator to enable Display and Edit forms. In any case, external users never communicate with your SharePoint directly. They communicate with our apps that first performs security checks on the requested resource and ensures that it is allowed by the external form settings.
• Specify embedded page URL - only pages specified in the form or data connection settings will be allowed to load the form.
• CAPTCHA, which stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" is an automated mechanism that is able to determine if whoever is trying to submit a form is in fact a human or a bot. We use Google ReCAPTCHA v3, which is the latest iteration of CAPTCHA technology, that is able to conduct its task without requiring any user input, purely based on the way form is being interacted with. All pages hosted by us already have ReCAPTCHA built in. If you are embedding forms on your own pages and those pages are open to everyone, without any authentication, it is highly recommended that you enable ReCAPTCHA.
  To do so, sign up for ReCAPTCHA v3, then specify Site key and Secret key in the embedded form properties. You can read more and sign up here. 
• Monitoring - site collection administrators are able to see which list within their environment have External form settings turned on. Just click on the Monitoring tab in the app, then switch to External form.

External access to both SharePoint and non-SharePoint data allows to further leverage technology to provide fast and powerful solution for your organization's challenges.