Authentication / Authorization
Out-of-the-box FormKiQ supports using JSON Web Tokens (JWT) through Amazon Cognito and AWS Identity and Access Management (IAM) to handle authentication to the platform. This provides the utmost in flexibilty when building customer facing and backend processing systems.
Authorization is handled through role-based access control assigned to each user.
FormKiQ Enterprise users have additional authentication options like Security Assertion Markup Language (SAML). |
API
FormKiQ uses Amazon API Gateway to handle and secure all API traffic.
FormKiQ deploys two APIs; one is secured using Amazon Cognito JWT authorizer and the other one is secured using AWS Identity and Access Management (IAM). Both URLs can be found in the CloudFormation outputs of your FormKiQ stack.

The HttpApiUrl
is secured using the JWT authorizers and access is typically granted through a username and password.
The IamApiUrl
is secured using AWS Identity and Access Management (IAM) and is used for backend processing. When IAM authorization is used, clients must use Signature Version 4 to sign their requests with AWS credentials.
Examples of how to use the APIs can be found in FormKiQ Tutorials |
Web Console
FormKiQ comes with a fully-functional console for interacting with documents, built using React. This console can be referenced when creating custom applications that will interact with the FormKiQ Document API. The console URL can be found in the CloudFormation outputs.

Console access is controlled through the Amazon Cognito JWT authorizer. By default the AdminEmail
configured during the CloudFormation creation is created as an administrator user.
Additional users can be added manually through the Cognito Console.
Add User(s)
To add a new user, start by visiting the Cognito Console. You should find the Cognito User pool with the configured AppEnvironment
in the name.

If you do not see a Cognito User pool, check that the region you are in matches the region where you have installed FormKiQ. |

Clicking the Cognito Users tab, you should see the administrator user that was created during the installation process.
To add a new user, click the Create user
button.

On the Create User page,
-
enter the
Email Address
of the user to create -
select
Send an email invitation
-
click
Mark email address as verified
-
select
Generate a password
Click the Create user
button to finish creating the new user. The user receive an email at the specified email address, with a link to finalize setting up their account.

The user is now created with read / write access to the default site id.
Group Permissions
FormKiQ starts with three default groups.
-
Admins - Group for administrators of FormKiQ
-
default - Read / Write permission for the default site id
-
default_read - Read permission for the default site id

By default if a user belongs to no groups, it will be given the "default" group permissions. By clicking on any of the groups users can be easily added or removed.