Authentication / Authorization
Out-of-the-box FormKiQ supports using JSON Web Tokens (JWT) through Amazon Cognito and AWS Identity and Access Management (IAM) to handle authentication to the platform. This provides the utmost in flexibilty when building customer facing and backend processing systems.
Authorization is handled through role-based access control assigned to each user.
|FormKiQ Enterprise users have additional authentication options like Security Assertion Markup Language (SAML).|
FormKiQ uses Amazon API Gateway to handle and secure all API traffic.
FormKiQ deploys two APIs; one is secured using Amazon Cognito JWT authorizer and the other one is secured using AWS Identity and Access Management (IAM). Both URLs can be found in the CloudFormation outputs of your FormKiQ stack.
HttpApiUrl is secured using the JWT authorizers and access is typically granted through a username and password.
IamApiUrl is secured using AWS Identity and Access Management (IAM) and is used for backend processing. When IAM authorization is used, clients must use Signature Version 4 to sign their requests with AWS credentials.
|Examples of how to use the APIs can be found in FormKiQ Tutorials|
FormKiQ comes with a fully-functional console for interacting with documents, built using React. This console can be referenced when creating custom applications that will interact with the FormKiQ Document API. The console URL can be found in the CloudFormation outputs.
Console access is controlled through the Amazon Cognito JWT authorizer. By default the
AdminEmail configured during the CloudFormation creation is created as an administrator user.
Additional users can be added manually through the Cognito Console.
To add a new user, start by visiting the Cognito Console. You should find the Cognito User pool with the configured
AppEnvironment in the name.
|If you do not see a Cognito User pool, check that the region you are in matches the region where you have installed FormKiQ.|
Clicking the Cognito Users tab, you should see the administrator user that was created during the installation process.
To add a new user, click the
Create user button.
On the Create User page,
Email Addressof the user to create
Send an email invitation
Mark email address as verified
Generate a password
Create user button to finish creating the new user. The user receive an email at the specified email address, with a link to finalize setting up their account.
The user is now created with read / write access to the default site id.
FormKiQ starts with three default groups.
Admins - Group for administrators of FormKiQ
default - Read / Write permission for the default site id
default_read - Read permission for the default site id
By default if a user belongs to no groups, it will be given the "default" group permissions. By clicking on any of the groups users can be easily added or removed.