The Apricot Secure Web Form tool allows Administrators to create a direct URL, or web address, that bypasses the standard login and allows a user to directly access a Tier 1 form for new data entry only. Secure Web Forms allow individuals such as potential volunteers, donors, or service recipients to submit a request for more information or to complete an application directly into Apricot without having to log into Apricot or requiring that an application be manually entered into the database.
Enabling Secure Web Forms
- Click on "Administrator"
- Choose "Apricot Settings"
- Find the "A La Carte Features" section and check the box for "Secure Web Forms"
- Save Settings
Important Secure Web Form Notes
- Secure Web Forms can only be used to create new data
- Secure Web Forms can only be used to create new data on a Tier 1 form
- Secure Web Forms are not generally a new form but allow a preexisting Tier 1 to accept submissions from outside of your Apricot
- Secure Web Forms can be applied and removed from a Tier 1 form and no data loss will happen
- Secure Web Forms require you to use 1 Standard User Seat for that purpose only; otherwise, you may have a security risk (more details on this later)
- Secure Web Forms will not allow a person to undo their submission
- Secure Web Forms will potentially show all Quick View items on a preexisting record in your system if the Duplicate Check Fields find a duplicate already in your system
Create a Secure Web Form User
The first step is to create a brand new, Standard User within your site. This step is extremely important because you may pose a security risk to your site if you do not have a dedicated secure web form user. Secure web forms work by using a Standard User to login to the system itself. For this reason, we need to ensure that the user being used as the "login user" only has access to the secure web form and no other portions of your system and that no one else in your organization is using that user as a login. If you divert from this step people using your secure web form may gain access to any of your bulletins or reports and subsequently data from within your site.
For instructions on creating a new Standard User please see the Adding and Managing Users article. They will need a Group/Permission set which we will discuss later.
Note: We advise to name the new user with First Name "Secure" and Last Name "Web Form" so that our support team can find this user in the system more easily when troubleshooting.
Note: For the purposes of this article, we are assuming that you have already built a Tier 1 form that you'd like to use as a web form, if not, please do so before following this guide.
Create a "Secure Web Form" Permission Set for the Standard User
The next step is to create a new Secure Web Form permission set which should go under the Group that your other Standard Users belong to. For example, we have our "Client Example" form and all of our other Standard Users are part of the "Client" group. So, we know we need to create the new permission set under the "Client" group, this is very important if you are using Group Record Level Access. The configuration will depend on your site. For more information on creating a new Permission Set please see the Limiting User Access article.
Once you are in your Client group create a new permission set:
- Name the permission set, to find it easily later we have named this "Secure Web Form"
- Click Add
- Choose the Secure Web Form user
- Apply the Permissions
- Save Record
Note: as seen in the screen shot the only access they have is for the form being turned into a secure web form (Client Example). They should not have any access to anything else (no reports, no bulletins, no other forms unless the other form is also a Secure Web Form).
Creating a Secure Web Form
- Click on the Administrator tab
- Choose Secure Web Forms in the Navigation Menu
- Click New Secure Web Form
- Name the secure web form. This can be anything as it will not effect the actual form name which they see or the form within your system. In this example our secure web form name is a brief description of what this secure web form will be doing: creating a new client profile.
- Select the form that you'd like to use as the secure web form. This can be any Tier 1 form within your site, in this example we are choosing "Client Example" which is a Tier 1 form that creates our client profile.
- Select a user to use as the "login user". This must be a Standard User that is only used for secure web forms as outlined previously in this article. Although it allows you to choose any Standard User please remember that you will pose a security risk to your site if you do not follow these steps.
- Next, we will need to choose the Program(s) which should have access to the record(s).
- Save Record
Note: under "Permissions" you should see "This user can: view, search create, edit.". In the event that you do not see this, please click on "Modify User Profile" and adjust the permission set to give the secure web form user View, Search, Create, and Edit permissions for the form.
Secure Web Form URLs
After we saved the Secure Web Form it generates 2 items:
- Basic URL: this is the URL which you can distribute to anyone who you would like to access the secure web form
- Embed URL: this is an iframe, to be used with HTML on your website, so that you can embed the link onto your organization's website (Note: the Ongoing Support team cannot help troubleshoot getting this into your organization's website and we suggest working with your IT Team)
Testing the Secure Web Form
We highly advise that you test the secure web form before you begin to distribute the URL. Important: before you test make sure you log completely out of your own Apricot database (or you may use your browser's version of an incognito mode or in-private browsing feature)! If you don't, you may not be able to access your secure web form again, or your own Apricot temporarily. If this happens please visit the Cannot Load Secure Web Form article
They will fill out the record just like anyone else would within your Apricot.
- Name (this is a required and a duplicate check field in our example)
- Date of Birth (this is a required and a duplicate check field in our example)
- Nickname (this is required and a quick view field in our example)
- Save Record
- When the record is saved they can choose "Close" (which will then log them out of the system and bring them to the login page) or they can "Print" the record before closing it. They only get one chance to choose either option though!
Note: Notice how the Secure Web Form URL changed in the address bar. This is expected behavior.
The above screenshot is an example of what happens when someone tries to enter a record that has already been entered into the system. The very important item to note here is the Duplicate Record Warning pop up box. As you can see, it shows us the duplicate check fields of the record already in the system. In addition to that it will show any other Quick View fields of that record as well (even if they are not a duplicate check field). In this scenario the quick view field is 'Nickname'. Do not mark any field as Quick View (or duplicate check) if they should never be seen by anyone in any circumstance.
Distributing the URL
Now that the Secure Web Form has been created and tested you may now begin distributing the URL. Please remember a few items regarding the URL:
- The Ongoing Support team can only assist with the Basic URL
- The Basic URL is best distributed via email, a PDF file, or embedded in a website
- The Basic URL cannot be pasted into a word processing program (such as Microsoft Word) and then distributed, as it will no longer function correctly
If you have any additional questions or concerns please contact the Ongoing Support Team.