6.12
Novacura
Roadmap

🎉Release notes

6.12.0 - Released 2020-06-10

Flow 6.12 is no longer supported. We strongly advise upgrading to the latest supported version for improved functionality, security, and support services.

Introduction

In this version of Novacura Flow, we introduce new features in more or less every corner of the platform. Improvements in Portal 2, new stuff in the mobile clients, a new concept for connectors, improvements in the Studio, along with some more technical changes following the product’s strategy towards Cloud, scalability and a high level of security.

As of version 6.12, two components are removed from the solution, the Windows CE client and the Window Service. Click on the links to read more.

Enjoy!

New system requirements

  • .NET Framework 4.7.2

News and improvements in Portal 2

As we released Portal 2 about three months ago, we have been working hard to further improve and extend the new Flow portal. In this release we have added a lot of improvements to the existing Portlets and a few new functions.

We will continue the development of Portal 2 and continuously release new functionality.

Grouping & sorting in table

The option to group columns has been added to Table Portlet. One or more groups can now be created in a table.​

To make this functionality even better, we have also introduced a multi sort function. You can now sort multiple columns in a table to, for example, sort on a group and then values within that group.​

Table font size & row height

Font size and row height in a table can now be adjusted. This will make easier to adjust the size according to needs and preferences.

Table columns as grid view

A Table Portlet’s column configuration can now also be done as a grid view. This will give you a better overview and make configuration faster when you are dealing with many columns.

KPI cards sending events

KPI cards can now send events to other Portlets. This allows for Portlets to listen to KPI cards and use the data sent from them.

Chart improvements

Line Chart, Column Chart and Pie Chart have been improved. You can now set up listeners to these charts to use the data being sent. You can also choose whether to show tooltips and legends for the charts.

Text handling in Table Portlet

It is now possible to choose whether to let overflowing texts, in a table header or cell, wrap to the next row instead of being clipped.

Better error handling

Error messages have been improved. It should now be easier to see where an error originates from.

Chart zoom​

Column Chart and Line Chart have been extended with possibilities to zoom in/out,either by marking a specific area of the chart or by using scroll wheel.​

Branding - Favicon

As a part of being able to customize Portal 2 with your company branding, you can now upload and use a favicon of choice.

Speedometer color improvements

Improvements have been made to coloring of Speedometer. It is now possible to allow the scale font colors to be inherited from the colors setup in the color rules.

Culture (locale) in Portal 2

Portal 2 now supports the culture set on users in Studio. Dates, currencies and numbers should now format accordingly to chosen locale.

KPI coloring improvements

KPI cards can now have a default color. The default color can be overridden with specific color rules.

You can also set a color for KPI description text.

Studio improvements

Menu client access

From this version, you can now control where a menu should be visible. This means that a menu could be set up specifically for the Flow Portal or specifically for the mobile clients.

Set menu access by client using the ”edit visibility” function on a menu.

Default setting is to have both boxes ticked.

Shared version in version history

To make it easier to see which version is currently shared (and which versions previously have been shared), there is now a small icon on the version indicating exactly this: • Latest share = dark grey icon • Previous shares = light grey icon

News in the mobile clients

Beep and/or vibration when making an error

You can now enable device settings to use beeping and/or vibration to indicate to that something has gone wrong; feedback provided without the user having to look at the screen. Some examples of where the user may encounter a beep and/or vibration:

  • Trying to login using wrong username or password

  • Scanning text into numeric fields

  • At assertion step popup

Improved pause and exit buttons

Pause and exit icons have been updated in all mobile clients to make it more obvious for the user how to use these buttons.

The pause and exit buttons have been moved to the right in the banner and the history button has been moved up to the banner.

The back button in sub-workflows remains the same.

Security improvements

Session time-out For reasons of security and resource management, the Flow Server automatically logs out sessions after a period of inactivity. By default, sessions that have been inactive for more than seven days are considered expired and can no longer be accessed.

You can configure the session time-out parameter in Web.config file

  • SittingTimeOut – a value in DD:HH:MM:SS format specifying how long a session can be inactive before it is to be considered expired. The default value is seven days.

  • SittingTimestampUpdateInterval – a value in DD:HH:MM:DD format specifying the minimum interval at which user activity is registered in the Flow database. For Flow installations with a high number of transactions, a higher value here will increase the overall performance of the system. Note also that the sitting timestamp update parameter must be less than the sitting time-out parameter. The default value is one hour.

Example: Session time-out of three hours, update interval of ten minutes:

<add key="SittingTimeOut" value="03:00:00" /> 
<add key="SittingTimestampUpdateInterval" value="00:10:00"/>

Limiting the number of failed logins

The Flow Server can be configured to lock out user accounts where a number of failed login attempts have occurred. This helps reduce the risk of brute force attacks (successive log-in attempts with the goal of figuring out a user's password).

The functionality is governed by a pair of settings in the Web.config file: MaxFailedLoginAttempts and LockOutTimeAfterFailedLogins.

  • The MaxFailedLoginAttempts key contains a positive integer value specifying the upper bound for how many times a user is allowed to "try" different passwords before their account is locked. By default, the value is set to 10.

  • The LockOutTimeAfterFailedLogins key contains a time span value (in the format HH:MM:SS) specifying the time (starting from the last failed log in attempt) during which a locked out user is blocked from further login attempts.

In the following example, a user would be locked out after four successive failed login attempts. Locked users would be blocked from further login attempts for one hour.

<add key="MaxFailedLoginAttempts" value="4"/>
<add key="LockOutTimeAfterFailedLogins" value="01:00:00"/>

Manually unlocking a locked account:

Administrator users can manually unlock a locked user account from the Flow Studio:

  • click the environment tab

  • select the Users sub-tab

  • find the locked user

  • click the unlock button.

News & improvements in connectors

Run As replaces Impersonate

The new Run As feature, replaces the old way of doing impersonation using the Initialization Command on the IFS DB connectors.

Run as Flow User

  • Valid for database types: IFS Applications 9 and IFS Applications 10.

  • Replaces user impersonation using the initialization command.

  • If checked, the database queries will be executed as the current flow user id by default.

  • The Flow User ID must match the DIRECTORY_ID of the IFS user you are impersonating.

  • The user id can be overridden in the machine task using "Run as User", regardless of the "Run as Flow User" setting.

  • Run As is configured on the connector.

In 6.10 and 6.11 the Run As functionality works in parallel with Impersonate. As of 6.12 Run As becomes mandatory.

Connector as a Service – unofficial BETA release

The new connector infrastructure allows connectors to be installed separately from Flow Server, thus creating new possibilities for a more flexible Flow setup.

For example, when a customer is using Flow in the Cloud, the connector service can be installed on the customer’s local network, enabling a secure connection between the Flow Server and the locally installed systems.

Some of the benefits of the Flow Connector as a Service:

  • Scalability – Connector services can be installed in different places, where they are best needed and away from the Flow Server.

  • Stability – using a Service Bus relay makes communication more robust and resilient to temporary losses in network connection.

  • Independent connectors - only install what is needed.

  • Hybrid solutions support - run Flow on Azure and connector services on-prem.

  • Fast updates - new versions of a connector can be released and deployed independently

In this version we release an unofficial, targeted, beta. This means that we are not yet quite ready yet to release it to the global market. Instead, a limited number of customers will try out the concept for a period of time. When everything looks fine and we have the most frequently used connectors done as services, we’ll make it available to everyone.

Send null in rest connector

And that’s exactly what this is; NULL can now be used in the REST connector.

News and changes in authentication

Increased support for Open ID Connect authentication

As the market moves towards standard protocols for identification and authentication, we have increased the built-in support for OpenID Connect in Novacura Flow.

Going forward, this is our main strategy for authentication and in all cases where high-security authentication mechanisms are required (such as two-factor authentication), an OpenID Connect based authentication provider should be used. For example, Azure AD could be such a provider.

The following sections describe what has been changed for this version.

Support for login using Open ID connect in all clients

With this version, all clients (except Studio) can now be used for login with OpenID Connect.

Support for using Open ID connect for IFS Apps login

In scenarios where IFS Applications is used with Azure AD authentication, there is now support in the IFS Apps 9 and IFS Apps 10 database connectors for seamless login to IFS. This means that no specific users have to be set up in the connector configuration: instead, the end user’s login token from Azure AD can be passed on to IFS Applications.

Customers using Azure AD - ACTION REQUIRED!

With the increased integration of OpenID Connect, customers using Azure AD to login must make the following changes after upgrading to Flow 6.12.

Once done, the login process is the same, but the login prompt will say OpenID Connect instead of Azure AD.

Note! AD sync must be set up as before.

In the OpenID Connect tab in Flow Studio, an OpenID must be enabled and set up as follows:

  • Authority address - Example: https://login.microsoftonline.com/{Azure Tenant} , set up dependant

  • Client id - ClientId

  • Scope - openid profile email user.read

  • Authentication flow - implicit

  • Do not require authorization code hash - checked

  • Do not require access token hash - checked

  • Do not validate discovery endpoints - checked

  • Do not validate issuer name - checked

  • UserNameClaimsKey - most likely email but can differ depending on set up

  • Extra query params - for Azure; the Resource Identifier.

To get the resource ID:

  • Log in to the Azure Portal - the resource - app registrations and open the manifest.

  • Look for “resourceAppId”.

Example:

Then you take the ID and paste it into Extra Query Param as follows: {resource: ” 00000003-0000-0000-c000-000000000000”}

Other news & improvements

AD sync adjustment due to Microsoft change

Currently LDAP is nearing its end of supported life. LDAPS has replaced this with SSL encyption.

On March 10, 2020, Windows updates added options for administrators to harden the configurations for LDAP channel binding on Active Directory domain controllers. The updates add:

  • Domain controller: LDAP server channel binding token requirementsgroup policy.

  • CBT signing events 3039, 3040, and 3041 with event source Microsoft-Windows-ActiveDirectory_DomainServicein the Directory Service event log.

Read more here:

https://support.microsoft.com/en-gb/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

New technology for running scheduled tasks

Novacura Flow has the capability to schedule different tasks to be run at either set intervals, or at one specific time of day. This is used to schedule workflows, but it is also for Flow’s internal mechanisms.

Instead of using a Windows Service, the scheduled tasks are now run through a long-lived IIS process using the Quartz library. This is a web-based solution, better suited for cloud implementations and in line with the Novacura cloud strategy.

When installing or upgrading to this version, the previously used Windows Service will automatically be replaced by this new IIS process.

Known issues

Web Client file gallery - layout and positions can be a bit off. This will be fixed in the next service pack.

PreviousSystem requirementsNextPage 1

Last updated