Important considerations for the development in Automation Service
1. Authentication and identity management
Authentication types available are:
•SAML 2.0-based authentication (recommended).
Among supported Identity Managers which are SAML 2.0 compatible are: Azure AD, ADFS, NetIQ; PingFederate and Okta.
•OAuth (plus the OpenID extension)
•LDAP (requires a VPN)
•Multiple Using SAML Bizagi, OAuth or LDAP (with VPN)
See further information about authentication in Automation Service.
Other authentication options not listed above are not applicable to Automation Service.
You have different options available for User synchronization. Recall that synchronization using LDAP requires a VPN.
We strongly encourage you to rely on SAML 2.0 features, which support SSO (and SLO), can rely on multi-factor authentication, and delegate Identity and Access Management to your corporate systems.
2. Integration with other systems and services
Take into account the following when integrating with your systems or services:
•ECM integration is eligible to store case attachments directly in your corporate documents repository..
You can integrate your CMIS compliant ECM/DMS if it is cloud-ready (published and accessible via HTTPS through internet), or by using a VPN when otherwise.
•Invoking services is highly recommended by using Bizagi Connectors or the Web services Connector.
You may integrate web services (SOAP or RESTful) through either Bizagi Connectors or the Web services Connector, and establish direct communication if these are cloud-ready (published and accessible via HTTPS through internet), or by using a VPN.
•Custom jobs are supported.
Custom jobs are configured and run the same as in on-premises projects.
•Component library is supported, though consider that you are solely responsible for the code developed in custom components and added through this feature.
This includes: watching for adequate performance while ensuring that locks or issues are not generated, being accountable for uploading secure code, and ensuring that the code is thoroughly testing throughout the different environments.
The components must be self-contained (i.e, all libraries needed by a component must be uploaded via the component library). This means that a component may not rely on drivers, DLLs, files in general, or connectivity setup that needs to be installed separately into the local machine.
Recall that Automation Service, as a cloud-centric architecture, is built for scalability among other features.
High scalability in Automation Service requires that computing power, storage services and other capabilities, are made available on-demand as elastic resources which operate behind a load balancer, and therefore, point-to-point integrations which demand the installation of a component in a specific location are not best practices.
For this reason, it is important that when integrating your systems and services you can follow modern and service-oriented principles such as using Connectors when applicable.
3. Integration with other databases
Keep in mind the following when integrating with your databases through Data Virtualization and Data Replication:
•Integrating with Oracle databases or other engines different than on-premises SQL Server instances, is not supported.
•Data Virtualization and Data Replication will require a VPN.
•Even though you may use a VPN for Data Virtualization and Data Replication, you will need to use this feature wisely due to performance considerations.
Access to an external databases over the internet (from Automation Service), depends upon factors which are beyond Bizagi's control, such as a higher latency in data transmission, fluctuations, interference and congestion affecting the speed of the channel, and the quality of the networks used during transmission, etc.
Using this feature wisely means that you have to analyze your use cases thoroughly beforehand so that you can determine whether the performance impact is adequate for them.
Most often, working on information of one record specifically will be okay; while fetching multiple records and working in them may not be satisfactory.
You are entitled to use Bizagi's emailing service This module is configured for all the environments of your subscription. When using this service, your process applications will send out email notifications from a Sendgrid cloud service.
If you do not plan to use Bizagi's emailing service and wish to use your own email service, submit a support ticket stating so. You can directly integrate your corporate SMTP email service if it is cloud-ready (published and accessible via HTTPS), or by using a VPN.
When choosing this option you will not be able to use Multiple senders (option From) when configuring notifications.
If you choose to use your own SMTP, consider the following:
•If the SMTP is accessible from the VPN configured by Bizagi, you must inform this to our Bizagi support team.
•You can use port 587 or 465 using TLS. Port 25 is not supported.
•SMTP must support HTTPS authentication. Other authentication protocols are not supported.
•The SMTP must be configured with an existing service account, for example, firstname.lastname@example.org. This service account is going to be used to send emails from Bizagi, and must be dedicated for that purpose.
•The SMTP service account cannot have multi-factor authentication.
•We recommend you choose a non-expiring password . Otherwise, you must inform Bizagi through a support ticket, when the password changes.
•You are in charge of configuring and managing the SMTP.
•Bizagi is not responsible of issues related to the SMTP that can affect the execution of processes.
•The same SMTP can be use for both Test and Production environments. However you can define an SMTP per environment, if you do so, you need to inform our Bizagi support team and deliver the information for each SMTP service account (one for each environment
When you have configured the SMTP you must request a support ticket and provide the following information:
Information required by Bizagi to set the SMTP
•SMTP URL: URL of your SMTP server or relay.
•Port: Port number to access the SMTP URL.
•User Name: User name to access the SMTP server. You can encrypt the user name using the Work Portal feature. Refer to Password Encryption.
•Password: Password to access the SMTP server. You can encrypt the password using the Work Portal feature. Refer to Password Encryption.
•From email : Emails send email notification in processes will have this sender. The SMTP must admit the domain that the "From Email".has
•CC: If you need to send a copy for every email notification sent by Bizagi, send this parameter. This must be one email only.
•BCC: If you need to send a behind copy for every email notification sent by Bizagi, send this parameter. This must be one email only.
Regarding completing tasks via email, Exchange is an option as the service mailbox.
Other protocols and options than Exchange, such as those based on POP3 or IMAP, are not supported.
5. Bizagi API
OData services are available and highly encouraged.
You can use the Bizagi SOAP web services API if you set the WS-Security configuration.
Legacy web services are not supported.
6. Bizagi Web parts
SharePoint web parts are supported in SharePoint on-premises 2010 and 2013, but not in 2016 or 2019. Considering that you need to access on-premises systems from Bizagi Automation, you need to acquire a VPN.
Sharepoint Online is based in 2019, which means that Sharepoint Online is not currently supported.
7. UI extensibility and Work portal customizations
Widgets are completely supported and highly encouraged for Automation Service if you want to extend user interfaces.
Similarly, you may not modify the web.config file; nor any other aspects of Bizagi Work Portal except by using the theme builder or out-of-the-box features in general (modifications regarding IIS settings are also not allowed).
To support your subscription to Automation Service, a team of Bizagi experts takes care of all infrastructure services, related IT tasks involving provisioning, maintenance and tuning, and technical support (includes 24x7 monitoring). You as a customer do not need to provide DBA, platform admins or other IT-related staff.
8. Considering timezones and .NET framework date-time functions
In Bizagi Automation Service, the server time zone is always UTC +0.
When using .NET framework date time functions like the DateTime.Now or DateTime.Today function, these are not shifted by any time zone, therefore, and return the UTC date and hour.
Please consider the following article to understand how Bizagi calculates case and task due dates, how attributes are shifted depending on the user's time zone and how this configuration affects .NET framework date time functions.
9. Versions compatibility
Make sure that you are using a Bizagi Studio whose major and minor versions are the same as the Automation Server versions of your Automation Service environments.
The update and build numbers may be different, though we recommend that such update and build numbers be the same as or lower than the number for your Automation Service environments.
For example, to use a Bizagi Studio with version 11.2.4.0268, deploy it to cloud environments using version 11.2.4.0268.
10. VPN considerations
With Automation Service, it is entirely optional to use a VPN and it would be needed for integration purposes (i.e. integration with LDAP, DB sources via Replication or Virtualizationn, ECM not cloud ready, or integrations with systems of record), whenever the applications you want to integrate with, do not offer a service-oriented architecture and use different protocols other than HTTP/HTTPS.
We encourage you to expose all your systems in a demilitarized zone, where Bizagi could integrate without the need of a VPN. A VPN setup adds an additional cost to the subscription costs.
When integrating corporate systems which are not cloud-ready, through a VPN, note that using a VPN from any on-premises system to a cloud environment, does not resolve any potential performance issues caused by high latency in the internet channel.
Cloud-ready systems and services are either cloud-native, cloud-enabled or simply published for access through a public channel such as the internet.
This means basically a service which has an HTTP/HTTPS (the later preferred) endpoint.
A VPN establishes a connection between two endpoints as if these were physically wired (in terms of visibility, but not in terms of performance).
It is therefore important that you evaluate any potential performance impact when using a VPN, especially for online requests (non-scheduled jobs), so that you can determine if inherent factors in the on-premises-cloud communication design significantly affect your requirements.
Some of the inherent factors which are beyond the control of Automation Service' are: a higher latency in data transmission, fluctuations, interference and congestion affecting the speed of the channel, or the quality of the networks used during transmission.
A VPN setup adds an additional cost to the subscription costs.
For more information about VPN setup, refer to Cloud VPN.
11. Case links
Your SMTP configuration needs to be changed to adapt to the Automation Service setup. Our support team can send you instructions to adjust the SMTP server information in all your environments, when you request this feature.
12. File attachment maximum size
By default, Bizagi defines a maximum value for attachments of 1MB. However, you can edit this value. The field of the maximum upload file size in advanced environment options by Bizagi is 268435456 bytes (256 MB). However, in Bizagi Automation the Bizagi restricts the value to 25 MB. This limit applies to files uploaded through the SOA or OData layer.
If you define a maximum size value within a form, Bizagi considers the lower value.