This article covers the following topics relating to the release of Front Office 9.6:
- Bug Fixes
- System Configuration Setting Amendments
- Access Rights Amendments
- Installation/Upgrade Considerations
Enhancements to the product this release
The Front Office Help Centre provides an ever-increasing set of self-help resources, including knowledge base articles, FAQs, videos, adapters, and templates to download. Support calls can be logged online at https://frontofficehelp.biomni.com/.
Forgot Password Update
The Forgot Password process has been rewritten so that a user’s account is no longer locked during the password reset workflow, and a reset password link is emailed as an alternative to a temporary password. As part of this update, a new system configuration value has been created:
- Reset Password Link Expiry: When a user triggers the forgot password routine, this value will determine the number of minutes the reset password link is valid.
- Default: 30
- System configuration code: PWD_RESET_LINK_VALIDITY
Password Security – Account Locking and Retries
This feature further enhances the options available for protecting users accounts by allowing an administrator to set the following system configuration values:
- Password Attempts Duration: ‘Password Attempts Duration’ is used to define the number of minutes in which consecutive incorrect passwords must occur for the account to be locked. If zero is entered then the account will be locked after 'Password Attempts Allowed' consecutive attempts, regardless of the timeframe.
- Default: 0
- System configuration code: PWD_RESET_ACCOUNT_LOCK_COUNTER_AFTER
- Account Lock Duration: ‘Account Lock Duration’ is used to define the number of minutes an account is locked after an incorrect password is entered using the rules defined by ‘Password Attempts Duration’ and 'Password Attempts Allowed'. Enter zero to permanently lock an account.
- Initial installation default: 60
- Upgrade default: 0 (replicate existing functionality)
- System configuration code: PWD_ACCOUNT_LOCK_DURATION
- Password Attempts Allowed: ‘Password Attempts Allowed’ is used in combination with 'Password Attempts Duration' to define how many times a user can consecutively enter an incorrect password in a specific timeframe before their account is locked (see ‘Account Lock Duration’). Enter zero to disable this check, meaning a user can continually enter an incorrect password without their account becoming locked – this is not recommended.
- Initial installation default: 3
- Upgrade default: Previously set values for PWD_RETRIES (now removed) will be migrated to this new configuration setting.
- System configuration code: PWD_ATTEMPTS_ALLOWED
We strongly recommend that you review the new password settings on the System Configuration page, including the associated descriptions, and update them to meet your own internal security guidelines.
Allow External Listbox field to trigger rules
The capabilities of the External Listbox field has been extended so that it can now trigger rules using a named column, utilizing standard string operators such as ‘is’, ‘is not’, ‘contains’, ‘does not contain’, ‘starts with’, and ‘ends with’.
Ability to Activate and Deactivate a User via the Directa API
Two new Directa API methods have been added, enabling authenticated API users to either get or set a user’s status, therefore allowing them to activate and deactivate users:
There is more information about the new API methods in the SDK documentation installed here:
Add Multilingual Support for User Group Names
User Group Names now support the ‘Edit Other Languages’ functionality, meaning that within a multi-lingual system you can translate User Group Names and give them a descriptive name that can be understood by all users; this is especially helpful within the approval section.
Allow a URL Link Option Within the Service Catalog
There is a new option within the Service Catalog that will allow you to enter a URL as an alternative to service requests. This means you can link to other pages and send your users either to an external website or to another page within Front Office, utilizing Front Office variables, with the added ability to open the link within the same window or open a new one.
Reference: 3676 & 3813
Several security updates have been made, as listed below:
- HTTP security header updates:
- ‘X-Content-Type’ – set to on by default.
- ‘X-XSS-Protection’ – set to off by default. Most modern browsers ignore this header now as having it on can introduce additional security issues.
- Support for the ‘Strict-Transport-Security’ HTTP header and ‘Secure’ cookie flag using a new Website Settings section in the Configurator.
Note: we recommend Enforce HTTPS is enabled for all securely hosted (HTTPS) installations
Optimize Front Office Installation Media
Reference: 3244 & 3388
Unused files and sample imagery have been removed from the installation media, optimizing the installation and upgrade process, and reducing the amount of disk space required to host Front Office.
Add Support for Windows Server 2022
Support for Windows Server 2022 has been added.
Maximum decimal places validation check fails for boundary values
Unknown error when saving a Form via non-GB languages
Multiple password reset links issue
Deactivated/Dormant users become active using Forgot Password functionality
For Import User feature, values of “PwdLastChangedDate” and “SendEmailsWhilstOnHoliday” do not persist
German “Fulfilment” translations were not correct
3952 & 4011
Save and OK buttons do not work correctly on Request Type page
Active Directory user import losing line manager information and failing with concurrency errors
All bug fixes published within Front Office 9.5 SP1 are included.
System Configuration Setting Amendments
A full list of System Settings is available in the Documentation folder and via the Admin > Support category in the website.
- PWD_RETRIES: Password Retries Allowed
- PWD_ATTEMPTS_ALLOWED: Password Attempts Allowed
- Previously set values for PWD_RETRIES will be migrated to this new configuration setting.
- PWD_RESET_ACCOUNT_LOCK_COUNTER_AFTER: Password Attempts Duration
- PWD_ACCOUNT_LOCK_DURATION: Account Lock Duration
- PWD_RESET_LINK_VALIDITY: Reset Password Link Expiry
Access Right Amendments
A full list of access rights is available in the System Settings List, available in the Documentation folder, and via the Admin > Support category in the website.
The install and upgrade process, as well as the instructions for applying a service pack, is explained in more detail in the Front Office 9.6 Installation and Upgrade Guide. If upgrading, please also review this section within each Release Notes for intervening versions.
Please contact the support team via https://frontofficehelp.biomni.com/hc/en-us/requests/new if you have any questions
Prerequisite: .Net Framework 4.7.2
Front Office 9.6 requires .Net Framework 4.7.2 to be installed.
Role Privileges for Installation and Upgrade
The user who creates or upgrades the database should typically have the database ‘sysadmin’ role.
Prior to starting the process, a validation check warns if the user entered does not comply.
It is possible to run with reduced privileges. Details can be found in the Installation and Upgrade Guide:
- Installing and Upgrading Front Office 9.6 – Installing Database with reduced permission set.
The Front Office SDK can be found in <install location>/SDK
It is recommended that the latest service pack should always be used for all software.
Server Operating System
The following operating systems are supported:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
The following versions of SQL Server are supported:
- SQL Server 2014
- SQL Server 2016
- SQL Server 2017
- SQL Server 2019
- Azure SQL database
- Microsoft SQL Server on Amazon RDS
The following client browsers are supported:
- Internet Explorer 11
Share this article