Mendix Release 10.14 – Connecting the Dots

Studio Pro

Performance

To enhance the experience in Studio Pro, we’ve implemented several key performance changes. While it was already possible to turn it on yourself, we’ve now enabled the new toolbox by default which is more responsive, giving a faster editing experience. Additionally, we’ve optimized the performance of running an app locally and addressed performance issues that would during extended use of Studio Pro.

Class, Style, and Dynamic Class also in Properties

For more advanced users who mainly use the classes and styling field we’ve made it easier. Users can now edit the Class, Style, and Dynamic Classes properties directly from the Properties tab. No need to switch to the Styling tab to make these changes anymore, making you faster than before.

AI Translations in System Texts

We’ve made the AI translations possible in the system text editor. Users who have both the new system texts editor and the AI Translations enabled in Studio Pro, can automatically generate translations for any language you have in your app for the system texts, reducing the time it takes to set up these translations. Any text that was manually changed will be kept, so already done translations or corrected generated texts will not be lost.

Tab container improvement: dynamic tab switching

In the Tab Container widget it is now possible to dynamically set the active tab. This enhancement addresses one of the most voted ideas on the idea forum. With the introduction of an attribute field on container level, developers can now control which tab is active by changing the value of the attribute. This will automatically switch tabs to the new index. Additionally, we added an on change event which can be used to execute an action when the user switches tabs. This new functionality provides greater control and flexibility, allowing for seamless tab management within the Tab Container widget.

Lastly, the “default tab” property on tab level is now discontinued and replaced with a “default tab page” property on the container level. To ensure a smooth transition, a conversion has been added to determine the default the current tab page index and convert it to the new “default tab” property.

New markdown viewer widget

The new Markdown Viewer Widget empowers users to seamlessly render Markdown content as HTML within their applications. Designed for visualization purposes, the widget offers a user-friendly experience for viewing content written in Markdown syntax. Common use cases include leveraging AI-generated Markdown content, as well as integrating Markdown-based documentation directly within applications.

Mendix Connect

External database connector – Call SQL Stored Procedures

The External Database Connector now supports calling SQL stored procedures with input and output. Older databases often have data related logic in the database, either for validating and securing the data, or for improving the performance of bulk data updates. But it’s not just older databases that leverage the value of logic in the database. Modern databases like Snowflake provide stored procedure wrappers around AI functionality to leverage the value of AI straight from the database. Mendix 10.14 now makes it easier use these stored procedures and functions from your Mendix app.

AWS SQS bridge for Business Events

As of Mendix 10.14, Mendix Event Broker provides full support to exchange events between the Mendix Event Broker and AWS SQS queues. Not only can you send and receive Business Events defined in your Mendix applications to and from SQS queues, but you can also send and receive events defined by non-Mendix apps using SQS queues. You’ll need an AsyncAPI contract to describe the events you use in SQS queues from other applications. This contract can be uploaded in the Event Broker portal before defining an SQS bridge. You’ll be able to select which events you want your Mendix application be able to send and receive via Business Events. After you’ve set up the bridge any Mendix app can exchange events via SQS with other applications using SQS.

The good news is that support for AsyncAPI contracts in the Event Broker isn’t just useful for bridging to AWS SQS. Developers can now define all the Business Events you want to use in your Mendix apps in an AsyncAPI contract, for example using a third-party tool like AsyncAPI Studio. When you’ve created the contract, you upload it to the Event Broker, and then developers simply use the predefined events in your apps. Contract first Business Events!

Experimental: GraphQL support for OData REST services

Mendix 10.14 provides experimental support for GraphQL in published OData REST APIs. This means that clients can choose if they want to use GraphQL syntax when calling a published API or use the OData REST syntax. Currently, this experimental release does not provide full GraphQL support for all OData functionality (e.g., filtering and mutations are not yet implemented). You will be able to retrieve data types with associations, specify what attributes should be included and which records you need (offset, limit). The API provides introspection, so GraphQL clients like Postman will be able to describe the data provided by an API and help you build the correct query. To consume GraphQL APIs, you can paste the query from Postman into the Mendix Rest Client and map the result to entities.

AWS connector suite updates

Amazon Location Service connector (platform supported)

The Amazon Location Service connector is a location-based service that you can use to add geospatial data and location functionality to your Mendix applications. It already existed for a while as a Community-supported connector. Due to its success and multiple requests to make it platform supported, we now adopted this as an official part of the platform supported suite of AWS connectors. At the same time, we have updated the connector to use the latest version of the Authentication connector, so now this connector can easily be used in combination with other connectors as well.

AWS Authentication connector

We made several smaller quality-of-life improvements to the AWS Authentication Connector. There is now the ability to validate the configured credentials before calling an operation, which can improve an application’s robustness. A UI component has been added to the connector as an out-of-the-box snippet to be able to easily create admin pages and to configure AWS credentials. Lastly, we renamed and reordered region captions, so it’s easier to select the correct region.

Amazon S3 connector

As one of our most popular connectors, the Amazon S3 connector has received a great deal of input and feedback over the last few months. Today we are pleased to announce that we have added some of the most requested features:

• We released the HeadBucket operation,which returns metadata for a given bucket. This especially is useful for identifying the region where an S3 bucket is located.
• The ability to pre-sign object requests (GetObject, PutObject, DeleteObject) so customers can authorize their end-users to temporarily manipulate S3 objects. For example:
  • Download a static file hosted in an S3 bucket such as insurance policy
  • Upload a file into a predefined S3 bucket without having to load the file into the Mendix Runtime
• The ability to integrate with S3-compatible APIs (BackBlaze, MinIO), so customers can use their own object storage with the connector.

Amazon Bedrock connector

We added two new operations to the connector to more easily interact with the Agents, that have been created with Amazon Bedrock in the AWS Console, from within your Mendix Mendix application:

• The ListAgents operation can be used to display a list of selectable pre-defined agent. It returns the agents belonging to an account and gives information about each agent
• The GetAgents operation on the other hand returns detailed information about a given agent.

Amazon Bedrock has a new feature in preview where other data sources such as a web crawler can be used for a knowledge base. A bug was fixed where those new data sources resulted in an error and currently a partial response for those new additions is supported.

Teamcenter Extension – Journey Collection

In version 2.0 of the Teamcenter Extension, the new ‘History’ tab offers a streamlined overview of your past work. Located conveniently on the main page, this feature displays the list of your previously created integrations within the extension. Selecting any integration reveals its details, including a validation feedback system that monitors its operational health. Enhancements include the ability to edit an existing integration, duplicate it for new projects while preserving the original, or delete it if necessary. It’s important to note that deleting an integration does not affect the underlying microflows and entities within the Mendix model.

Additionally, we’ve made several UI improvements at various points of the user journey and bug fixes to ensure a
smoother experience.

IAM modules in Marketplace

SCIM end-user lifecycle management module

We proudly present a new module in our Marketplace: the SCIM end-user lifecycle management module.

The SCIM (System for Cross-domain Identity Management) protocol is a game-changer for organizations looking to streamline their identity management processes, especially when it comes to handling the onboarding, moving, and offboarding of employees – also known as joiners, movers, and leavers.

By including the SCIM module in your Mendix apps, IT administrators can automate the provisioning of end-user accounts for new joiners and efficiently deprovision access for leavers. If a user has moved to a different role and is no longer entitled to use your app, SCIM can deactivate that user in your app as well. This not only saves time and resources but also minimizes the risk of human error and it ensures that access control policies implemented in your IdP are consistently enforced across your B2E Mendix app portfolio. Moreover, fewer active end-users in your app, helps you control Mendix user licensing cost!

The SCIM protocol is supported by all leading IdP-technologies, so it’s a matter of configuration to have both SSO and SCIM lifecycle management between your app and your IdP. We’ve tested the module with Microsoft’s Entra ID and with Okta, using SAML and OIDC SSO – it works as expected!

If your organization is looking to optimize governance and reduce user risk, SCIM may be the essential module for achieving these goals!

API security using tokens

If you’re building APIs (possibly OData APIs) as part of a multi-app solution, you need to think about security. API security can be arranged for using API keys, but that’s not the best security practice. If you prefer to use OAuth tokens (a.k.a. bearer tokens or access tokens or JWTs), two options exist for the client application:

• Use human identities. An end-user of your (client) application logs in using SSO, and the client application can consume the API on behalf of the end-user using the OAuth Access Token it received as a result of the SSO process.
• Use a machine identity. Machine identities are also known as service accounts or application accounts. In this case, access tokens are used by the client application to consume the API on behalf of itself. The end-user is not relevant in this scenario.

And security is not just about authentication but also about authorization. Who can do what? For APIs you may want a logic that is similar to the following:

• Allow all identities to do a GET on your endpoint to ‘read’ certain data, and
• Allow only specific identities to write data using a POST method on your API endpoint.

All of this is now supported by the OIDC SSO module! (One could argue that the name of the module is no longer accurate – it’s a useful module even if you’re not doing SSO!)

So what’s new in the OIDC SSO module?

When working with machine identities, the OIDC module is now capable of creating a local ‘user’ for the client on-the-fly. In other words, it’s doing just-in-time user provisioning for the client’s machine identity. This brings the benefit that the security concepts in the Mendix runtime are now leveraged for machine identities as well. Both for human identities (SSO) and for machine identities (Client credential grant), the OIDC module will validate the token and map the permissions associated with the token (OAuth scopes) to the user roles in your Mendix app. Remember, the security concept allows you to define access controls to microflows, entities, and data sets via user roles.

All of this makes your API (as an OAuth Resource Server) effectively delegate user authentication, client authentication and authorization decisions to the IdP. That’s why using OAuth tokens is a best practice for API security – put the responsibilities where they belong.

With these capabilities in the OIDC SSO module, security comes out-of-the-box and you can focus on the business logic of your multi-app solution!

Mendix Platform

App Insights

We’re thrilled to share that the new version of our Feedback Module (v2.0.0) is now live in the Marketplace! We’ve completely re-engineered the widget, unlocking functionalities that were previously inaccessible in the React version. These features have been rewritten in Mendix, giving you the flexibility to update and customize them according to your needs.

Here are the key customization features you can now leverage:

• Button placement: Decide exactly where the feedback button appears in your application.
• Form triggering and display: Control how and when the feedback form is triggered, ensuring a seamless user experience.
• Feedback destination: Decide where feedback submissions are sent, enabling smoother integration with your existing systems.
• Styling and copy: Customize the widget’s design and text to match your app’s branding and tone.

With these new capabilities, you can ensure that the feedback widget perfectly fits the unique requirements of your application.

Academy

Certification page upgrade

Academy is making steps to guide a user better in their journey. One of the first steps we now have taken is to show a sequence in the available certifications. This will allow the users to better understand how the relation is between the different certifications. It also allows us in the future, when we introduce more types of specialization certifications, to have a user choose between different tracks and have their path reflected on the page.

Upload Mendix certificate to LinkedIn

It’s now super easy to share your latest Mendix achievements with your community on LinkedIn. Simply go to your achieved certificate via Academy.mendix.com and click the share button. We will pre-fill all the needed information for you and in two clicks you have shared your latest success with your peers. So, be proud and share it now!

Are you ready to start your next app?

• Download Mendix Studio Pro.
• Take a closer look at all the features, improvements, fixes, and more in the Mendix 10.14 release notes.
• Don’t want to miss future updates? Subscribe to our blog to catch the latest news.