Symptoms
When using SharePoint group as a destination in a Workflow, the workflow errors stating that at least one destination should be specified. Also some users cannot start workflows although they have rights assigned via SP group membership.
-Users assigned rights through “Everyone except External users” also cannot start a workflow
Diagnoses
Workflow destination error – This is due to a bug in K2 identity service where the case of the group name must match between SharePoint and Identity service. If they don’t match when the Groups memberships is updated it fails and all users in this group will have their membership removed in Identity cache.
Start rights – This can be due to the above bug but can also be relating to the Sync Group that updates the Identity cache that takes long to complete due to the amount of SharePoint groups. Sync Group will force refresh all SP groups to K2 identity.
Users that is granted start through the “Everyone except External users” will not work, we currently don’t support that SharePoint function. There is a feature logged for this though.
Resolution
Workflow destination error – Updated the Group name in SQL Identity tables to match SP short term to fix the issue, we also applied a codefix to the instances to fix this case issue. this change will also ship in the next Appit release. (Appit 1.4)
We also added the "Everyone" Group to start rights apposed to the "Everyone except External" not supported yet
Start rights – the issue seems to have gone away overnight, this leads me to believe it might be related to the case issue as above, or the sync groups finished and memberships was corrected.
Features based on what we have seen working this ticket.
-Feature for K2 Management Pages to have the ability to force refresh K2 identity for specific User or Group.