Skip to main content

When using Active Directory with Windows Authentication in K2, a manager can view an employee's worklist as long as the proper org structure is added into AD (i.e. the 'manager' property is populated for all users).  For example:  Bob is the manager for Anthony and Blake; in AD boh Anthony and Blake are configured with Bob as the manager.  Bob can go into K2 Workspace and see his own, Anthony's or Blake's worklist.  This functionallity is built-in to K2.

 

Now, if we switch to using SAML claims and ADFS for authentication, things get a bit trickier.  First of all, I would need to configure ADFS to pass the manager information in the SAML token using some claim type I invent.  No problem.  The particular value I pass in the claim would have to match the type of data I expect to use in the identity claim.  For example:  If I decide to use email address fo the identity claim of a user, I would likely need to configure the manager claim to pass the manager's email address (not their AD logon id or their AD distinguishedName).  No problem (that I see yet).

 

However, I need to configure K2 to accept the manager claim type and use it's value as the manager of a user.  I don't see where to configure K2 for this.

 

Has anyone done this?

Does K2 support the "managed worklist" ability for SAML claims like it does for Windows Authentication?

Does this work regardless of what kind of user store is on the back end (e.g. Active Directory, LDAP, SQL table, text file, etc)?

 

According to Step 3 on "Configure SmartForms for Active Directory Federation Services (AD FS)", it says to configure the K2 sercurity provider.  What this really appears to mean is that that K2 wants to access the LDAP store that ADFS uses to authenticate the users.  (The Federated Authentication purist in me rises up in revolt against this since it means you cannot do cross-organization authentication, but I'll save that for a different day.)

 

So, what does this mean for managed users and viewing their worklist?

 

How do I configure K2 to allow managers to see their employees worklist when using ADFS and SAML?

Any answers on this? 

How to configure the K2 Workspace 'Managed User Worklist' to function properly when using ADFS and SAML?

We've followed the instructions, talked with K2 Advisors, most everything works ... except  the Managed User Worklist (in K2 Workspace).  Please respond.

Is anyone using 'Display Worklist of Managed Users' with SAML authentication in K2?

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings