Best Practice for Workflow Design - Using Workflow Constants

Not applicable
25 2 14.1K

All the Nintex Workflow 2013 Provisioning actions require a security account with high level access to Active Directory to perform their various tasks.  When designing the workflow you can supply the credentials of the account to the workflow actions manually, which means anyone designing such a workflow would have to explicitly know the name and password of the account.

Actions where workflow constants are recommended are on the right:

Why use a Workflow constant?

A more secure option is to create a workflow constant or global variable and record the account and user name in it, and then use the workflow constant in the workflow designer. This allows trusted workflow designers to setup workflows that can interact with Active Directory while protecting the integrity of the high level account.

Workflow constants can also be helpful if you have a staging environment and a live environment – if variables are used, you only need to ensure that the variables are the same in both environments without having to update the workflow settings when you export a workflow, and then import the workflow between environments.

How to create a Workflow Constant

Workflow constants can be created at the Site level, the Site Collection level or at the farm level (via SharePoint Central Administration).

Farm Level

Create workflow constants at the farm level so the constant is available throughout the farm. Navigate to SharePoint Administration. Open Nintex Workflow Management, and click on Application Management. Click on Nintex Workflow settings and then Manage workflow constants.

Site or Site Collection Level

Create at site level, and the workflow constant will only be available in that site or site collection. At the site or site collection level, open Site Settings. In the Nintex Workflow section, click on Manage workflow constants.

How to use a newly created Workflow Constant in your Nintex Workflow

Now when you design a workflow that requires interactivity with Active Directory, you can use the workflow constant in the AD workflow actions. To do so, click the ‘padlock’ icon. A list of stored credentials will appear. They are all the workflow constants that you have made available.  Select the constant you want and click Insert. The workflow constant is inserted into the workflow action, disguising both the real account ID and its’ associated password.


Cloud Wanderer

Question:  If the credentials you use have a password that needs to be changed on a regular basis, and you update the password in the constant, will that carry down to the actions where the constant was used?  Or do you have to republish those workflows to get the updated credentials?

Design Dabbler

Where is the list of actions that is referenced in the 2nd paragraph of the article?