I have come across a particular situation where there are unique users that are not within our Active Directory Forest but I need them to interact with specific client events. They DO NOT need access to the K2 Workspace, but they do need to be able to interact with a Client Event tied to them.
Using the SQL User Manager ISN'T an option since we have thousands of users in AD that are using K2.
Any ideas?
Thanks!
later,
jason
+2
The more I think about this, I've come up with the following scenario and would like some feedback (and am still interested in other possible solutions).
1. Create an AD user that will be used to represent the users not in Active Directory.
2. Put this user in the Destination Rule of the Activity
3. Add a Server Mail event to send an SMTP message to the person who needs to respond to this event.
4. Add a client event that waits for the Worklist item to be completed.
5. The user clicks on a link sent from the SMTP Server event that takes them to an ASP.NET web page.
6. IIS authenticates this user using our Public Key Infrastructure (client certificates, everyone has a SmartCard, but not all smart cards are assigned to a user in AD in OUR forest).
7. The ASP.Net will finish the client event using K2ROM using the General user used to create this client event.
Anyone see any problems or flaws with this? (Security, logic or otherwise)
1. Create an AD user that will be used to represent the users not in Active Directory.
2. Put this user in the Destination Rule of the Activity
3. Add a Server Mail event to send an SMTP message to the person who needs to respond to this event.
4. Add a client event that waits for the Worklist item to be completed.
5. The user clicks on a link sent from the SMTP Server event that takes them to an ASP.NET web page.
6. IIS authenticates this user using our Public Key Infrastructure (client certificates, everyone has a SmartCard, but not all smart cards are assigned to a user in AD in OUR forest).
7. The ASP.Net will finish the client event using K2ROM using the General user used to create this client event.
Anyone see any problems or flaws with this? (Security, logic or otherwise)
+11
I think that is about the only way to accomplish this. We use the same principal in our Support System.
Another alternative of course would be the Multi-User-Manager (MUM) component - currently in Beta i.e. Unsupported. With this component, you can use both AD and SQL User Managers. If you're interested in this, please contact your local K2.net support office.
Regards,
Ockert
Another alternative of course would be the Multi-User-Manager (MUM) component - currently in Beta i.e. Unsupported. With this component, you can use both AD and SQL User Managers. If you're interested in this, please contact your local K2.net support office.
Regards,
Ockert
Reply
View our Community Site Map
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.