K2 Worklist Control will always default to K2 Security label causing incorrect assignment of tasks meant for AAD users
kbt155285
PRODUCTIssue
When in the K2 Worklist control or the K2 for SharePoint Worklist Web part you will see that the default label used when redirecting tasks, sharing tasks, and setting out of office will always search on the K2 Security label. This causes your users to assign tasks to local on-premise accounts by default instead of the desired cloud Azure Active Directory accounts. This would have to be changed manually on each search, but we are looking for a way to do this automatically without the below steps for the user to swap the label drop-down:
Symptoms
- We have seen a lot of tasks Shared or Redirected to wrong users.
- Users are reporting that they have not been assigned a task.
- Out of office are set to wrong the Users with K2 Label.
- You are in a hybrid AAD and AD scenario.
Resolution
We can use the below workaround to have the AAD label be used as the default label on the worklist and K2 for SharePoint Worklist Web Part.
Workaround Steps:
1. Edit the K2 SmartForms Runtime web.config file. This is usually located in the file locations below depending on your K2 version:
K2 4.7:
C:Program Files (x86)K2 blackpearlK2 smartforms RuntimeWeb.config
K2 Five:
C:Program FilesK2K2 smartforms RuntimeWeb.config
2. Search for the below xml node in the web.config file:
<!--<add key="DefaultSecurityLabel" value="K2"/>-->
3. Remove the comment on the below key and changed it to be like so:
<add key="SecurityLabels" value="AAD"/>
4. Also change the following node as well from:
<!--<add key="SecurityLabels" value="K2;K2SQL"/>-->
To be:
<add key="SecurityLabels" value="AAD"/>
For more information on what these Keys do, refer to the following documentation:
https://help.k2.com/onlinehelp/k2five/icg/5.2/default.htm#configref/config-security.html
5. After changing the above xml save the web.config file.
6. Do an IIS reset on the K2 Server via elevated command prompt.
Now when you open the Worklist control on a SmartForm on Share, Redirect, Out of Office, the AAD label will be selected by default:
This also reflects on the K2 for SharePoint Web part as well: