Manually Configure K2 for Azure Active Directory (AAD)

K2 integrates with Microsoft Azure Active Directory (AAD) which allows AAD users to log in to K2 web sites and allows you to assign AAD users workflow tasks and get user details using the AAD  SmartObjects.

For more information about AAD integration see Azure Active Directory in the K2 User Guide.

This article shows you how to manually setup AAD as an authentication option for K2.

  • If you have integrated your K2 installation with the K2 for SharePoint app, in particular with a SharePoint Online tenancy or one that uses Azure Active Directory, you DO NOT need to do the configuration described here as it is done for you automatically during app installation and registration.
  • Make sure you use the K2 Service account when doing this configuration and that you perform these steps on the K2 server.


You need the following items in your environment to configure K2 for AAD:

High Level Configuration Steps

If you're familiar with configuring claims integration these high-level steps summarize the steps you need to follow. For a detailed guide, see the Detailed Steps section below.
General Configuration

  1. SSL-enable the web site that hosts the K2 virtual directories.
AAD Configuration
  1. Create an App in AAD for your K2 site and gather information for configurating K2.
K2 Configuration
  1. Register an OAuth resource in K2 for AAD.
  2. Add the AAD Security Label.
  3. Configure the AAD Service Instance.
  4. Configure Claims.
  5. Test an AAD login.

During the configuration of K2 you need the following information from your AAD App and/or subscription. Write these values down as you go.

Item Example Values Your Values
Application ID / Client ID 304e7ece-9380-43ac-a35c-a4645d5bba5e  
Key / Client Secret sO7Uu2gC84Gdx/Vb7jcaGqek7KrPAfGfcsjlMS5m6AE=  
Tenant ID / Directory ID 0bb385a0-6343-4ba1-8aa3-a4371a9c458c  
Federation Metadata Document URL  
OAuth 2.0 Token Endpoint  
OAuth 2.0 Authorization Endpoint  
Certificate Thumbprint 1528a6b4d1f2w680b4b095c69afdadf9cd65c7837  
Identity Claim Type  
Identity Provider Claim Type  
Login URL  
Issuer Azure Active Directory  

Detailed Steps