We're updating some of our product names. K2 Five will soon be Automation On-Prem. You may see both product names in our help pages while we make this change.

Configure Credentials

This content applies to legacy design tools (such as K2 Studio, K2 for Visual Studio, or the Silverlight-based K2 workflow design tool). If you have upgraded from K2 blackpearl 4.7 to K2 Five, these tools may still be available in your environment. These legacy tools may not be available in new installations of K2 Five. These legacy tools may also not be available, supported, or behave as described, in future updates or versions of K2. Please see the legacy component support policy for more information about support for these components.

Capture the Configure Credentials : Specified Account

The requirements for specifying an alternate set of credentials is straightforward. Firstly, the workflow that is being developed requires a Server Event of some kind. Once the server event has been configured then the K2 Developer can configure the credentials for that event. Secondly, shown below is a simple example of a workflow; the menu option to Configure Credentials is accessible by Right Clicking on the Event. Once selected the Configure Credentials Capture Dialog will appear.

Only individual events within a workflow can be configured to run under an alternate set of credentials and not the entire workflow

Fig. 1. Capture Credentials Context Menu

Capture the Configure Credentials : Specified Account

Shown below is the Configure Credentials dialog that can be expected by the user. The dialog contains two fields to enter the User Name and Password respectively. The dialog is shown ready to accept the alternative credentials as the option Specified Account has been enabled. Enabling this option disables the K2 Server Service Account as the default Account under which the current event executes and enables the User Account that will be specified now. Alternatively, if this option is not enabled, the Event will continue to run and be executed using the K2 Server Service Account.

By default, the K2 Server Service Account is the account that executes the Events. To change this for one, multiple events or all within a workflow the credentials have to be specified individually for each event one at a time

Fig. 2. Configure Credentials Dialog

Configure Credentials
User Name	The User Name of the specified account, however the User Name must be entered using the fully qualified domain name i.e. [domain] \ [User Name]
Password	The password for the Specified Account. The need for the K2 Developer to have access to the password for the Specified Account as design time implies; as a best practice, that the User Account should not be an account belonging to an individual within an organization. The Specified Account should be a Service Account similar to the K2 Service Account specifically set aside for the task. Alternatively, if an individual's User Account is specified, then this should only be done when the Event is required to run on behalf of the individual

Configure Credentials

User Name

The User Name of the specified account, however the User Name must be entered using the fully qualified domain name i.e. [domain] \ [User Name]

Password

The password for the Specified Account. The need for the K2 Developer to have access to the password for the Specified Account as design time implies; as a best practice, that the User Account should not be an account belonging to an individual within an organization. The Specified Account should be a Service Account similar to the K2 Service Account specifically set aside for the task. Alternatively, if an individual's User Account is specified, then this should only be done when the Event is required to run on behalf of the individual

The User Account that is specified in the Configure Credentials is the User Account that will appear in the system logs and the reporting. Considering the potential security risk when specifying the credentials of an individual's account, the specified account should rather be a service account to reduce exposure