What's New in Nintex K2 Five (5.6)

The latest release expands on the previous release with new features, enhancements, and bug fixes.

  • K2 Designer
    • Style Profile Designer Developer tab: A Developer tab is now available that allows you to use custom external resources such as Cascading Style Sheets (CSS) and JavaScript (JS) in your style profiles. This allows you to include modern capabilities, extend the look and feel of your style profile, and optimize web page behavior.
  • K2 Management
    • OAuth Store Encrypted Value: For added security, you can use the Store Encrypted Value option in resource type parameter configuration to encrypt sensitive information for parameters such as a client_secret.
    • AssureSign Broker: Nintex K2 Five (5.6) integrates with Nintex AssureSign through SmartObjects. Create an AssureSign service instance and SmartObjects to send documents for esigning.
    • SmartObject OData API v4: V4 of the SmartObject OData API exposes additional SmartObjects methods such as Create, Read, Update, Delete and Execute, in addition to the list methods supported in V3 of the OData API.
    • Authorization Framework: The Authorization Framework has been enhanced to include authorization for SmartObject Service Types and Service Instances. This provides extra security to SmartObjects and increased control around the management of Service Types and Service Instances. A new Service Instances Security node has been added to the Integration node of K2 Management. See Authorization Framework Overview, Service Instances Security, Service Types, and Service Instances for more information.
    • K2 Identity web application: This version of Nintex K2 Five implements authentication on the K2 Identity web application. For authentication to work seamlessly, the Identity web application must have the same claims configuration as your Runtime SmartForms realm. For details see the Multi-authentication providers.
  • SQLUM
    • Lockout Policy feature: SQLUM has been enhanced to allow administrators to configure a lockout policy. In order to protect SQLUM users from brute force password guessing attacks, the lockout policy will lock a SQLUM user after the configured amount of invalid password attempts, for a configured amount of time. For more information see the SQLUM administration topic.
  • Installer
    • For enhancements and new prerequisites when installing or upgrading, see the Nintex K2 Five Installation and Configuration Guide's What's New topic.
  • Nintex branding
    • Nintex branding and unification have been applied to Nintex K2 Five for alignment with the Nintex product suite.
  • Workflow
    • When you configure a Call Sub Workflow step in a workflow and manually type the name for a sub workflow that has not been created yet, the Folio and variables of the sub workflow are now automatically created for use in the main workflow. This allows you to complete the configuration of the Call Sub Workflow step before creating the sub workflow. Tab or click outside the Which workflow? field to show the Folio and variables.
  • K2 DocuSign Integration

    • DocuSign has announced a change for authentication techniques by deprecating legacy authentication and OAuth 1.0 protocols. Since August 2021, any new API applications integrating with DocuSign must use the OAuth 2.0 authentication flow. By October 4, 2022, all existing DocuSign customers and partners integrating with DocuSign must be updated to use OAuth 2.0, including applications already in production. For more information on the changes, see DocuSign’s blog at https://www.docusign.com/blog/developers/october-2022-oauth2-required. In Nintex K2 Five (5.6) we updated our integration to the OAuth 2.0 standard. If you use the K2 Integrator Key, you will need to configure your own personal Integrator Key for enhanced security. The steps are documented in the DocuSign topic, and the DocuSign Go-Live steps are at https://developers.docusign.com/docs/esign-rest-api/go-live/. There are two known issues related to the DocuSign integration. See the Known Issues section below for details.

  • Anonymous Error Handling
  • SQLUM Lockout Policy

    • Administrators can create SQLUM users in a domain\username format (referred to here as the full username) even though SQLUM has no concept of a domain. Prior to Nintex K2 Five (5.6), users created with the domain\username format could log in using just the username portion if the K2 server is running in the same domain as the domain part of the full username. This behavior has changed and now in clean installations of Nintex K2 Five (5.6) and on the first upgrade to Nintex K2 Five (5.6) from a previous version, SQLUM users that were created with the domain\username format need to log in with the full username.

  • Authorization Framework: Service Type and Service Instance Security
    • You no longer need K2 Workflow Server Admin permissions to access K2 Management to manage Service Types and Services Instances. Before upgrading to Nintex K2 Five (5.6), you needed K2 Workflow Server Admin permissions to access Management before you could create or manage a Service Instance of a Service Type. With Nintex K2 Five (5.6) you only need Create and View rights to the specific Service Type in Management allowing you to create and manage the Service Instance.
    • All rights now apply to all underlying SDK libraries and user interfaces providing enhanced security that is consistent across the entire platform.
    • When installing or upgrading to Nintex K2 Five (5.6), all K2 Workflow Server Admin users are granted the Allow permission to all rights on the root Service Instances Security level, and the Everyone role is granted the View right at the Service Instances Security level. This is to allow Admin users to manage all Service Instances and Service Types until a more granular setup is implemented, and to allow all users with access to the K2 Designer the ability to still view and use all Service Instances in their SmartObjects.
    • If you add a user as a K2 Workflow Server Admin after installing or upgrading to Nintex K2 Five (5.6), the user does not have rights to manage Service Types and Service Instances. These rights must be granted in the Service Instances Security, Service Types, or Service Instances nodes.
    • You need at least Create, Modify, Delete, or Security rights on at least one Service Instance or Service Type to access Management and manage Service Types and Service Instances, and View rights to see the object in K2 Management and K2 Designer.
    • The changes to rights and permissions also apply when using the SmartObject Tester tool.

  • Support for InfoPath was removed in Nintex K2 Five (5.0) and was tightly coupled with SharePoint 2010 which prevented upgrades if SharePoint 2010 components were installed, however some components of InfoPath remained installed. With K2 Five (5.6) these remaining components are being removed. Any legacy workflows built in K2 Studio or K2 for Visual Studio using InfoPath wizards will receive an error. Rebuild all affected workflows in the latest K2 workflow designer.

  • Internet Explorer 11 is unsupported and the K2 designer and K2 runtime functionality is blocked.

  • Microsoft has ended support for Silverlight on October 12, 2021. As a result the K2 legacy Silverlight designer has been removed from Nintex K2 Five (5.6). If you upgraded from Nintex K2 blackpearl 4.7 to Nintex K2 Five and are still using workflows built in the designer, you must rebuild these in the K2 workflow designer (HTML) before upgrading to Nintex K2 Five (5.6) or remain on Nintex K2 Five (5.4). A script is available to help you identify how many and which workflows were designed in the legacy designer. The scripts are available in KB003656 - Important update regarding Internet Explorer 11 and Nintex K2 Five.
  • Before upgrading to a newer version of K2, ensure there are no dependency issues in your solutions. See Dependency Checking for information about dependencies and how to resolve dependency issues.
  • If you are using K2 for SharePoint, you must update the app and run through the K2 for SharePoint registration wizard after upgrade. If you are using SharePoint Online, follow the instructions in Updating the K2 for SharePoint App for SharePoint Online in K2 Five 5.6. For SharePoint On-Premises, see the following steps:
    1. After running the K2 Setup Manager, browse and get the new K2 for SharePoint app from the SharePoint On-prem folder: "%ProgramFiles%\K2\Setup\SharePoint Onprem".
    2. Manually add the new version of the K2 for SharePoint App on your App Catalog Site using the Apps for SharePoint list. If there is an existing K2 for SharePoint App in the app catalog, you must replace the existing version with the new version, do not delete the existing version of the app. You grant K2 for SharePoint permissions during this step, and it requires Global Admin (Tenant) permissions, so you must be a Global Admin.
    3. Add the K2 for SharePoint app to your app catalog. You grant K2 for SharePoint permissions during this step, and it requires Global Admin (Tenant) permissions, so you must be a Global Admin.
    4. On the Site Contents page of the app catalog, click the upgrade link for K2 for SharePoint App. (If you do not see the link, go into the Details page for the app to upgrade it.)
    5. Click the K2 for SharePoint app from the Site Contents page or Quick Launch menu of the app catalog site and run through the Registration Wizard by clicking the Registration Wizard link in the Administration section to register the app with your K2 environment's URL. (If you do not see the Registration wizard, make sure you are on the app catalog).
    6. (This step is only required if there were changes to the K2 for SharePoint app. See the K2 for SharePoint release notes for information about previous releases and the latest version.)
      Deploy the app to one or more site collections using the Manage App Deployments page in SharePoint. A link to this page is provided on the K2 for SharePoint settings page. It is recommended you do this by paths rather than individual URLs, but individual URLs give you more control regarding which site collections have K2 integration. You should deploy as a SharePoint Administrator if you are deploying to multiple site collections.
  • Microsoft has ended support for Silverlight on October 12, 2021. As a result the K2 legacy Silverlight designer has been removed from Nintex K2 Five (5.6). If you upgraded from Nintex K2 blackpearl 4.7 to Nintex K2 Five and are still using workflows built in the designer, you must rebuild these in the K2 workflow designer (HTML) before upgrading to Nintex K2 Five (5.6) or remain on Nintex K2 Five (5.4). A script is available to help you identify how many and which workflows were designed in the legacy designer. The scripts are available in KB003656 - Important update regarding Internet Explorer 11 and Nintex K2 Five.

  • If you have used custom themes on your forms follow the instructions in the KB003654 Understanding the impact of the new Style Profile article to import the core_legacy.less file. This will ensure that your existing forms render correctly after upgrading to Nintex K2 Five (5.6) with the new Style Profile builder. Failing to import this file, may result in custom themes rending differently.

  • If you replace an existing Task step with a new Task step in a workflow, and the Form rules of the existing SmartForm Task remain but it shows the new Task’s name, follow the following article to successfully fix the issue: Known Issue : Old Workflow Task name in SmartForm overwritten by new Task
  • Issue: When editing an existing OAuth/Static DocuSign Feature Instance via K2 Management and entering an incorrect UserID, the instance will be updated but will present an error when an execution is attempted to DocuSign which requires the UserID.
    Error message states:

    Error: SmartObject Server Exception: {"error":"invalid_request"}.
    When attempting to create a new OAuth DocuSign Feature Instance using an incorrect UserID the same error will be presented on the DocuSign Service Broker configuration Step.

  • Issue: When you create a new OAuth DocuSign Feature Instance and the OAuth section details (ClientID, UserID, Authentication Service Url, Scope, RSA Private key) are all correct but REST API URL or the AccountID is incorrect, clicking OK will take you to the Feature Instance configuration screen and fail with a validation message stating that the REST API URL or the AccountID are incorrect.
  • Issue: When you correct the REST API URL or the AccountID value but you add the incorrect values for OAuth section and click OK, the Feature Instance configuration will succeed as the token for your OAuth DocuSign Feature Instance has already been created. Only when the token expires or is deleted will the validation for OAuth section activate again. When you edit an existing OAuth DocuSign Feature Instance where the token has not expired yet, you will also be able to add the incorrect values into the OAuth section and validation will not appear.

Nintex K2 Five (5.6) includes:

  • Nintex K2 Five (5.5) Fix Packs 1 to Nintex K2 Five (5.5) March 2022 Cumulative Update Fix Pack 10
  • When using variables in a workflow and trying to configure the initial value of the variable, the maximum length of the field seemed to have changed.
  • When using a Set Variables step in a workflow and you drag variables or environment fields that are longer than what is visible in the field, you could not navigate to the beginning of the variable text.
  • When using a SQL SmartObject in a Create Reference step in a workflow, and filtering the value using an "Empty String" function to compare against a blank value in the SmartObject, the function did not execute correctly.
  • When executing a List method on an Oracle SmartObject, certain characters such as "à" and "é" were not returned.
  • When using a legacy theme on a form and adding multiple rows of data to an Editable List view on the form at runtime, the data displayed as a single line entry.
  • When using the rule designer in a workflow and adding an IF statement, fields could not be added to the Then/Else statement.
  • When editing a workflow containing a Create Reference step, a duplicate reference was created when clicking the Create Reference step.
  • When adding a new domain to AD Service 2 and trying to execute the ADService > GetGroupsByUser method, no data was returned for the domain.
  • After applying Nintex K2 Five (5.4) Fix Pack 49, K2 Workspace did not load.
  • Unable to configure a SharePoint site in any of the SharePoint Reference events in the workflow designer because the OK button was disabled.
  • Slow performance experienced when dragging and dropping workflow steps onto the Workflow Designer canvas.
  • When you run a form from a solution containing large numbers of SmartObjects and views, slow performance was experienced.
  • When copying and pasting Split and Decision steps in the workflow designer and trying to deploy the workflow, a "System.Exception: Missing reference at Line 'Processed' . Error: While trying to resolve the following reference...." error occurred.
  • When trying to create a SmartStarter app using the Document Approval template, a "Sequence contains no matching element" error occurred in the Resolve Generation step.
  • When using the Worklist control and removing the default "Status not equals Sleep" filter at runtime, tasks of other users were visible.
  • When creating a Workflow REST Service Instance using the Workflow REST API and trying to generate SmartObjects from the instance in Management, a timeout error occurred.

For a list of the available Fix Packs refer to the K2 Five (5.6) fix packs knowledge base article.