We're updating some of our product names. K2 Five is now Nintex Automation. You may see both product names in our help pages while we make this change.

Custom User Managers

A User manager is a collection of configuration properties used:

to authenticate users and or groups
to retrieve user and group information at runtime and design-time
to assign workflow tasks
to perform Single Sign-On (SSO) tasks for K2 Service Brokers
to assign K2 security permissions

Developers can create and register custom user managers to perform some or all of these operations against users from identity or security stores that are not included in the set of standard User Managers provided with K2.

Custom Security Providers are often used:

in situations where a custom authentication mechanism is already in place
when it is necessary to create a custom Single Sign-On provider to use SSO authentication in a SmartObject Service Broker
or when it necessary to authenticate non-Active Directory users and none of the existing security providers in K2 meet the organization's requirements.

The following diagram illustrates the different components that make up a User Manager and how they are linked. Take time to review and understand the components of a custom User manager before attempting to create a custom User Manager.

Component	Description
User Manager	The collective container for the different components .
Security Provider	The implementation of an authentication mechanism represented by a set of interfaces for interacting with an identity store and authenticating users located in that store.
Security Label	The token string that is prepended to the user’s identity, for example the ‘K2’ label is used for Active Directory users by default, which appears in the K2 context as K2:[Domain\Username]. The Security Label identifies specific instances of Authentication Providers and / or Role Providers.
User Resolution	The mechanism to confirm the identity of a user when they login or interact with services and data sources. User authentication is performed by passing a set of user credentials.
Role Provider / Resolution	The mechanism used to resolve user roles and groups.
Fully Qualified Name (FQN)	The FQN is the user or role value in [Security Label]:[User/Role Name] format used by K2 for authorization such as assigning tasks, interacting with tasks or assigning permissions.
Identity Store	The service that provides the user details to be used for authentication.
Authentication Provider	The mechanism by which the user is authenticated against the Identity Store.

It is recommended to review the Authentication and Authorization in K2 series of whitepapers provided by K2 to fully understand the architecture, use and implementation of User Managers in K2.