We're updating some of our product names. K2 Five is now Nintex Automation. You may see both product names in our help pages while we make this change.

K2 Runtime web.config File Security Settings

The following Security items are available in the K2 smartforms web.config file typically found at: C:\Program Files\K2\K2 smartforms Runtime\Web.config.

Node	Change permitted?	Description	Example or Default Value
Copy DefaultAuthData `<add key="DefaultAuthData" value="" />`	Yes	Advanced setting used for specialized security provider. Sends security authentication to security provider	Depending on the security provider's specification
Copy DefaultSecurityLabel `<!--<add key="DefaultSecurityLabel" value="K2"/>-->`	Yes	Useful for example when Workspace is not on the K2 domain and authentication is made under the context of the Application Pool where the Application Pool does not have access to the K2 HostServer. This setting allows for the security label to be manually overwritten ensuring that this scenario will work.	The DefaultSecurityLabel is used when specified. Leave blank to use the URM default security label.
Copy SecurityLabels `<!--<add key="SecurityLabels" value="K2;K2SQL"/>-->`	Yes	SecurityLabels that are available. This list can be filtered to only authenticate against those security labels. Used for Forms Authentication	Semi-colon separated list. Leave blank to use all the URM security labels
Copy IntegratedSecurityLabels `<!--<add key="IntegratedSecurityLabels" value="K2" />-->`	Yes	SecurityLabels that use integrated security. Used to identify when IsIntegrated should be added to the connection string. Used for Forms Authentication	Semi-colon separated list
Copy NonIntegratedSecurityLabels `<!--<add key="NonIntegratedSecurityLabels" value="K2SQL"/>-->`	Yes	SecurityLabels that do not use integrated security. Used to identify when IsIntegrated should be added to the connection string. Used for Forms Authentication	Semi-colon separated list
Copy ExcludedSecurityLabels `<add key="ExcludedSecurityLabels" value="SP" />`	Yes	SecurityLabels that should be excluded when authenticating users. Used for Forms Authentication	Semi-colon separated list
Copy ConnectAsAppPool `<add key="ConnectAsAppPool" value="false" />`	Yes	Allow anonymous access and interact with K2 Server as the Application Pool Account. See the following topic: K2 smartforms > Considerations > Authentication> Anonymous Access	One of the following: true false
Copy Forms.Authentication.Persistence `<!--<add key="Forms.Authentication.Persistence" value="true"/>-->`	Yes	Controls whether the "remember me" option is available for Forms Authentication. When set to true, the "remember me" option is enabled	One of the following: true false
Copy Forms.Authenticaxtion.SessionKeepAlive `<!--<add key="Forms.Authentication.SessionKeepAlive" value="true"/>-->`	Yes	This enables tracking of user session expiry.	One of the following: true false
Copy Forms.Authentication.WarnTimeout `<!--<add key="Forms.Authentication.WarnTimeout" value="30"/>-->`	Yes	This config value specifies the time in seconds before the user’s session expires that the user should be warned	The number of seconds
Copy Authentication `<add key="Authentication.Algorithm" value="{Base64EncodeString}" /> <add key="Authentication.Key" value="l5h1EY2qczSj0f8DNsLQElNqCWkV1m4o" /> <add key="Authentication.IV" value="{Base64EncodeString}" />`	No	Used for Forms Authentication for additional encryption of user credentials	N/A
Copy Forms.AuthenticationCookie.Name `<!--<add key="Forms.AuthenticationCookie.Name" value=".K2AUTH"/>-->`	No	Credential token sharing. Authenticate a user once and allows for an authenticated token to be re-used in multiple connections by storing a cookie in the browser section	N/A
Copy Forms.AuthenticationCookie.Duration `<!--<add key="Forms.AuthenticationCookie.Duration" value="0"/>-->`	No	Duration of current browser session. Default is zero. Noted in seconds	N/A