How to configure K2 Package and Deployment to Authenticate an AAD User in K2 Five

2 years ago
15 February 2022
0 replies
171 views

G

+5

GrahamGoode
Nintex Employee
0 replies

How to configure K2 Package and Deployment to authenticate an AAD User in K2 Five

KB002069

PRODUCT

K2 Cloud Update 2

K2 Five 5.0

K2 Package and Deployment in K2 Five is configured to leverage Windows integrated security. This means that your Active Directory ID (DomainUsername) will be passed to K2 and used to determine if you have the required permissions and memberships to execute package creation and deployment tasks. However, K2 Package and Deployment can be manually configured to use an Azure Active Directory (AAD) identity.

This article will walk you through the steps necessary to create a K2 Package and Deployment server connection for an AAD identity.

This article assumes that the K2 Five environment has already been configured to integrate and authenticate with AAD by running the SharePoint Online Registration wizard.

Consent to the K2 AAD Login application.
In order to log into K2 Package and Deployment with an AAD identity, K2 Package and Deployment needs to authenticate the credentials against AAD. To do this requires that the K2 for AAD Log app be previously granted consent within the target AAD tenant. This is the same app used by the K2 APIs, so follow these steps to grant consent
Consent must be granted by an AAD tenant admin
1. Open K2 Management.
2. Select Integration > APIs.
3. Click on the Setup AAD Consent button.
4. This will redirect you to the AAD login screen (notice the “K2 for AAD Login” app title). Enter the username and password for the AAD tenant admin and sign in.
5. You should now be at the consent screen. Click Accept.
6. Upon acceptance, you are redirected to the K2 website. You can close that browser window.
K2 Package and Deployment Configuration
1. Open K2 Package and Deployment
2. Click on New
3. At the add a new server dialog enter in the following fields:
  Server Name – the name or IP address of the K2 server
  Server Port – this should most likely be 5555
  Username – the AAD login name (e.g. codi@denallix.com)
  Password
  Label – this should be AAD
  Integrated Security – *** must be unchecked***
  
  The AAD user must be a member of the Package and Deployment role, and must have export rights (or be a member of a group that has export rights) on the K2 server.
4. Click OK
Usage
1. Select the newly added server.
2. Now select either Create New Package, Edit Package, or Deploy Package.
3. At this point K2 will use the AAD identity when attempting to package or deploy solutions.