User unable to start process even though rights were already given

  • 24 February 2022
  • 0 replies
  • 169 views

Userlevel 5
Badge +20
 

Azure Active Directory (AAD) User is unable to start process although rights were already given 

kbt135715

PRODUCT
K2 blackpearl
BASED ON
K2 blackpearl (all)
TAGS
Active Directory
Workflow
This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
LEGACY/ARCHIVED CONTENT
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.

Issue

The user is unable to start a process even though they were already given the "Start Process" rights through K2 Management.

Symptoms

This usually occurs when a K2 environment is using both Windows Active Directory (AD) and Azure Active Directory (AAD), and the users has accounts in both security providers. 

 

When the user tries to start the process, they are presented with an error that looks like: "24408 AAD:username@domain.com from <IP ADDRESS> does not have rights to Start Process <PROCESS NAME>"

Troubleshooting Steps

Check the account that was given the "Start Process" rights. Chances are, the rights were given to the user's AD account (i.e. "K2:DOMAINUsername") instead of the AAD account that was shown in the error message (i.e. "AAD:username@domain.com").

 

The accounts has to be matched 1 to 1 under the process rights as K2 does not form any symbolic link between a user's AD and AAD account, thus the account rights are not interchangeable and has to be assigned individually to each of the user's accounts.


0 replies

Be the first to reply!

Reply