This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice This article is not considered official documentation for K2 software and is provided “as is” with no warranties.

Objective

In order to improve a user's experience it might be requested that SmartForms automatically log the user into the application, instead of prompting them for credentials. Our goal is to have the user be able to avoid the login prompt. This login and supplying of credentials is required as K2 SmartForms makes use of claims to authenticate the user. We just want the login process to be as simplified as possible. This login process will also only happen if the user does not have a token created for them, usually once per 8 hours which is the default for this token to expire.

The credential prompt will look like the following on IE:

Image

In Chrome users will see the following for the credential prompt:

Image

Before You Begin

- Note that this will only work if we are using NTLM (Windows) authentication. If SmartForms is configured to log the user in via forms, or an alternative 3rd party IdP, then this is not guaranteed to work as the Windows credentials passed might not be valid.

- If you would like to apply this across certain user bases it would be best to configure this through Group Policy within your organization. Below are a few threads that could assist you in doing so:

https://community.spiceworks.com/topic/1951380-adding-trusted-sites-using-gpo

https://deployhappiness.com/managing-internet-explorer-trusted-sites-with-group-policy/

We should add the K2 SmartForms site as a trusted site and ensure that the logon is set to Automatic logon with current user name and password via Group policy.

How-to Steps

1. Open up IE and go to Internet Options > Security > Trusted Sites. Click on the Sites button and add the K2 SmartForms site here.

Image

Image

If you have multiple K2 Web Apps and have the /identity/ site under a different IIS binding we should also add that URL into trusted sites as well. In this example my /identity/ site exists on the binding https://k2workspace.denallix.com, so I need to add that as well. If you are just using one Web App for your K2 sites, this can be ignored.

2. On the same tab while selecting Trusted Sites, click on the "Custom level..." button. Scroll to the very bottom on the settings and search for the section User Authentication > Logon. Select the radio button for Automatic logon with current user name and password.

Image

3. Click OK to save this and OK on the Internet options page to complete the saving on this settings change.

4. Clear your browser cache (This deletes the existing token and will have the user go through the login process again).

5. Access the SmartForms site, notice we will see it hit the /identity/ site in our navigation, but the user will not get prompted for credentials. The SmartForms site will load now without having the user supply credentials.