K2 Five

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Content control should have administrative configuration to restrict what domains are allowed to embed content from

    Currently the SmartForms content control can embed content from any domain/site instead of allowing an administrator to restrict it to certain sites/domain that are known to be safe.

    The idea is to allow an environment administrator to add restrictions for the content control similar to what SharePoint does:
    https://support.office.com/en-ie/article/allow-or-restrict-the-ability-to-embed-content-on-sharepoint-pages-e7baf83f-09d0-4bd1-9058-4aa483ee137b

    Options that should be available:
    Allow Any Domain
    Restrict to whitelist of domains
    explicit: help.denallix.com
    wildcard: *.denallix.com
    Automatically includes all domains associated with smartForms
    Do not allow content injection (Not essential)
    Prevents the control from being used on new forms/views

    Configuration must be available through management site so that platform admins…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. No built-in CAPTCHA type control or integration to prevent automatic form submission by bots

    When exposing anonymous SmartForms to the internet or on a corporate website, there is currently no built-in way to prevent malicious bots from submitting the form and potentially creating millions of illegitimate entries.

    Adding a custom CAPTCHA type implementation before the form loads is not sufficiently effective seeing that once a malicious user gets passed the CAPTCHA prompt it would allow them to see all the SmartForm requests that can be used by a bot to submit the form automatically.

    A built in CAPTCHA type control and integration would be best - The idea is that it would allow a…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Validation rules on SmartObject input properties that validates input values server side whenever a SmartObject is executed

    Currently all validation rules that are built in SmartForms are executed client side which is not great for data integrity.

    Seeing that SmartObjects are seen as the data layer, it would be great to be able to configure validation rules on input properties as part of the SmartObject's design.

    Examples of Validation types that should be available:
    Regular expressions (ex email address, social security number, etc)
    Value comparisons - Ex Value < 100
    Property comparisons - Property1 >= Property2

    Once a SmartObject is designed with these validation rules, the validation should be executed server side whenever the SmartObject is executed…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add the Audit Log of K2 Management Actions and Login History

    As K2 is a corporate level tool, most company has it's security policy.

    Those company may not allow to use K2 or can't pass the SAT/System Audit because of this point.

    Especially need the logging of permission granting and user activity(Not only the workflow related action.).

    e.g. Login log history, Role create/assign/remove history, Permission granting history.

    27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Automated Way to Manage Category Security Permissions at the Category Level

    Our organization will easily have hundreds of K2 Categories due to the level of integration with SharePoint. That said each of these K2 Categories will have unique permissions. As of K2 5.2 the setting of these K2 Category permissions is a manual task. Example - the K2 Security Admin would have to browse to the specific K2 Category, break inheritance, remove the Everyone Role and add the necessary SharePoint Security Groups. We have worked with K2 and they have developed for us a console application to address this scenario. While this console application is meeting our requirements the goal would…

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make K2 to be compatible with FIPS policy

    Currently all Federal Agencies use FIPS compliance policies and K2 doesn't work in a FIPS enabled environment. We have multiple federal agencies who use K2 and looking for a solution on this. Are there any future plans for K2 to be compatible with FIPS?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. K2 not functioning with FIPS compliant algorithms enabled

    When enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" Security Policy on the K2 Server, the K2 Hostserver Service fails to start with an error: Error Starting Host Server: System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

    K2 does not appear to be FIPS compliant. This is a Security Policy than can be applied to Client infrastructure so should be supported.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Service Instance Security

    It would be really great to have Service Instance Security. Currently all users will have access to all Service Instances, and if they have access to create/publish SmartObjects, that means they will also be able to use any and all Service Instances available.

    it would be great if the following security could be associated to Service Instances:

    • View: Enables you to see the Service Instance in the Design canvas
    • Create: Create a new service instance
    • Modify: where you can modify/refresh a specific service instance
    • Delete: Delete an existing service instance
    • Execute: The ability to run that service instance (which adds…
    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Lists with User Account--Cannot Differentiate One User From Another

    Very difficult to manage users and accounts...

    On Server Rights and other lists, add column or hover over for Account ID--not just First/Last Name. This is important, because some users have different account types or have the same name as others. There is no way to differentiate one from the other... Makes it hard to add Impersonate, Admin or Export if we have 10 accounts that look exactly the same.

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base