Site Workflow Configuration
The workflow settings described in this section belong to SharePoint Site Workflows.
Type = "SHAREPOINT";
This specifies the workflow type. This must be
SHARPEOINT
in order to be an email workflow.
SubType = "SITE";
This specifies the SharePoint workflow sub type. This must be
SITE
in order to be an site workflow.
Platform = "";
You need to specify the used SharePoint platform here:
sp2013
sp2016
sp2019
spo
spon
Environment = "";
This can be used to specify the SharePoint Online hosting environment:
production
: Default Office365 environmentusgovernment
: Office365 for US Governmentgermany
: Offic365 in the "German Cloud"china
: Office365 in China Cloudppe
: ?
Platform
must bespo
to use this setting!
Connection = <object>
You can execute a SharePoint workflow on multiple webs (and multiple lists if workflow types list and state machine). The executed workflow script is always the same. All other settings are identical (names of lists such as error list or data list). If you configure this property you cannot configure
Web
andAlternateWebUrls
in parallel. The<object>
looks like this: The<object>
looks like this:Connection = @( @{ Web = "https://firstweb.sharepoint.farm"; AlternateWebUrls = @(); spoAppId = ''; #optional! spoAppSecret = ''; #optional! spUser = ''; #optional! spPassword = ''; #optional! AzureAdApp = $false; #optional! spoCert = ''; #optional! spoCertPassword = ''; #optional! Environment = ''; #optional! }, @{ Web = "https://secondweb.sharepoint.farm"; AlternateWebUrls = @(); } )
For a description of
Web
andAlternateWebUrls
please read the descriptions of the properties below.The "optional" settings can be used to configure individual credentials for each connection. If they are not present the corresponding setting from the top level of the configuration is used!
Web = "";
Full URL to the SharePoint web the workflow is connected to.
Do not specify this setting if you have configured
Connection
!
RetryOnVersionConflict = $false;
Force workflow script to run again in case of "version conflict" (parallel item modifications in SharePoint).
Default:
$false
UserProfileCacheLifetime = 60;
With
Get-KFUserInfo
a workflow script can query the SharePoint user profile store.To reduce the calls in case of querying the same account during the workflow run the requested profiles are cached.
Default: global configuration. There: 60 seconds.
spUser = "";
and spPwd = '';
The following two parameters can be used to specify credentials for the workflow for SharePoint access.
If not specified the executing user will be used to access SharePoint.
This user need to have permissions on all object the workflow need to access, e.g. workflow list, items, data list, config list, ...
However it is possible to store credentials in a protected fashion using the parameter
--setusername
onkenaflow.exe
. This will write the encrypted credentials to these two parameters. - Encryption of credentials uses the kenaflow encryption passphrase configured in global configuration. - If encrypted the setting contains a Base64 encoded string that starts with unicode character 0xFFFF. This means that the plainspUser
andspPassword
are not allowed to start this character!
spoAppId = "";
and spoAppSecret = '';
(without AzureAdApp
or AzureAdApp = $false
)
Only if platform is 'spo' = SharePoint Online or 'spon' = SharePoint Online New.
Here you can specify "app credentials" to access SharePoint online.
Please read article App ID & App Secret.
You can store encrypted credentials here with program switch
--appid
onkenaflow.exe
. - If encrypted the setting contains a Base64 encoded string that starts with unicode character 0xFFFF. This means that the plainspUser
andspPassword
are not allowed to start this character!
AzureAdApp = $true
with
spoCert = "";
and spoCertPassword = '';
and spoAppId = '<tenant-id>|<app-only-credential-id>';
This combination of credentials can be used with the "new" SharePoint Online connection using PnP Core.
Here you use a certificate for the app-only login.
You need to register an "Application" in the Azure AD of your (SharePoint Online / Microsoft 365) tenant, upload a certificate, grant permissions and enter the data in
_wfconfig.ps1
AlternateWebUrls = @();
A list of alternate URLS, e.g. if a web application has Alternate Access Mappings.
Remove Events could be received with such an alternate URL.
Do not specify this setting if you have configured
Connection
!
ConfigList = "Workflow Configuration";
Defines the name of the workflow config list.
DataList = "Workflow Data";
Defines the name of the workflow sata list
HistoryList = "Workflow History";
Defines the name of the workflow history list
ErrorList = "Workflow Errors";
Defines the name of the workflow error list
RER = $false;
Specified whether the workflow offers "Remote Event" endpoints.
A list workflow can receive SharePoint Remote Events, Custom Data Remote Events and Link Remote Events.
Please read Remote Event.
MaximumRerLifetime = 120;
Specifies how long a Remote Event is valid before it is skipped forever (if not processed).
Default: configuration in global config. There is default: 120s.
PostponeFailedRer = 5;
Specifies how long a a remote event is postponed in case of errors during processing.
Default: configuration in global config. There is default: 5s.
DumpRerEventDataToLog = $false;
When remote events are processes this can be used to force kenaflow to write the remove event data to the log.
Because is could write critical data to log this is disabled by default.
Its mainly there for development.
Permission Sets Settings
PermissionSetCreate="kenaflow Create";
PermissionSetRead="kenaflow Read";
PermissionSetUpdate="kenaflow Update";
PermissionSetDelete="kenaflow Delete";
PermissionSetManage="kenaflow Manage";
PermissionSetApprove="kenaflow Approve";
... can be used in_wfconfig.ps1
to configure the names of kenaflow created permission sets for the kenaflow specific SharePoint permission cmdlets:Please read article Permissions for details.