Site Workflow Configuration

The workflow settings described in this section belong to SharePoint Site Workflows.

Type = "SHAREPOINT";

This specifies the workflow type. This must be SHARPEOINT in order to be an email workflow.

SubType = "SITE";

This specifies the SharePoint workflow sub type. This must be SITE in order to be an site workflow.

Platform = "";

You need to specify the used SharePoint platform here:

  • sp2013
  • sp2016
  • sp2019
  • spo
  • spon

Environment = "";

This can be used to specify the SharePoint Online hosting environment:

  • production : Default Office365 environment
  • usgovernment : Office365 for US Government
  • germany : Offic365 in the "German Cloud"
  • china : Office365 in China Cloud
  • ppe : ?

Platform must be spo to use this setting!

Connection = <object>

You can execute a SharePoint workflow on multiple webs (and multiple lists if workflow types list and state machine). The executed workflow script is always the same. All other settings are identical (names of lists such as error list or data list). If you configure this property you cannot configure Web and AlternateWebUrls in parallel. The <object> looks like this: The <object> looks like this:

Connection = @(
  @{ 
    Web              = "https://firstweb.sharepoint.farm"; 
    AlternateWebUrls = @();
    spoAppId         = '';     #optional! 
    spoAppSecret     = '';     #optional! 
    spUser           = '';     #optional! 
    spPassword       = '';     #optional! 
    AzureAdApp       = $false; #optional! 
    spoCert          = '';     #optional! 
    spoCertPassword  = '';     #optional! 
    Environment      = '';     #optional!
  },
  @{ 
    Web = "https://secondweb.sharepoint.farm"; 
    AlternateWebUrls = @();
  }
)

For a description of Web and AlternateWebUrls please read the descriptions of the properties below.

The "optional" settings can be used to configure individual credentials for each connection. If they are not present the corresponding setting from the top level of the configuration is used!

Web = "";

Full URL to the SharePoint web the workflow is connected to.

Do not specify this setting if you have configured Connection!

RetryOnVersionConflict = $false;

Force workflow script to run again in case of "version conflict" (parallel item modifications in SharePoint).

Default: $false

UserProfileCacheLifetime = 60;

With Get-KFUserInfo a workflow script can query the SharePoint user profile store.

To reduce the calls in case of querying the same account during the workflow run the requested profiles are cached.

Default: global configuration. There: 60 seconds.

spUser = ""; and spPwd = '';

The following two parameters can be used to specify credentials for the workflow for SharePoint access.

If not specified the executing user will be used to access SharePoint.

This user need to have permissions on all object the workflow need to access, e.g. workflow list, items, data list, config list, ...

However it is possible to store credentials in a protected fashion using the parameter --setusername on kenaflow.exe. This will write the encrypted credentials to these two parameters. - Encryption of credentials uses the kenaflow encryption passphrase configured in global configuration. - If encrypted the setting contains a Base64 encoded string that starts with unicode character 0xFFFF. This means that the plain spUser and spPassword are not allowed to start this character!

spoAppId = ""; and spoAppSecret = ''; (without AzureAdApp or AzureAdApp = $false)

Only if platform is 'spo' = SharePoint Online or 'spon' = SharePoint Online New.

Here you can specify "app credentials" to access SharePoint online.

Please read article App ID & App Secret.

You can store encrypted credentials here with program switch --appid on kenaflow.exe. - If encrypted the setting contains a Base64 encoded string that starts with unicode character 0xFFFF. This means that the plain spUser and spPassword are not allowed to start this character!

AzureAdApp = $true with
spoCert = ""; and spoCertPassword = ''; and spoAppId = '<tenant-id>|<app-only-credential-id>';

This combination of credentials can be used with the "new" SharePoint Online connection using PnP Core.

Here you use a certificate for the app-only login.

You need to register an "Application" in the Azure AD of your (SharePoint Online / Microsoft 365) tenant, upload a certificate, grant permissions and enter the data in _wfconfig.ps1

AlternateWebUrls = @();

A list of alternate URLS, e.g. if a web application has Alternate Access Mappings.

Remove Events could be received with such an alternate URL.

Do not specify this setting if you have configured Connection!

ConfigList = "Workflow Configuration";

Defines the name of the workflow config list.

DataList = "Workflow Data";

Defines the name of the workflow sata list

HistoryList = "Workflow History";

Defines the name of the workflow history list

ErrorList = "Workflow Errors";

Defines the name of the workflow error list

RER = $false;

Specified whether the workflow offers "Remote Event" endpoints.

A list workflow can receive SharePoint Remote Events, Custom Data Remote Events and Link Remote Events.

Please read Remote Event.

MaximumRerLifetime = 120;

Specifies how long a Remote Event is valid before it is skipped forever (if not processed).

Default: configuration in global config. There is default: 120s.

PostponeFailedRer = 5;

Specifies how long a a remote event is postponed in case of errors during processing.

Default: configuration in global config. There is default: 5s.

DumpRerEventDataToLog = $false;

When remote events are processes this can be used to force kenaflow to write the remove event data to the log.

Because is could write critical data to log this is disabled by default.

Its mainly there for development.

Permission Sets Settings

PermissionSetCreate="kenaflow Create"; PermissionSetRead="kenaflow Read"; PermissionSetUpdate="kenaflow Update"; PermissionSetDelete="kenaflow Delete"; PermissionSetManage="kenaflow Manage"; PermissionSetApprove="kenaflow Approve"; ... can be used in _wfconfig.ps1 to configure the names of kenaflow created permission sets for the kenaflow specific SharePoint permission cmdlets:

Please read article Permissions for details.