One of the most sought-after features for Nintex Workflow for Office 365 has been the classic feature in our on-premises offering (Nintex Workflow for SharePoint) that lets workflow designers securely store credentials for connector actions (such as DocuSign send document, Office 365 Create Item, Salesforce update record, to name just a few). While this hasn’t been available due to architectural differences in the underlying SharePoint platform, I am pleased to announce that we have extended our capabilities in the cloud and would like to introduce you to the all-new Connection Manager for Nintex Workflow for Office 365!
The Connection Manager is critical to implementing sophisticated workflow solutions in your organization by removing the need to store usernames / passwords in each action. This new capability:
- Lets you easily meet and exceed your organization's information security policies and standards
- Removes the need to update numerous actions in a workflow when a password changes
- Eases the burden on workflow designers having to know (and manage) credentials for other systems
What exactly is the Connection Manager?
The Connection Manager is an all-new component of Nintex Workflow for Office 365 that leverages the power of Nintex’s investments in world-class cloud infrastructure to improve security and governance by securely managing authentication for numerous SaaS platforms* and services so that workflow designers won’t have to worry about configuring actions with individual usernames and passwords.
Connection Manager allows connections to be created using either OAuth 2 authentication or username and password depending on the method supported by the actions that use the connection. When username and password authentication is required, end-to-end encryption and encryption at rest are used.
Connection Manager provides robust governance of data integrations in your Nintex workflows as well as the ability to control which users can use those connections.
How do I use the Connection Manager?
First, it matters where you create connections in the Connection Manager (action vs. workflow gallery), due to your ability to create both personal connections and shared connections.
Personal Connections – Connections created inside an action configuration dialog (inside of the workflow designer) will be considered “personal” and the credentials used will only affect workflows designed by that user across the tenant.
Shared Connections – Connections that can be created by site collection administrators as well as site owners that are shared and used by any workflow designer, these connections can also be scoped to individuals. Shared connections can also be configured to be visible to specific users.
NOTE - the steps below are to be used for creating a shared connection. Please see the post by Rick De Marco entitled What's New: Govern connection creation and usage with Connection Manager for more details on both personal and shared connections.
Step by Step - Creating a Shared Connection as a site collection admin
First, navigate to the SharePoint Online site where you would like to use the Connection Manager and open the Nintex Workflow for Office 365 app via Site Contents (for site workflows) or via the desired list or library for a list workflow.
Then, upon opening the app, you will notice that the workflow gallery will display any available workflows. Also, there is now a Connections option on the left navigation:
When you click on Connections, you will see a list of available connections. To create a new connection constant, simply click on Create New Shared Connection:
Choose the connection type you would like to use. (Please reference the link titled “Which connection type should I choose?” for additional information.) Then configure the connection by entering the required information. (The example below covers connecting to SharePoint Online lists and libraries.) Feel free to be descriptive in the Connection Name field, as unique names and clear labels can help workflow designers choose the right connection the first time. Then click on Connect:
Upon clicking Connect, the system will open a login dialog for desired system. Enter the username and password for the desired account and complete the login. You will be prompted to trust the app privileges. Click Accept to continue:
NOTE - if you receive a dialog indicating you need admin approval it means your tenant has been configured to not allow non-admins to provide consent to apps, if this occurs you will need to speak to your admin to either create the connection or allow the consent (setting in Azure portal).
After the connection has been created, you can begin to use that connection constant in a workflow. Click on Workflows on the left navigation and click on Create Site Workflow:
In the designer, simply drag and drop a SharePoint list-level action (such as Office 365 Create List Item or Document Set) to the canvas and then open its configuration dialog by double-clicking on it or opening the item menu:
NOTE - After selecting a connection, you may select the checkbox titled "Apply connection to all 'SharePoint Online: List & library' actions within this workflow" to use this connection for all of the subsequent list actions added to this workflow which will automatically inherit this connection for all other actions of the same type (e.g. SharePoint List & Library actions).
The Connection Manager provides an even more robust set of cloud integration capabilities in Nintex Workflow for Office 365. Rest assured, this feature is laying the groundwork for even more exciting capabilities in the near future!
In the meantime, check out these other helpful links about the Connection Manager:
Connector Manager documentation - https://help.nintex.com/en-US/O365/Default.htm#cshid=1341
Connection Manager FAQ
Q: What happens when a password changes for a credential stored in a Connection Manager constant?
A: Suspended workflows terminate after approximately 10 days. If your workflow is suspended due to a failed authentication through a connection, you can resolve the situation by updating the credentials or other settings in the connection and then resuming the workflow.
Q: How do I disable connections from being created in the workflow designer?
A: Open the Nintex Workflow for Office 365 app, click on the cog / gear in the upper right corner.
Click on Connections on the left side of the Administration Settings dialog. Then uncheck the box next to "Allow connections to be created in the workflow designer." This option is only available for site collection administrators.
Q: Which account should I use when I create a new Connection Manager connection?
A: When it comes to choosing which credentials should be used in an action, consider using an account with the least amount of privileges. For example, if you're using the Office 365 Create Item action to create an item in another site, consider using a user-account credential that has Contribute rights on the target list, instead of Full Control. On the other hand, if you are creating sub sites using the Office 365 create site action, you will need to use credentials with Full Control permission in the root site because Contribute is not enough.
Q: When I create a connection in the Connection Manager via the app in the Connection Gallery tab, what is the scope of that connection?
A: The connection can be used:
- Across a Site, if you have full control privileges or higher
- Across a Site Collection, if you have Site Collection Administrator privileges.
*Q: Can I create a connection for a non-SharePoint SaaS connector (such as DocuSign)?
A: No, not yet. This is planned for a future release. Please monitor the Nintex Product Blog for updates.
The connections to SharePoint Online resources may require specific privileges. Please refer to the matrix below for additional details:
Connector Privileges Matrix
Minimum SharePoint Online privileges
SharePoint Online: List & library
SharePoint Online: Site & user administration
SharePoint Online: Site collection administration
SharePoint Online: User management