What's new
WorkZone 2022.1
Enroll WorkZone in Azure and set up SCIM provisioning
It is now possible to enroll a WorkZone instance in Azure and provision users and groups from Azure AD to WorkZone.
See Enroll WorkZone in Azure and set up SCIM provisioning and Provision Azure AD to WorkZone.
WorkZone Process
The WorkZone NgDP integration has been adapted to reflect the latest changes to NgDP released by the Agency for Digitisation. The WorkZone NgDP integration can be used in production when the Agency for Digitisation releases NgDP November 2021.
Stand-alone e-Boks Push Service for NgDP
You can now install the WorkZonee-Boks as a stand-alone service on a Windows server.
Added guidelines for registering the WorkZone application at Azure and using it for WorkZone services authorization (in WorkZone Cloud Edition installations). See Register WorkZone in Azure .
WorkZone for Office
It is recommended, that you add the Required registry settings on all PCs running WorkZone for Office, to avoid WorkZone add-in being occasionally turned off in Microsoft Office applications (Word, Excel, PowerPoint, Outlook).
WorkZone I/O Manager
Added guidelines on how to set up and configure WorkZone I/O Manager with WorkZone (a typical integration example with the most common tasks). See Install WorkZone I/O Manager.
WorkZone Process
WorkZone e-Boks Push Service supports NgDP
WorkZonee-Boks Push Service now supports Next generation Digital Post (NgDP). See Install and configure WorkZone e-Boks Push Service.
WorkZone 365
Added guidelines on how to install and deploy the WorkZone Teams app to collaborate on WorkZone content directly from your channels and private chats in Microsoft Teams. See Install WorkZone Teams.
As of this release the HTTP protocol is no longer supported.
WorkZone Content Server changes
Re-indexing required when upgrading
If you upgrade your WorkZone Content Server 2021.0 or WorkZone Content Server 2021.1 installation to WorkZone Content Server2022.1, the meta data for the File, Record, Contact, and Address tables must reindexed. Reindexing the meta data for the Document table is not necessary.
WorkZone Client and WorkZone Configurator
Default Content Security Policies
Default Content Security Policies have been configured and enabled upon installation for WorkZone Client and WorkZone Configurator to enhance effective security controls available to the web browser and help prevent client-side attacks, such as Cross-Site Scripting.
If connectivity issues or issues with the execution of scripts or other code snippets in browsers accessing WorkZone Client or WorkZone Configurator are experienced, these issues might be attributed the default Content Security Policy values.
The default Content Security Policies can be checked and configured on the Microsoft IIS 7 server in the IIS Manager form to see if the policy performs as expected and adjust the policy values if necessary.
The Content Security Policy settings can also be checked by using the developer tools in the relevant browser or by using 3rd party development tools – for example Postman (a platform for API development).
A Content Security Policy cannot stand alone and should be considered a defense-in-depth measure for injection attacks, as it is dependent on browser support.
Cross Origin Resource Sharing (CORS) updated
Cross-Origin Resource Sharing (CORS) used in WorkZone services, such as WorkZone PDF Engine, WorkZone Process and WorkZone OData has been updated.
If WorkZone services are to be requested from browsers or web clients from other domains (for example WorkZone Client and WorkZone Configurator applications hosted on a different host than Process service), system administrators must configure the Cross-Origin Resource Sharing parameters AllowedCorsOrigins and AllowedCorsHeaders for WorkZone PDF Engine, WorkZone Process and the optional silent installation parameter CORSORIGINS for WorkZone OData.
Cross Origin Resource sharing can be configured manually in the WorkZone config files after product installation.
WorkZone Process
Microsoft Graph integration - sending smartmails and email notifications
In previous releases, sending smartmails and email notifications in WorkZone Process was implemented using the EWS (ExchangeWebServices) library. EWS supported both the on-premises and the cloud version of Exchange server.
To strengthen the security of WorkZone and ensure continuous updates of the library, the Microsoft Graph library is now used instead of the EWS library to send smartmails and email notifications in cloud environments.
For on-premises installations, EWS is still used. It is also possible to use EWS in a cloud installation but only with basic authentication. To be future-proof, it is recommended to use the Microsoft Graph library.
See Configure WorkZone Process and Command line configuration.
WorkZone 365 changes
Updated guidelines on how to Install WorkZone 365 to use meetings in Microsoft Outlook 2016 and 2019.
WorkZone I/O Manager
A new module, WorkZone I/O Manager, is now available in WorkZone. See Install WorkZone I/O Manager.
WorkZone 365 changes
The paths to WorkZone 365 manifests have been updated. See Install WorkZone 365.
WorkZone Mobile changes
New Custom filters and Delegated tasks modules can now be enabled and disabled in WorkZone Configurator (under Global > Feature settings > WorkZone Mobile > Task). Ensure that you have enabled all modules your users will need to use. See Feature settings in the Administrator Guide for WorkZone Configurator.
WorkZone Process changes
A new advanced submission process has been added to the Extended process package. See About process packages.
A new STEPSUBMISSION access code has been introduced. It provides access to the new Advanced submission (Extended) process. See Access codes.
WorkZone Process changes
New DBOnly configuration option
A new DBOnly role has been added to the WorkZone Process Configuration Wizard and to command line configuration. Select the DBOnly role, if you only want to configure the database for WorkZone Process.
See Configure WorkZone Process and Command line configuration.
New PackageLoadTimeout parameter
A new optional PackageLoadTimeout parameter has been added to the command line configuration. The PackageLoadTimeout parameter controls the timeout for loading a process package. See Command line configuration.
WorkZone 365 changes
OAuth2 authentication is required for enabling merge functionality for the users.
WorkZone Mobile changes
New Browse module (an experimental feature) can now be enabled and disabled in WorkZone Configurator (under Global > Feature settings > WorkZone Mobile). Ensure that you have enabled all modules your users will need to use. See Feature settings in the Administrator Guide for WorkZone Configurator.
WorkZone is now supported on macOS devices and works in Google Chrome and Safari browsers for macOS. See Overview of supported 3rd party products.
Support for OAuth2 authentication framework
Define OAuth2 settings during installation of WorkZone Content Server
The OAuth2 Authentication framework can be selected as the authentication method for WorkZone users instead of the standard Windows authentication during installation. The framework can be used to authenticate WorkZone users in a cloud-based WorkZone installation.
If OAuth2 authentication is selected, you must define correct OAuth2 parameters to the Azure Active Directory: Tenant ID, Client ID and Client Secret.
The OAuth2 Authentication framework is automatically installed and enabled during installation of WorkZone Content Server, but must be configured correctly in order to be utilized. See Install WorkZone Content Server
Note: Performing case and document searches directly from File Explorer is not supported in a cloud setup as OAuth2 authentication is not supported by Windows Federated Search. See Supported Authentication Protocols (External link)
WorkZoneActive Directory replication changes
Active Directory replication in an OAuth2/Azure environment requires specific manual set up and configuration in order to enable the continuous replication of the Active Directory structure from an on-site domain controller to the WorkZone Content Server installed in an Azure environment. See Active Directory replication in an OAuth2 setting
WorkZone Process OAuth2 changes
- New OAuth steps in the KMD WorkZone Process Configuration Wizard. See Configure WorkZone Process.
- New OAuthClientSecret parameter and required specification of Exchange configuration parameters in command line configuration. See Command line configuration.
- Updated WorkZone Process post-installation checklist.
- New OAuth specific parameters in the Package Loader used for installing and activating customized process packages. See Install and activate customized process packages.
WorkZone PDF OAuth2 changes
- The
CrawlerClientId
andCrawlerClientSecret
parameters must be defined when installing WorkZone 2020.3. - Crawler user settings removed from the database configuration. See Perform database configuration and Deploy reports.
- By default, the Crawler user is defined as system. In this case, the WorkZone PDF Crawler service will be executed as a Local System. See Microsoft documentation.
- If you want to upgrade from version 2020.2 or earlier, you must uninstall the old version before installing the new one.
WorkZone for Office OAuth2 changes
If your organization uses OAuth2 for user authentication, you must enable form-based authentication in Microsoft Office 365 apps. See Enable form-based authentication in Microsoft Office 365 apps.
WorkZone Process changes
- The behavior of the SetupDatabase parameter has changed. It set to True by default. See SetupDatabase.
Define OAuth2 settings during installation of WorkZone Content Server(2020.1 Hotfix 1)
The OAuth2 Authentication framework can be selected as the authentication method for WorkZone users instead of the standard Windows authentication during installation. The OAuth2 authentication framework can be used to authenticate WorkZone users in a cloud-based WorkZone installation.
If OAuth2 authentication is selected, you must define correct OAuth2 parameters to the Azure Active Directory: Tenant ID, Client ID and Client Secret.
The OAuth2 Authentication framework is automatically installed and enabled during installation of WorkZone Content Server, but must be configured correctly in order to be utilized.
Note: Performing case and document searches directly from File Explorer is not supported in a cloud setup as OAuth2 authentication is not supported by Windows Federated Search. See Supported Authentication Protocols (External link)
WorkZone Mass Dispatch
WorkZone Mass Dispatch is now released for production. The changes to the installation procedure are:
- The DP2 service is required.
WorkZone Mobile
WorkZone Mobile Chat, Meeting and Notes modules now can be enabled and disabled under Global > Feature settings in WorkZone Configurator. Ensure that you have enabled all modules your users will need to use. See Feature settings in the Administrator Guide for WorkZone Configurator.
WorkZone for Office
- TLS 1.2 is now supported.
-
WorkZone Meeting functionality has been deprecated from WorkZone for Office, so you can no longer install the WorkZone Meeting client and server. We have released this functionality as part of our new WorkZone Office add-in.
WorkZone PDF
- The procedure for updating reports in the same release has been simplified. The Version parameter now includes hotfixes such as builds. See Create the Report JSON file.
- Report progress information is now shown in WorkZone Client. See My reports today list.
- The ActionsOnDocumentBeforeConversion parameter now supports flattening of forms and annotations in PDF documents. See Perform database configuration.
WorkZone Content Server
Be advised that the network TCP port 1200 (configurable) is now required to be open for incoming traffic on the Web server in order to receive chat notifications from the Oracle database to the new Notifications web application. If the Windows firewall is enabled on the Web server, it will be opened automatically when installing WorkZone Content Server using Olympus.
If the port is not open, the chat feature will not receive notifications regarding changes to chats. If another firewall is configured between Oracle and the Web server, the TCP port 1200 (configurable) must be opened there as well.
If another TCP port number is preferred, the port used can be changed in the “appsettings.json” file (section OracleAQNotificationPort) located in “C:\Program Files (x86)\KMD\WorkZone\IIS\WorkZone\Notifications\bin” on all Web servers.
WorkZone Process
- The performance of WorkZone Process Configurator has been improved. Process packages are now only loaded once into the database, which makes configuration faster when you want to configure WorkZone Process on multiple web servers. If you need to reload the process packages, you can use a new command line parameter named ForcePackageLoad.
- Access code changes regarding re-ordering user tasks
- Access code changes regarding creating delegates for other users
- The SmartPoste-Boks dispatcher now supports Digital Post 2. To use SmartPost with e-Boks using Digital Post 2, you need to install WorkZonee-Boks Push Service.
See Command line configuration.
Previously, the CONFIGADM access code also granted a user rights to re-order user tasks for other users. Now, only delegates can re-order tasks for other users. Task owners can always re-order their own tasks. See Access codes.
Previously, you could create delegates for other users if you had the CONFIGADM access code. Now, you can add delegates for the other users only if you already are a delegate for that user and have the ADMIN role. See Access codes.
WorkZone for Office
- You can use four new registry keys to fine-tune a standard behavior of WorkZone for Office according to your needs.
See Registry keys.
WorkZone 365
- WorkZone 365 for Microsoft Word, Excel, and PowerPoint has been released. This is the experimental version with limited functionality where you can only edit existing documents. Each application (Word, Excel, and PowerPoint) requires own manifest. Moreover, installation and uninstallation processes differ for Office 365.
Word, Excel, and PowerPoint are released not for the production usage. Please install and use them only for testing purposes and sharing your feedback with us. We expect the production version in the 2020.2 release.
See Install WorkZone for Office and Uninstall WorkZone for Office.
WorkZone Mass Dispatch
- Two new access codes MASSDISPATCH and MASSDISPATCHSEND related to WorkZone Mass Dispatch have been introduced in this release.
- You need to install WorkZone Mass Dispatch as a Windows service manually.
See Access codes.
This is not the version to be used in production. Please install and use it only for testing purposes and sharing your feedback with us. We expect the production version in the 2020.2 release.
WorkZone Meeting
- To install WorkZone Meeting Server, you no longer need to specify information on database: database name and user credentials. This information will automatically be updated by WorkZone Content Server.
Active Directory
- When performing Active Directory replication, post codes will not be replicated to user profiles where the country code has not been defined (the country_code field is empty).
WorkZone Explorer
- WorkZone Explorer can now be activated and deactivated from WorkZone Configurator > Global > Feature settings > Client > Explorer.
- If WorkZone Explorer is activated, the Explore button in the main ribbon in WorkZone Client will be displayed and the WorkZone Explorer feature will be accessible.
- If WorkZone Explorer is deactivated, the Explore button in the main ribbon in WorkZone Client will not be displayed and the WorkZone Explorer feature will be inaccessible.
WorkZoneCVR Integration
The Co. field for companies is now included in WorkZoneCVR Integration.
USELOGADM and USERADM access code changes
The USERADM access code is now required to access, search and view the Use Log module and the USELOGADM access code is required to start and stop the Use Log. This change affects all methods of accessing the Use Log (either through WorkZone Configurator or the ODATA interface.
- The Monitoring section has been moved to the new WorkZone Operations Guide.
- WorkZone PDF pre-installation checklist has been added to the guide.
- WorkZone PDF and WorkZone for Office post-installation checklists have been added to the guide.
WorkZone PDF
-
WorkZone PDF no longer performs the following database configuration:
-
database structure change
-
maintenance of WorkZone registers
These settings were moved to WorkZone Content Server.
-
- The
ClearConfidentialInformation
has been renamedActionsOnDocumentBeforeConversion
. - The
ActionsOnDocumentBeforeConversion
parameter can be now fine-tuned for each document type and each review information type. Please revise its settings according to your business needs. - By default, WorkZone PDF Crawler is now disabled after the installation. You can enable it in WorkZone Configurator.
- Setting of the WorkZone PDF Engine and WorkZone PDF Crawler parameters is no longer available during the database configuration. Please set the parameters in WorkZone Configurator, in the WZPDF_CONFIGURATION table, or in the Web.config file afterward.
WorkZone Process
Doc2Mail is renamed to OneTooX
The name change is implemented in both the user interface and the documentation.
WorkZone Configurator
- The installer now provides Repair option to fix a damaged installation.
- WorkZone Configurator now does not require individual installations on multiple databases: once installed on the web server, it will work on all databases installed on the same web server.
WorkZone for Office
- During the WorkZone for Office installation, server's and client's versions are now checked for their compatibility.
- WorkZone for Office now represents items in lists based on their rank.
WorkZone Meeting
New prerequisite has been added:
- You cannot use both WorkZone Meeting and WorkZone 365. Only one application must be installed to assure the correct work of WorkZone.
Active Directory
The STJERNEADM and MEDARBADM access codes enable a system administrator to grant Global or Departmental access rights to other users. Departmental access rights can only be granted if the organization uses WorkZone Corporate Edition.
USELOGADM and USERADM access code changes
The USERADM access code is required to see the Use Log menu in WorkZone Configuration Management. Both the USERADM and the USELOGADM access code are required for a user to access, search and view the Use Log module as well as start and stop the Use Log.
The USELOGADM access code also grants access to the Use Log through the ODATA interface.
This is the first version of the WorkZone Installation Guide. Installation content from WorkZone product specific installation and administrator guides have been merged in to this guide.
News in this guide:
- Architectural overview of WorkZone.
- Overview of supported 3rd party product releases that WorkZone supports.
- Prerequisites cover all products.
- Overview of access codes and what they are used for.
- A Monitor section that describes tools and log files that can be used for monitoring WorkZone.
WorkZone Content Server
New WorkZone Content Server installer
All WorkZone Content Server features now installed automatically when you install WorkZone Content Server. You still have to manually set up database access during installation. The installed WorkZone Content Server features can be individually activated or deactivated in WorkZone Configurator or WorkZone Configuration Management.
When you install WorkZone Content Server, you must select which program features are to be installed:
- Oracle client: Installs the Oracle client in the path. The Oracle ODBC driver feature is installed by default.
- Web server: Installs all common web services, Microsoft Office services and collaboration services required by WorkZone.
- Agent server: Installs all agents required by WorkZone not included Web server program features.
If you uninstall WorkZone Content Server, all WorkZone Content Server features will also be uninstalled automatically.
Installation of facets
Case facets are now automatically installed during installation of WorkZone Content Server. Additionally, when upgrading your database, facets are automatically selected for upgrade.
CPR/CVR integration
The CPR/CVR integration is now automatically installed during installation of WorkZone Content Server.
WorkZone Client
New WorkZone Client installer
All WorkZone Client features are now installed automatically when you install WorkZone Client. You still have to manually set up database access during installation. The installed WorkZone Client features can be individually activated or deactivated in WorkZone Configurator.
If you uninstall WorkZone Client, all WorkZone Client features will also be uninstalled automatically.
WorkZone for Office
- WorkZone for Office Administrator guide has been fully moved to the Installation guide.
- You can require users to assign access codes when they create new cases, documents, and contacts. To do this, specify relevant access codes in the
AccessCodesAffectRequiredFields
element and assign them to the users.
WorkZone PDF
- WorkZone PDF Administrator's guide has been partially moved to the Installation guide. In particular, installation, updating, uninstallation, and configuration sections.
- Web application name is now used to get configuration from the database. Target name in Web.config is no longer used for this purpose. This improvement simplifies configuration process.
WorkZone Process
Selection of process packages is now done in WorkZone Configurator
Selection of which packages to use has been moved to WorkZone Configurator from the WorkZone Process Configurator wizard. The Package selection page has been removed from the wizard. All standard process packages are installed but only the Basis process package is by default activated for use. You can activate other packages on the Feature settings page in WorkZone Configurator
See Activate process packages.
You can also display customized process packages.
See Display customized process packages in WorkZone Configurator.
Alignment of Exchange configuration parameters
The configuration of Exchange On-Premises and Exchange Online has been aligned. It is possible to
- Use Autodiscover when using Exchange On-Premises
- Configure the URL manually when using Exchange Online.
The Smartmail page of the WorkZone Process Configurator wizard has been modified to reflect this alignment.
See revised instructions in step 5 in Configure WorkZone Process
If you use command line configuration, two new parameters have been added.
- AutoDiscover
- ExchangeServerVersion
See revised parameter descriptions and examples in Command line configuration.