Please Share your Product Ideas with us!

All ideas are welcome. Just because the Idea doesn't make it into the product immediately does not make it a bad idea.

Conduct workflow EmailTo field should be configurable

Conduct sets up ttWorkflowMessge-EmailTo field with the UserID value. This sets up the workflow in semi-anonymous mode. A workflow link generated using this method is high security risk. User can forward the workflow email to anyone on their network and they can click and gain access as that user with all the access of original user.

We should setup conduct just like compose where this is driven by parameter. If UseUserIDInWorkflow is checked then only we should use UserID in that field else we should use their email address. Workflow generated using email address will force the user to login.

This was observed when both Integrated and custom authentication was used.

  • Sajid Mansoori
  • Jul 2 2020
  • Shipped
  • Attach files