Friday, January 23, 2015

Add Extranet Security with Registration Approval Workflows


Extranet Collaboration Manager for SharePoint 2013 (ExCM) allows you to create users in three ways:

1. Manually

2. Invitation Registration (via e-mail)

3. Anonymous Registration (potential users visit the Extranet site and click “Sign Up”)

The most common of these is via invitation. When using invitations, there is most likely an existing business relationship with the invitee and the general thinking is that “if you’re invited, you’re approved.” However, there may be certain scenarios where you want to add an approval step for invited users as well.

In addition, there may be instances where you need to implement Anonymous Registrations for user creation. For example, suppose you didn’t know ALL of the email addresses for potential site users. By using Anonymous Registrations, a user can visit the site, fill out the registration from, and create a new account herself. The downside to this is that since your SharePoint Extranet site is available worldwide to anyone with an Internet connection, there is a possibility of invalid or unnecessary account creation.

By turning on approval in ExCM, ALL registrations (both invitation and anonymous) are required to be manually reviewed by someone and either approved or rejected…thus adding another layer of security to your site. However, this could become a very tedious task for approvers since they would have to manually check for new accounts periodically and determine their approval status. By creating a basic workflow, you can email approvers when a new registration occurs and let them know it’s ready to be reviewed.

In 2013 you will first need to activate workflows. Go to Site Settings > Site Collection features and activate "Workflows":











Next, you need to enable content approval on the Registrations list. You do this by navigating to the Extranet Management menu under “Site Settings” and then Registration Settings > Registration Approval Settings > Registration Approval:





Now you’re ready to create your approval workflow. Out of the box, SharePoint provides a very basic workflow specifically designed for approval. To configure it, you need to navigate to Registration Approval Settings as before and select “Registration Workflow Settings.” From here you need to select the “Approval – SharePoint 2010” template, specify a name for your workflow, then click “Next:




On the following screen you need to select the approver(s) to notify, enable content approval, and optionally specify a due date for the task. Once that’s done, click “Save:”




The last step is to set up a workflow initialization to start the workflow. This is also done on the Registration Approval Settings page. Note that you can set up unique initializations for both Anonymous and Invitation Registrations. For this post, we’ll only set up a workflow for Anonymous:




On the next screen, you need to choose your newly-created workflow and optionally provide a requestor and/or condition. Let's just use the defaults for now:




You can now see your workflow listed:




After registering a new user on the site anonymously, the following email is sent to the approver specified above:




By clicking the circled hyperlink or the “Open This Task” button, you are taken to a screen where you can perform a number of tasks on the registration. For this post we are going to simply “Approve” it. Once you have approved the registration, the user receives an email confirmation telling them that their registration has been approved.




In summary, the approval feature offered by Extranet Collaboration Manager for SharePoint 2013 (ExCM) can offer an additional layer of security to your site by requiring registrations to be reviewed by a specified approver. Creating a simple out-of-the box approval workflow can greatly streamline the approval process by notifying the approver when a new registration is ready to be reviewed. This workflow can be utilized for both Anonymous and Invitation Registrations.

No comments: