Administration

enaio® 12.0 »

Licenses: Universal Client License

With version 12.0 we are introducing a new license: the universal client license (CLU).

The new license allows users to launch any number of client applications on any number of stations at one time: enaio® client, enaio® webclient as a desktop application, enaio® webclient-app, and enaio® mobile.

The universal client license replaces the existing 'WEB' and 'ASC' licenses.

It is possible to update to version 12.0 without a new license file. After an update, some licenses in the license area of enaio® enterprise-manager are removed as they are no longer used.

New license files for version 12.0 are generally only issued with universal client licenses. License files with universal client licenses are imported via enaio® enterprise-manager and automatically managed after the 'license' service has been restarted.

The universal client licenses are not configured in enaio® enterprise-manager. They are only shown there as in use by the 'license' service.

License files for version 12.0 may not be imported into previous versions.

Licenses that are no longer required:

  • 'WEB' and 'ASC' client licenses
    These client licenses that were previously used will be replaced by the new universal client license in new license files. It is still possible to update an enaio® system to version 12.0 without a new license file. Existing clients can still be used to the same extent as before.

    The previous 'ASR' license will be removed.

  • Module licenses
    Module licenses for document types are no longer required. All document types are available in the clients even without a new license file.

  • Subscriptions and follow-ups
    Subscriptions and follow-ups no longer require their own 'SUB' or 'REM' licenses and can be managed via new system roles: 'Client: Use subscriptions' and 'Client: Use follow-ups'.
    All users are automatically assigned these new system roles during an update.

  • Run SQL query
    The function no longer requires its own license and is now managed exclusively via system roles.

  • Client workflow

    A separate 'MWC' license is no longer required to use the workflow, which is now managed exclusively via workflow configurations.

Licenses that are integrated in modified form as enterprise licenses:

  • Edit SQL queries
    The 'OSM' license only needs to be available and no longer has to be assigned to workstations. The function is now managed exclusively via the 'Client: Edit SQL queries' system role.

  • enaio® editor-for-events
    The 'EVE' license only needs to be available and no longer has to be assigned to workstations. The function is now managed exclusively via the 'Client: Create events' system role.

The 'DIS' license for the digital signature has also been modified. This license should now be managed as a floating license. A 'DIS' license is only claimed by a user after their new 'Client: Sign documents' system role has been checked.

The preconfigured periodic job LicCheckThreshold has been extended to also check the utilization of the 'CLU' license.

Universal Client License in the 'license' Service

The new universal client license is managed by the 'license' service, meaning that the service must be available for license checks by enaio® client at all times. Errors may occur in enaio® client if this is not the case and the license can therefore not be renewed.

Please note this in particular when it comes to administrative tasks involving services and when restarting enaio® service-manager. Notify enaio® client users if a restart is necessary or schedule the accompanying activities.

If multiple enaio® service-manager with the 'license' service are integrated into enaio®, they coordinate the allocation of licenses among themselves and ensure system stability.

Multiple 'license' services all require an identically configured configuration file license-prod.yml with the maximum number of licenses.

'license' Services

If multiple 'license' services are installed, the port entries in the relevant servicewatcher-sw.yml files must be modified.

For the 'license' service, change the port 7371 to the port range 7371–7379.

If license files are imported into enaio® enterprise-manager with licenses managed by the 'license' service, the 'license' service will need to be restarted.

enaio® service-manager

New Microservices

'lumee' Microservice

The 'lumee' service integrates the 'lumee' dashlet. The dashlet allows users to chat with an AI assistant about data in enaio® and quickly collect information.

The following data can be included:

  • Context reference: the data of objects that users mark in hit lists or locations.

  • Data reference: the data of all objects of object types that are configured for the AI search in enaio® editor.
    In this mode, users can also limit the reference to marked objects.

The information references the source documents of the information.

Access to information is managed via the rights system. Users only receive information from objects to which they themselves have access.

Use of the dashlet can be restricted to groups via the configuration.

The 'lumee' service is installed via enaio® service-manager; the dashlet is integrated for enaio® client via enaio® enterprise-manager and for enaio® webclient via the dashlets.json file.

The configuration is carried out via the lumee-prod.yml configuration file located in the \config directory of enaio® service-manager. Large language models are integrated. The OpenAI API must be supported.

Settings for prompts can also be made via the configuration file and from the dashlet in the case of users with the 'Administrator: Configure entire system' system role.

If data from object types is incorporated for the data reference via Indexing for AI search, this data is generated in Elasticsearch in an additional vector database. Existing objects need to be re-indexed.

'bmp' Microservice

The new 'bmp' service manages workflow data.

The service is installed via enaio® service-manager. It is not configured.

The service is required for the new enaio® administrator-for-workflow (web), among other things.

'system' Microservice

The new 'system' service manages basic information on users and groups.

The service is installed via enaio® service-manager. It is not configured.

The service is required for the new enaio® administrator-for-workflow (web), among other things.

The service performs the functions of the 'users' microservice previously used. It is no longer used and will automatically be uninstalled during an update.

If project-specific endpoints of the 'users' microservice were used, changes to the corresponding endpoints of the 'system' service will be necessary. Connections via enaio® gateway are automatically forwarded.

Encryption

The configuration values of the microservices can be encrypted in all configuration files.

Masking

In enaio® services-admin, sensitive data in the configuration files, such as passwords, are masked. Additional values that are to be masked can be specified via the application-prod.yml configuration file.

enaio® administrator

Authentication: Separating the User Name and Login Name

Users are assigned a new property in the user administration, i.e., the login name. The login name must be unique. It is used solely for authentication purposes.

With this new feature, the integration of authentications, in particular the switch from NTLM to Kerberos, can be configured flexibly.

Unlike the user name, the login name can be changed via enaio® administrator or via enaio® directory-sync.

During an update, the login name is pre-populated with the user name. Users can log in using the name they previously used.

In the clients and in all client dialogs, the user name is still used to identify the user.

New System Roles

The following system roles have been introduced:

  • Client: Use subscriptions (ID 110)

  • Client: Use follow-ups (ID 111)

  • Client: Sign documents (ID 112)

    All users are assigned these new system roles during the update.

  • Server: Run script (ID 109)

    This system role is automatically assigned to all users with the 'DMS: Supervisor' system role.

'Advanced History Maintenance' Automatic Action

The 'History maintenance' automatic action is supplemented by a matching 'Advanced history maintenance' automatic action, axachistex.dll.

The 'Advanced history maintenance' action can be used to clean up the history on an object type-specific basis. Multiple parallel configurations of the automatic action are possible.

When creating a configuration, the configuration data can be transferred from an existing 'History maintenance' action.

Automatic Actions: Multilingualism

Automatic actions that optionally create additional reports or advanced logs now generate them in German, English, or French and in the HTML format, depending on the language setting.

JavaScript

JavaScript is now available as a script language in almost any script context.

  • Client events

    Client events can be created in JavaScript. In addition to the event type, the script language of an event is highlighted in enaio® editor-for-events in order to provide a clearer overview.

    As usual, JavaScript events support client-side debugging.

    JavaScript libraries can be created to manage script code.

  • Client-side workflow events

    Client-side workflow events can be created in JavaScript. In addition to the event type, the script language of an event is highlighted in enaio® editor-for-workflow in order to provide a clearer overview.

    The global events are also available in the workflow in JavaScript.

    As usual, JavaScript events support client-side debugging.

  • 'Run script' automatic action

    This automatic action can run scripts in JavaScript. The JavaScript can be started via the configuration dialog for automatic actions in the debugger.

  • 'Data and document export' and 'Data and document import' automatic actions

    Scripts can be integrated in JavaScript to export and import data. JavaScript can be started in the debugger via the configuration dialog for automatic actions in enaio® administrator.

  • VB-Script add-on

    The script add-on can run scripts in JavaScript. The 'OxHelp' and 'ASFile' objects are supported.

    JavaScript in the script add-on supports debugging.

The further development of enaio® capture has been discontinued with version 12.0. As a result, enaio® capture will not support JavaScript.
SQL queries with enaio® editor-for-reports in enaio® client do not yet support JavaScript.

VBScript can still be used. We recommend switching to JavaScript, as VBScript is no longer maintained by Microsoft, with the expectation that it will be discontinued.

Support for JavaScript

The switch to JavaScript is supported by the following functions.

  • COM libraries can be used.

  • Depending on the component, the following COM objects are available: Application, InfoWindow, OxHelp, ASFile, and Session as a replacement for DrtSession from CDL.

  • Logs for client-side events in enaio® client can be output in a console window. Console outputs can still be generated for the debugger window.

  • Debugging of events is possible.

  • Syntax highlighting for JavaScript is available.

Detailed information on JavaScript and debugging can be found on the developer pages.

enaio® mail-archive-service

enaio® mail-archive-service also supports Exchange on-premises.

Integration is carried out in the same way as with Exchange Online by configuring the 'mas-mailbox', 'mas-smtp', and 'mas-storage' services.

The same object definition can be used to create the objects.

Technical requirements for Exchange on-premises:

  • EWS API: Exchange Web Services API must be enabled for Microsoft Exchange on-premises. This is typically the default setting.

  • Configuration of mailbox access: An impersonation user and a dedicated security group must be defined in Active Directory. All mailboxes designated for processing should be added as members.

  • SMTP journaling: For SMTP-based journaling, appropriate journaling rules and a send connector must be configured on the Exchange server.

enaio® administrator-for-workflow (web)

enaio® administrator-for-workflow will be replaced in a subsequent version by the web application enaio® administrator-for-workflow (web).

enaio® administrator-for-workflow (web) is installed with the 'admin' service. The new 'bpm' and 'system' services are required.

It is necessary to extend the configuration file application-prod.yml from enaio® gateway located in the section ossecurity:

ossecurity:
  exposedEndpoints: '/osweb/**,/admin/**'

Access is via the new enaio® web-admin-shell, via <gateway-IP>/admin, or directly via the address <gateway-IP>/admin/workflow-administrator.

The 'WF-Admin: Start' system role is required.

The following function is not yet integrated: statistics reports

enaio® administrator-for-workflow (web) is being developed with a particular focus on accessibility and user-friendliness.

Workflow administration as a web application allows users to access data from processes and models via URLs in order to facilitate development, analysis, and troubleshooting.

Example:

http://<gateway-IP>/admin/workflow-administrator/#/process-details/active/<WORKFLOW-GUID>

enaio® enterprise-manager

License Import

enaio® enterprise-manager checks the service name and address of enaio® server when importing a license file and displays a corresponding message if the data does not match the existing data. The license file can be imported even if the data does not match.

If license files are imported into enaio® enterprise-manager with licenses managed by the 'license' service, the 'license' service will need to be restarted.

License Management

In the license management, the view of the stations can be filtered by computer name and IP address.

Kerberos Name Resolution

Another value is possible for Kerberos name resolution: SAM via LDAP. SAM and UPN can be identified on the basis of the security ID via the LDAP connection. These values may be necessary in complex AD architectures based on multiple subdomains.

Multilingualism

In the media management of enaio® enterprise-manager, the object types are displayed with English names if English names are available.

enaio® directory-sync

enaio® directory-sync has been extended to include the following function:

  • The new login name is part of the synchronizable data. The login name is specified using a schema based on existing data. The login name must be unique.

  • Also included is the full user name, which can now be specified using a schema based on existing data.

  • User comments and group descriptions can also be imported from directory data.

  • The new system roles can be added to users. Changes may need to be made to existing configurations.

  • The security ID can also be used as the name source for the user account for LDAP and the ID for Entra ID.

  • Filters can be integrated for LDAP synchronization. For example, only users and groups that were created or modified during a certain time period can be taken into account.

enaio® webclient

Internal Tray

The internal tray with service releases of version 11.10 is available at enaio® webclient. As part of service releases, functional equivalence to enaio® client was largely achieved.

The same documents are available in enaio® client and enaio® webclient.

Workflow Substitution

In enaio® client, it is no longer necessary for substitutes to depersonalize the process beforehand when opening pre-personalized work items from the substitute basket. This means better support for the substitutes’ workflow in this situation.

Server API

The new job krn.REGetRegValues returns all values for a specified registry key and, optionally, also the values of all subordinate registry keys.

COM

The new COM function OpenMsgBox can be used to display modal hints.

This function can also be called from JavaScript.