Workflows Page
Workflows can be created or edited on the Workflows page of the Kiosk Management Console. Workflows define sets of individual work behaviors for different users/groups/guests.
There are 3 workflow groups: Simplified, Employee and Guest group. Workflows in the Employee group requires authentication while the Guest and Simplified do not. Each group can be enabled or disabled but there must be at least one group enabled at a time. If Simplified group is enabled, Employee and Guest groups are disabled, and vice versa.
In each group, there must be at least one workflow enabled. The default workflows in each group are created and enabled by the installer. However, the default workflow in each group might be disabled after the upgrade to keep consistent to the settings of previous version. Any workflow can be edited even its group is disabled. Default WF in each group cannot be deleted, but editable.
Note: Workflows labeled with an "!" do not match with any existing Core workflow rules. You must select a corresponding MetaDefender Core in the 4.5. Selecting a Server to Process Files section.
For the Simplified group, only the Simplified workflow is created and set as the default workflow. See How do I use Simplified workflow for more detail.
For the Employee group, each user or user group can join multiple workflows but only one workflow is selected for a session. Users that are not included in any workflows will be assigned to the Default. Each user or group can join multiple workflows but only one workflow is selected for a session. See 9.1. Logging In on the User Authentication Screen9.1. Logging In on the User Authentication Screen for more details
Note: Any users that are not included in one of the defined workflows will be assigned the Default workflow (if "Default login" is enabled).
For the Guest group, there is a bit different from the Employee. The administrator can create additional custom guest workflows but there must be either default guest workflow or customs are enabled. The default and custom guest workflow should never be both enabled at the same time.
Selfscan always uses the default workflow of Employee group in regardless of the group or the workflow is enabled/disabled.
Default workflows
Name | Description |
---|---|
Simplified | Plug-and-play media scanning with automatic decryption and result display |
Default | Users that are not covered by other workflows |
Guest | Default when no other custom workflows active |
Creating a new workflow
To create a new workflow, click Create New Employee/Guest Workflow. You will be guided through the process of creating a new MetaDefender Kiosk Workflow. After the workflow has been created, each step in the workflow can be edited independently. A newly created workflow is always disabled by default.
Workflows after upgrade
Any workflows existing in the previous (prior to 4.5.6) version must be kept the same after the upgrade. The previous version’s Default workflow must become Default in Employee group; The previous version’s Guest workflow must become default Guest in Guest group.
In a very particular case where the Default workflow of the previous version is selected in non-authentication mode, then after the upgrade to 4.5.6 or higher, that Default workflow of the previous version is cloned as a custom workflow in Guest group, with new name "Cloned" and set as the only one enabled. This particular behavior would keep same behavior after the upgrade to 4.5.6.

User Authentication Method
User Authentication Method
As of Kiosk 4.5.6, User Authentication has been moved from the Configuration page to Workflows page as a User Authentication Method link.
The User Authentication Method link helps to configure and select user authentication method.
Windows user login
The Windows user login allows only local system users to log on Kiosk UI. The Kiosk administrator can choose whether to restrict the users by domain. If selected, only users on the same domain as the system are allowed to use MetaDefender Kiosk. If this is not selected, users will be able to enter authentication information for users on any domain as well as local system users.

Remote Active Directory
The Remote Active Directory allows both local and AD users to do. The address of the remote Active Directory server, as well as user credentials to authenticate against the server are required. These credentials will be used to retrieve the list of users from the remote AD server for the purposes of assigning users to specific workflows.

Multiple Active Directories can be configured. Click "New Server" to add a server to the list and "Delete server" on the right hand side to delete the specific entry. The "Status" indicator will show in real time whether Kiosk is able to connect to the AD server. For "Server address", input can either be the IP or DNS name of the AD server; "<ip or dns name>:<port>". The default port 389 (636 if SSL is enabled) will be used if one is not supplied.
Once SSL enabled, the server address should be in FQDN (Full Qualified Domain Name) format, for example:

Custom Authentication
If User Authentication enabled, the Kiosk administrator can choose between using the default MetaDefender Kiosk authentication or using a custom authentication module that has been installed on that MetaDefender Kiosk. For more information, see 11.1. Custom Authentication Module.
