November 14, 2020

The article below concerns Nintex Workflow Cloud. Nintex Workflow Cloud is a cloud-based platform where you can design workflows to automate simple to complex processes using drag-and-drop interactions without writing any code. You can build digital forms, integrate web services, and connect to third-party applications to create a seamless experience for your end users throughout the workflow.


What security-related best practices are Nintex Workflow Cloud users responsible for?



Users of Nintex Workflow Cloud are responsible for the following:

  1. Understanding and complying with their contractual obligations to Nintex.

  2. Immediately notifying Nintex of suspected or confirmed information security breaches such as compromised user accounts or passwords.

  3. Developing disaster recovery and business continuity plans that address their ability to use or access Nintex Workflow Cloud.

  4. Protecting end-points to thwart malicious software from entering the Nintex Workflow Cloud execution environment.

  5. Notifying Nintex of changes made to technical or administrative contact information in a timely manner.

  6. Designating internal personnel who are authorized to request user additions, deletions, and security level changes.

  7. Managing the user access controls for provisioning and deprovisioning user accounts. This includes enforcement of password policies, management of shared accounts, and authorization approvals.

  8. Restricting administrative privileges to approved need-to-know personnel.

  9. Securely managing the connectors including confidential management of account credentials, disabling connections no longer required, and managing need-to-know access to shared account information.

  10. Understanding and defining data storage requirements. Securely configuring any EFSS systems or other systems where files are eventually stored.

  11. Managing the confidentiality and integrity of the distribution of authentication tokens used to start component workflows.

  12. Managing the need-to-know and least privilege when sharing workflows.


You May Also Like…

Workflow Start Threshold and Throttling


Nintex Workflow Cloud (NWC) tenants have Workflow Start threshold of 10,000/hour per tenant.

Additional Information

Why does this threshold exist?

To provide a high-performance environment for all customers, in a fair usage environment. 
Ensure our service operates reliably and predictably for all customers.
Avoid performance degradation incidents.
The threshold level is well above the typical usage for most customers.  97% of our O365 & NWC customers have workflow starts below 5,000/hour.

What is considered a ‘Workflow Start’?
Any request to start a workflow through any of the following channels: Manual start, Form Submission, Start Event (i.e. item added to SharePoint list), Component workflows (i.e. started from NWC API, Start Workflow action, etc.), or a Scheduled start.

How can the threshold be avoided?

Optimize request operations:

Add more granular conditions for a request to start workflows
Fewer requests per hour
Stagger requests throughout the day
Reduce the frequency of requests

What happens when the threshold is reached?

External starts (API calls, component workflows, etc.) – No new workflows start;  Returns a 429.
Start Events – Workflow start is queued and retried in next hour.
Form submissions – Workflow start is queued and retried in next hour.
Scheduled workflows – Postponed until the next hour.

Additionally, an in-app banner message in Automate page will be displayed stating the following:
Due to higher volumes within the past hour some workflows have not yet started and are queued to commence shortly.  For more information, please visit the manage workflow starts help document.

Remove The Account To Configure Azure Active Directory Identity Federation After Completed The Setup


Can we remove the Admin account that is used to configure the Azure Active Directory identity federation after the setup has been completed? 

Additional Information

Yes, you can remove this Admin account after successfully finishing the setup and it will still work even after the account has been removed. 

Related Links