Workflow Manager Accounts

The following table lists the Workflow Manager accounts and the required permissions.

Workflow Manager Accounts and Privileges in the Integrated Solution

Workflow Manager Account

Product/Machine Requiring Privileges

Required Privileges

AMS_SYSTEM account

Workflow Manager server

The AMS_SYSTEM account on the Workflow Manager server requires the following privileges:

IIS_WPG group member—Must be a member of the local IIS_WPG group (or IIS_USRS) on the web server.
Modify permissions on file share—Must have “modify” permissions on the Workflow Manager file share.
Email permissions—Permission to send e-mail through the SMTP server.
Active Directory query permission—Permission to query Active Directory.
Local Administrators group member—If you will be calling any of the AdminStudio Platform APls in the iPlugin DLL, this account must be a member of the local Administrators group.

App Pool Identity Account

SQL Server

Starting with Workflow Manager 2013, if you configure Workflow Manager to connect to SQL Server with Windows Authentication, the domain account that you specify for the App Pool needs db_reader, db_writer, and execute permissions on the AdminStudio database.

Note:The Workflow Manager account does not require these permissions if connecting to SQL Server using an SQL Server user account (which already has db_reader, db_writer, and execute permissions).

See Also

AdminStudio Accounts

App Portal Accounts

FlexNet Manager Suite On Premises / FlexNet Manager Platform Accounts

System Center Configuration Manager Accounts