This section covers Portal role, permissions and some settings.


Configure Portal settings

To manually configure Portal settings, refer to HowTo: Update Portal settings.

Portal settings are stored as Variables.

In development, it is a quite tedious task to configure Portal settings after restarting Designer. You could update value of Variables in PortalKit/config/variables.yaml for the settings that you want to configure, it could survive after restarting Designer.

Language settings

  • Below is applied language setting precedence:


If user email language setting is application default, language would be applied by application email language setting.

If user selects a language in email setting, language would be appplied by this selection.

To configure languages of Portal applications, refer to Language settings.

  • For multiple languages, the CMS key /AppInfo/SupportedLanguages must exist in your application. This CMS entry is in Portal Style. It contains list of all languages supported by your application, separated by comma.

    • Must not contain spaces

    • Same as display name of Locale

    • Separated by comma

    • Process model version, which has this CMS, must active

  • To add new language to Portal, what you have to do is

    • Add new language locale to cms entry of Portal Style /AppInfo/SupportedLanguages

    • Export all CMS entries of Portal Style to excel file

    • Add translation of new language for all CMS entries

    • Import file excel back, then redeploy Portal Style

    • This is sample how to add new Spanish to portal


Role configuration

PortalKit roles



User belong to this role can handle AdminUI page, configure the internal role properties, create public filters. Users who own this role need some permissions.

Permission settings

Permissions can be configured in Cockpit. In the security area, you will find all these permission in the Group “PortalPermissions”

Task permission

  • Add note

    User needs permission: PortalPermission.TASK_CASE_ADD_NOTE.

  • Delegate

    To show delegate action, user needs permission: PortalPermission.TASK_DISPLAY_DELEGATE_ACTION.

    To delegate personal or group tasks, user needs permission: TaskWriteActivatorOwnTasks (This permission belongs to Portal permission group and it is not assigned to role Everybody by default).

    To delegate all tasks in task list, user needs permission: IPermission.TASK_WRITE_ACTIVATOR.


    Task state cannot be one of the following values: CREATED, DONE, DESTROYED, RESUMED, FAILED.

  • Reset

    To show reset action, user needs permission: PortalPermission.TASK_DISPLAY_RESET_ACTION.

    To reset task, user needs permission: IPermission.TASK_RESET_OWN_WORKING_TASK or PortalPermission.TASK_RESET_READY_FOR_JOIN or IPermission.TASK_RESET.


    Task state has to be one of following values: RESUMED, PARKED, READY_FOR_JOIN, FAILED.

  • Delete

    User needs permission: IPermission.TASK_DESTROY.


    Task state isn’t DESTROYED or DONE.

  • Reserve

    To show reserve action, user needs permission: PortalPermission.TASK_DISPLAY_RESERVE_ACTION.

    To reserve task, user needs permission: IPermission.TASK_PARK_OWN_WORKING_TASK.


    Task state has to be one of following values: CREATED, RESUMED, SUSPENDED.

  • Change description

    User needs permission: IPermission.TASK_WRITE_DESCRIPTION.


    Task state cannot be one of following values: DONE, DESTROYED, FAILED.

  • Change deadline

    User needs permission: IPermission.TASK_WRITE_EXPIRY_TIMESTAMP.


    Task state cannot be one of following values: DONE, DESTROYED, FAILED.

  • Change priority

    User needs permission: IPermission.TASK_WRITE_ORIGINAL_PRIORITY.


    Task state cannot be one of following values: DONE, DESTROYED, FAILED.

  • Display additional options

    To show additional action, user needs permission: PortalPermission.TASK_DISPLAY_ADDITIONAL_OPTIONS.

Case permission

  • Add note

    User needs permission: PortalPermission.TASK_CASE_ADD_NOTE.

  • Delete

    User needs permission: IPermission.CASE_DESTROY.


    Case state must be RUNNING.

  • Change description

    User needs permission: IPermission.CASE_WRITE_DESCRIPTION.


    Case state cannot be DESTROYED.

  • See related tasks of case

    To show related tasks action, user needs permission: PortalPermission.SHOW_ALL_TASKS_OF_CASE.

    To see related tasks, user needs permission: IPermission.TASK_READ_OWN_CASE_TASKS or IPermission.TASK_READ_ALL.


    Case state cannot be DESTROYED.

  • Display show detail link

    User needs permission: PortalPermission.SHOW_CASE_DETAILS. This permission is not assigned to role Everybody by default.

Administrator permission can see all tasks/cases in the application

Normal users can only see their tasks/cases they can work on.

Administrator can see all tasks/cases in the application.

Permissions needed: IPermission.TASK_READ_ALL, IPermission.CASE_READ_ALL .

Administrator permission can interact with all workflows in the application

Normal user can update and delete workflow which created by him and can interact with workflow’s task which assigned to him.

Administrator can create, update and deletes all workflows in the application.

Other permissions


Permission required




Create, edit




Read, add, delete absences of all users



Manage substitute



Upload, delete



Create Express workflow

PortalPermission.EXPRESS_CREATE_WORKFLOW (assigned to role Everybody by default)


Add dashboard

PortalPermission.STATISTIC_ADD_DASHBOARD_CHART (assigned to role Everybody by default)

Analyze, filter tasks and export data to excel for advanced analysis


Portal permission

Access to full process list, it’s “Processes” on the left menu and link “Show all processes” on Dashboard


Access to full task list, it’s “Tasks” on the left menu and link “Show full task list” on Dashboard


Access to full case list, it’s “Cases” on the left menu


Access to statistic, it’s “Statistics” on the left menu and link “Show all charts” on Dashboard


Add note to task/case


Display show more note


Create public external link, all other users can see that link in full process list and can also add it to User Favorite


Virus Scanning Setting

PrimeFaces is delivered with one implementation of that interface that uses VirusTotal. To enable VirusTotal you need to create a community account at the VirusTotal website. You receive an API key once you have an account. To configure the API key add the following snippet to the configuration/web.xml file:

<param-value>PUT YOUR API KEY HERE</param-value>

By default after configured context-param in the web XML file, the Virus Scanning is enabled. You could update the value of the variable EnableVirusScanner to false in PortalKit/config/variables.yaml that you want to disable.

Reference: How to check if uploaded files contain a virus.

Global variables


These variables are storing as key, value. Can edit in the cockpit only.


Default value



0 0 6 * * ?

Cron expression define the time to clean up data of obsoleted users. E.g.: expression for at 6AM every day is 0 0 6 * * ? . Refer to crontrigger . Restart Ivy engine after changing this variable.



If set to true, the cron job runs daily (at 6.AM as default) will clean all finished hidden cases in engine. Otherwise, just hidden cases which were generated by Portal will be deleted.



By default, Portal will query tasks and cases which don’t have hide information. Set it to false, Portal will ignore this additional property.



By default, Portal will redirect to Login Page if login is required and user is unknown. Set it to false to redirect to login error page and hide Logout in User menu when you are using external authentication and the user is not created in your application user list.


These variables are storing in JSON format, can edit on the cockpit, or using the UI on the Portal Admin setting.


The standard announcement for Portal included general information (e.g. Downtime, Changes, etc.). This message can be seen by all portal users.

Filename: variables.Portal.Announcement.json

Data model:

{ "contents": [{
      "language": "en",
      "value": "The announcement content in english"
   "enabled": false
  • contents: list of supported languages and content for each language.

    • language: the language code such as en, de, es, and fr

    • value: the announcement content of that language

  • enabled: the status of the announcement, true shows the announcement


You can define your custom menu item via this JSON file. It will be included on the left menu.

Filename: variables.Portal.ThirdPartyApplications.json

Data model:

[{    "id": "284352a58c7a48a2b64be8a946857c7a",
      "displayName": "{\"de\":\"AxonIvy ger\",\"en\":\"AxonIvy\"}",
      "menuIcon": "fa-group",
      "menuOrdinal": 1,
      "name": "{\"de\":\"AxonIvy ger\",\"en\":\"AxonIvy\"}",
      "link": "",
  • id: the identification number of a third-party application, auto-generated by UUID

  • displayName: the display name of the app that shows in the left menu, support multi-language

  • menuIcon: the style class of app icon that shows in the left menu

  • menuOrdinal: index of app that uses to sort menu items in the left menu

  • name: the name of third-party app

  • link: the URL of third-party app


You can define the standard statistic charts via this JSON file. It will be shown as the default charts on the statistic page.

Filename: variables.Portal.StatisticCharts.json

Data model:

[{ "id": "42e2d9afd9824abc8d3a70b9d9867dba",
   "names": [{
         "locale": "en",
         "value": "Task chart"
   "type": "TASK_BY_EXPIRY",
   "filter": {
      "timePeriodSelection": "LAST_WEEK",
      "createdDateFrom": null,
      "createdDateTo": null,
      "selectedCaseCategories": ["Alpha_Company"],
      "selectedRoles": ["Everybody"],
      "isAllRolesSelected": false,
      "selectedCaseStates": ["RUNNING"],
      "isAllCaseStatesSelected": false,
      "selectedTaskPriorities": ["HIGH"],
      "isAllTaskPrioritiesSelected": false,
      "customFieldFilters": {
         "CustomVarCharField": ["Request for new computer"],
   "position": 6
  • id: the identification of chart, auto-generated by UUID

  • names: the display name of the chart, support multi-language by defined locale and value


  • filter: list filters apply for each chart

    • timePeriodSelection: type of period filter such as CUSTOM, LAST_WEEK, LAST_MONTH and LAST_6_MONTH

    • createdDateFrom: start time for custom period filter

    • createdDateTo: end time for custom period filter

    • selectedCaseCategories: case category filter

    • selectedRoles: role filter

    • isAllRolesSelected: indicator to inform that selected all roles or not

    • selectedCaseStates: case state filter

    • isAllCaseStatesSelected: indicator to inform that selected all states or not

    • selectedTaskPriorities: task priority filter

    • isAllTaskPrioritiesSelected: indicator to inform that selected all priorities or not

    • customFieldFilters: list CustomField name filters, define by ICase.customFields()

      • CustomVarCharField: name of ICase.customFields()

  • position: position index of chart that uses to sort chart in the UI


You can include your custom application favorites processes via this JSON file. It will be shown as the processes in the application favorite section.

Filename: variables.Portal.Dashboard.FavoriteProcesses.json

Data model:

[{ "id": "234152a58c7a48a2b63be8a946e5731b",
   "processType": "IVY_PROCESS",
   "processName": "Alpha Company Task",
   "icon": "fa-building",
   "processId": "Portal/portal-developer-examples/Start Processes/ProcessHistoryComponent/createAlphaCompany.ivp",
   "index": 1
  • id: the identification of a process, auto-generated by UUID

  • processType: type of a process such as EXPRESS_PROCESS, EXTERNAL_LINK, IVY_PROCESS

  • processName: the display name of a process

  • icon: the style class of the process icon

  • processId: the process id of the process start in ivy

  • index: the index number to sort the processes in the dashboard


The standard express processes of Portal.

Filename: variables.Portal.Processes.ExpressProcesses.json

Data model:

[{ "id": "f281e1ee7fb54bcda8d7a0c64ba46fc8",
   "processName": "Portal Express process",
   "processDescription": "Process",
   "processType": "AHWF",
   "processPermissions": ["Everybody"],
   "processOwner": "#portaladmin externalId:889",
   "processFolder": "8e9870b2-0179-46eb-bdb8",
   "readyToExecute": true,
   "processCoOwners": ["#demo externalId:9CA"],
   "icon": "fa-codepen",
   "taskDefinitions": [{
      "type": "USER_TASK",
      "responsibles": ["Everybody"],
      "subject": "Express user task",
      "description": "Express user task",
      "taskPosition": 1,
      "untilDays": 2,
      "formElements": [{
         "elementID": "Input area2020-09-07 04:57:05",
         "label": "Input area",
         "required": true,
         "intSetting": 7,
         "elementType": "InputTextArea",
         "optionStrs": [""],
         "elementPosition": "HEADER",
         "indexInPanel": 0
      }, {
         "type": "EMAIL",
         "responsibles": [],
         "taskPosition": 2,
         "untilDays": 3,
         "email": {
            "recipients": "",
            "responseTo": "",
            "subject": "Verify Express process",
            "content": "<p>Email content</p>",
            "attachments": [],
            "empty": false
   "ableToEdit": true,
   "useDefaultUI": false
  • id: the identification of an express process, auto-generated by UUID

  • processName: the display name of an express process

  • processDescription: the description of an express process

  • processType: type of express processes such as AMWF and AHWF

  • processPermissions: the process permissions who can see this express process

  • processOwner: the user information who create this express process

  • processFolder: the folder id where the express process use to store data

  • readyToExecute: indicator to inform that process can start or not

  • processCoOwners: the user information who can see this express process

  • icon: the style class of express icon

  • taskDefinitions: list tasks of the express process

    • type: type of the express task such as USER_TASK, USER_TASK_WITH_EMAIL, APPROVAL, and EMAIL

    • responsibles: responsible for the express task who can work on the task

    • subject: the name of an express task

    • description: the description of an express task

    • taskPosition: the index of a task in the express workflow steps

    • untilDays: the expiry day of an express task

    • formElements: list forms on the UI of the express task

      • elementID: auto-generated

      • label: the label of the element

      • required: indicator to inform that form element is required or not

      • intSetting: auto-generated

      • elementType: type of element

      • optionStrs: select options of an element

      • elementPosition: the position of an element on UI

      • indexInPanel: auto-generated

      • email: define an email task

        • recipients: the recipients of the email

        • responseTo: response to the email

        • content: the content of the email

        • attachments: list attachments

        • empty: indicator to inform that attachment is empty

  • ableToEdit: indicator to inform that express can edit

  • useDefaultUI: indicator to inform that express process is using default UI elements