You can now control when fields are visible to users without removing the underlying data, along with new options for controlling how restricted data appears in generated PDFs.

The new Limit availability (sensitive data) gadget setting gives admins more flexibility to manage sensitive fields, workflow-only content, and role-based access in forms. Combined with the new Generate PDF As option for workflow Notification Steps, admins can also control whose access level determines what data appears in attached document PDFs.

Why This Matters

Previously, fields hidden through conditional visibility could also remove stored data when conditions changed. With Limit Availability, field data stays saved in the background while remaining inaccessible until the right conditions are met.  This also applies when exporting the document as a PDF, ensuring restricted data remains hidden from unauthorized users.

We’ve also added new PDF access controls for workflow notifications, allowing admins to control whose permissions determine what data appears in automatically generated PDFs.

This helps you:

• Protect sensitive information
• Create admin-only or workflow-only sections
• Show fields only at specific workflow stages
• Preserve submission data even when fields are hidden
• Prevent restricted field data from appearing in exported PDFs
• Control what data appears in workflow notification PDF attachments based on user access levels

What Changed

The existing conditional visibility setting has been renamed to make its purpose clearer:

• Old label: Limit visibility based on other gadgets
• New label: Change visibility based on other fields

This setting still controls field visibility based on form responses.

The new Limit availability setting is separate and focuses on controlling access (based on certain criteria) while preserving data.

We’ve also added a new Generate PDF As option for workflow Notification Steps when the Attach PDF of the completed document setting is enabled. This option allows admins to control whose access level is used when generating attached PDFs.

• Select a user in the Generate PDF As setting to generate the PDF using that user’s permissions
• If no user is selected, the PDF will use the access level of the first notification recipient. If the notification is sent to a role or group with multiple recipients, the first user in the recipient list will determine the access level used to generate the PDF.

This helps ensure attached PDFs only include information the intended audience is allowed to access.

How to Configure Limit Availability

To enable the setting in an app/product:

1. Open the Form tab
2. Select a field
3. Turn on Limit availability (sensitive data) configuration option
4. Select Add Condition
5. Configure one or more conditions

Available conditions

You can make fields available based on the following criteria:

• User’s role in app — Control field availability based on app permissions.
  Example: Only app administrators can view or edit a section.
• User’s role — Control field availability based on group membership or assigned roles.
  Example: Only users in the Registrar’s Office Admin role can access certain fields.
• Submission’s version number — This option appears only when Document Versions is enabled in the form. Use this condition to control field availability based on the document’s version number.
• Submission’s workflow status — Control field availability based on the current workflow status of the submission.
  Example: Make fields available only while a submission is in Draft or In Progress.
• Submission’s workflow step — Control field availability based on whether the document is currently editable by the end user. Choose is Form Submission when the document is in the initial draft stage or has been returned to the user for corrections in the Form Fill step. Choose is not Form Submission when the document is in any other workflow state where end-user editing is locked.

Important Behavior Details

• Data in unavailable fields is still saved.
• Users must still have permission to access the document through Form Permissions or Conditional Permissions. If they can access the document, fields configured with Limit Availability will remain unavailable until the configured conditions are met.
• Restricted field data will not appear in exported PDFs for users who do not meet the configured conditions when exporting directly from the document.
• If you’ve configured PDFs to be automatically attached in a workflow Notification Step, you can choose to generate the PDF using a specific user’s level of access so restricted field data won't be included. If no user is selected, the PDF will use the access level of the first notification recipient.
• Fields may still appear in the document list, but only administrators can access restricted data there.
• The workflow step condition intentionally uses simplified options to avoid confusion caused by parallel routing workflows.

When should I use Limit Availability vs. Change Visibility?

Use Limit Availability when you want to:

• Restrict access to sensitive information
• Preserve hidden data
• Control access by workflow or permissions
• Exclude restricted data from exported PDFs

Use Change visibility based on other fields when you want to:

• Dynamically show or hide fields based on form answers
• Create conditional form experiences tied to field responses

You can now create and run Secondary Workflows to support processes that happen outside your main submission workflow.

This gives you more flexibility to trigger notifications, integrations, or review steps exactly when you need them - without impacting your primary workflow.

Why This Matters

Not every process fits neatly into your main workflow. Secondary workflows let you handle additional steps—like side reviews or system integrations—before, after, or alongside your primary workflow.

What You Can Do

• Run workflows independently of submission
  Trigger workflows manually from a document or automatically on save—without changing the document’s main workflow status.
• Support parallel processes
  Run multiple workflows at the same time to manage different business processes in parallel.
• Keep workflows flexible and reusable
  Create, publish, and version secondary workflows independently from your main workflow.
• Track workflow activity clearly
  View secondary workflow activity in the Workflow Status / Document History, with indicators for in-progress or error states.
• Test your workflow against real documents before publishing
  In addition to using the Workflow Simulator to complete a form and preview the workflow path, you can also select an existing document to simulate how the workflow will run in practice.

How it Works

• Admins can create and manage secondary workflows from the Workflow tab in a form.
• Once published, workflows can be:
  • Triggered manually from a document.
  • Triggered automatically on save based on defined conditions.
• Each workflow runs independently and maintains its own history and status tracking.
• End users will receive and act on workflow steps just like they do today—no additional steps required.

Important to Know

• Secondary workflows do not change the main workflow status of a document.
• Multiple workflows can run at once, but the same workflow won’t run in parallel on the same document.
• To fully understand activity on a document, you may need to review both the main workflow status and any active secondary workflows via Workflow History.
• A new Active Secondary Workflows column in the Document List helps you quickly identify which documents have workflows in progress.

Getting Started

To create a Secondary Workflow:

1. Go to the Workflow tab in your form (which defaults to the Primary workflow view), then click the dropdown in the top left to open the Manage Workflows page.
   
2. Within Manage Workflows, you can create, manage, enable, or disable your secondary workflows. Using the three-dot menu for each workflow, you can also Publish, Rename, or Duplicate the workflow.
3. Click on +New Workflow (or edit and existing from the 3 dot menu) - name the workflow and select what will trigger this workflow (either manually or if the document is saved with certain criteria):
   
4. If you selected the A change to a document trigger option, the first step in your workflow will be a Trigger Step, where you can define which field changes or document criteria will trigger the workflow to run. These workflows are triggered when a user saves the document.  You can switch the workflow trigger type between Manual and A change to a document at any time. Continue to build your workflow with the desired steps (more info in the Creating a Workflow article).
   
   Note: The 'Limit this workflow to a single execution across all versions of a document' configuration option allows you to limit the trigger to the first time someone saves and that attribute trigger exists; and it won't send again on every subsequent save.
5. When ready you can validate the secondary workflow using the Workflow Simulator by selecting an existing document to test against or by completing a new document.
   
6. Once validated, Publish the draft secondary workflow to make it live for automatic on-save actions or available for app and product administrators to manually trigger from a document.
   
7. Trigger a manual secondary workflow from a document using the menu options available when accessing the document from the Document List.
   

We’re excited to see how you use Secondary Workflows to streamline your processes. As always, we’d love your feedback!

Coming Soon

You’ll soon be able to trigger secondary workflows automatically based on a specific dates or intervals within a document. You will see the greyed-out option of A specific date or interval—these will allow workflows to run automatically on scheduled timing.

Keep an eye out for an upcoming announcement when this option become available.

You can now see exactly what permissions a user has—all in one place.

The new Effective Permissions tab, located within each user’s record, gives you a complete view of a user’s access across the system. Because this tab lives in the Person record, only users who have access to the People list can view it.

What You’ll See

The Effective Permissions tab shows all permissions assigned to a user in one organized view. It’s divided into three sections to help you understand where that access comes from:

• Groups & Roles
  View the user’s memberships in Kuali Groups, including any roles that contribute to their access.
• Policy Groups
  See app-level permissions granted through policies. This section shows the specific permissions a user receives from each policy.
• Effective Permissions
  Get a consolidated list of all permissions the user has across the system in one place.

Why it Matters

Instead of tracking down permissions across multiple areas, you can quickly understand both what access a user has and where it comes from. This makes audits, troubleshooting, and access reviews faster and more reliable.

How to access it

1. Go to the People list
2. Select a user
3. Open the Effective Permissions tab

This update gives you a clearer, more complete picture of user access—so you can manage permissions with confidence.

You can now expand and collapse Sections in the Form Designer—making it much easier to work with large, complex forms.

Why This Matters

Managing forms with lots of fields just got faster and less overwhelming. Instead of loading everything at once, you can focus on only the sections you need to update—improving performance and making edits easier to manage. You can also configure sections to be collapsible for end users, so they can hide completed sections and stay focused as they work.

New Collapse Options in Form Designer

• Collapse and expand top-level Sections via the toggle arrow in the top righthand corner of the Section.
• Or use the Expand All and Collapse All options for quick navigation in Form Designer to collapse and expand all top-level sections
• Please note - large forms (20+ sections or 100+ gadgets) will now open in a collapsed state by default
  

Collapse Settings for Section Gadgets

The below settings have been added in the Section gadget that allow you to add collapse options to your end users when completing the form:

• Section can be collapsed - turn this on to allow users to expand or collapse the section while completing a form. This helps reduce visual clutter and lets users focus on what matters most. When enabled the Sections will have the option to collapse or expand via the toggle arrow in the top righthand corner of the Section.
  • Section is collapsed by default - This option is only available when the 'Section can be collapsed' configuration is checked. When this setting is enabled, the section will start in a collapsed state when the form loads. This is ideal for optional or high-volume content that users don’t always need to review. We recommend not collapsing sections by default that contain  required fields.
    

What Form Users Will See

When filling out forms, if you've enabled 'Sections can be collapsed' you’ll see collapsible sections with a triangle icon—so you can hide or expand content as needed.  If the 'Section is collapsed by default' configuration is enabled then the Section will be collapsed by default when the user opens the form.

Also, if there are Sections within a Repeater gadget it will provide the Expand All / Collapse All options to manage multiple entries.

You can now select Groups from within your organizational blueprint hierarchy in a single lookup.  

Form designers can enable a new setting—“Choose from this Blueprint or any of its parents”—on either a Lookup (List) or Lookup (Multiselect) gadget when they're pointed at the Data Source of Kuali Groups. This allows form fillers to search and select Groups not just from the configured Blueprint, but also from any parent Blueprint that is above that Group in the hierarchy.

Why This Matters

Organizations don’t operate at just one level. Groups (aka Units) might be a department, college, center, or central office. With hierarchical selection, your forms now reflect that reality—without requiring multiple gadgets or complex configurations.

What’s Improved

• Flexible Group selection: Choose Groups from a Blueprint or any of its parent levels.
• Smarter workflow routing: Steps that don’t apply are automatically skipped based on the selected Group. Skipped steps are recorded in Workflow History.
  
• More powerful permissions: You can now configure Conditional Permissions using roles from any level in the Blueprint hierarchy. This allows you to base conditional permissions not only on the specific groups selected in the form but also any parent group/role above in the blueprint hierarchy.
  
• Hierarchy-aware access: Users gain access when their role aligns with the selected Group—or any Group that rolls up to it.

Additional Notes

• Hierarchical permissions update automatically when Group relationships change (for example, after a reorganization).
• A background job ensures permissions stay in sync with hierarchy updates.
• Please note, the background job that updates hierarchical permissions applies to all documents with explicit Blueprint data. To support this, we've run a migration to populate Blueprint information for all Data Lookup (Group) and Data Lookup (Groups) gadgets on existing documents. Due to performance considerations, this migration does not include data-linked Group gadgets. As a result, hierarchical permissions for those scenarios should rely on Group data provided through integrations for documents moving forward.

You can now download a complete, review-ready outline of your form directly from the form designer (either the saved Draft or Published version). This makes it much easier to gather feedback during development and share full specifications with stakeholders or regulators.  Within the Forms tab of a form you'll now see the Download Outline option:

Upon clicking the Download Outline it will give you the below options to download either the saved Draft or Published version of the form:

Once you chose an option it will generate an Excel file that includes:

• A table of contents listing every top-level section or page
• A dedicated worksheet for each section with key functional details
• Clear outline numbering that shows how gadgets are nested within sections, tables, and repeaters

Whether you're collaborating on changes or preparing formal documentation, you now have a clear, human-readable view of your entire form.  More information can be found in the What is the Download Outline Option in Form Design Tab? article.  Please note, that the Download Outline functionality is still in beta so if there are any issues please provide your feedback via support ticket.

You can now control how data is set and edited in your forms with new Read-only and Default Value configurations. This makes it easier to support integrations, protect source-of-truth data, and standardize key values across your forms.

Read-Only Configuration

There are times you may need to define a fixed value for integrations or calculations, such as a standard rate for a calculated value. This is especially useful when data is pushed into a Kuali form from another system that serves as the source of truth and should remain uneditable.  We've added the new gadget configuration option of Make this field Read-only that will make the field read-only for the end user but could be updated via API interactions or utilizing default values (explained more below).  

This configuration option is available for the following gadgets:

• Short Text
• Long Text
• Email
• Link
• Number
• Currency
• Date

Default Value Configuration

We’ve also added a new Set default value configuration, so you can predefine one or more default values depending on the field type.  This allows you set a default value if you desire on a user editable field but can also be used in conjunction with the Read-only configuration to use for calculation purposes (i.e. a fixed rate you want to utilize to calculate a cost - for example, setting a default read-only per deim rate and the user enters the amount of days which would allow you to calculate the desired value. This configuration option is available for the following gadgets:

• Short Text
• Long Text
• Number
• Currency

For those those gadgets that allow multi-select you'll see the Default options displayed under the configured options:

• Multiple Choice
• Dropdown
• Checkbox

Use Case Example

One practical use case for this new functionality is a travel request app that automatically calculates per diem.  You could have a Number gadget where the end user enters the number of travel days and then use a Currency gadget that's set with both the Read-only and Default Value of $178.00 - so it would be view only but could be utilized for calculations:

You can then add a Currency field and configure a calculation that takes the product of the number of travel days and the per diem rate, automatically generating the total:

Users often need visibility into how documents are connected across the system.  The new Associations gadget provides a clear view of all documents in the system that reference the document you’re currently viewing.  

Some example scenarios of use for the Association gadget across our products:

• Build: View how a form connects to other forms across departments.
• Research: Track which review checklists have been created for a protocol or which awards have been funded by a proposal.
• Ready: Understand how emergency plans reference shared resources or critical assets.
• Academic Operations: Identify courses or specializations associated with program or curriculum changes.

To configure simply add the Associations gadget to your form and then select a data set and the specific linked field. Once configured the Associations field in the form will display the configured Form Title Field of the document as a hyperlink so you can open the associated linked document(s).  You can configure what information displays as the Form Title Field via the Form Settings of the given form.

Note: Some Associations will be built into the form by default.  For example, Course Prerequisites in Kuali Academic Ops will allow you to see which courses/programs in the system are using the course they are on as a prerequisite/co-requisite.

More information on the Associations gadget and how to configure can be found here.

We’ve enhanced the Person record with new fields to better support institutional needs. You can now manage richer user metadata and use it in forms, workflows, and document metadata.

We’ve also introduced User Attributes, a new General App Data Type available in next-generation products (Academic Ops, Ready, and Research). These standardized user fields can be extended during implementation to capture institution-specific information.

What’s Changing

New Fields on the Person Record

All customers will see the following new fields added to the Person document (found in People & Groups via the Suite Menu):

• Prefix
• Suffix
• Title
• Phone Number
• Office Address
• Alternate ID – Used when integrating with a system that does not rely on your institution’s SSO

In addition, School ID has been renamed to Institutional ID to better reflect the range of organizations we support - please note, the field name in the API has not changed so it won't affect any user feeds.  

System administrators can populate these fields directly on user records, and all fields are available through the User API.

Introducing User Attributes

For our next generation products (Academic Ops, Ready, and Research) we’ve also added a new General App Data Type called User Attributes.

Products can include a published User Attributes dataset that:

• Provides standardized user metadata for use across the product
• Supports institution-specific user information
• Can be extended or modified during implementation

If your product includes a User Attributes dataset, you’ll see an additional section in Person Details showing the configured fields for each user. These fields can also be populated via the Person API.

Enhanced Person Typeahead Gadget

When adding a Person Typeahead gadget to a form, you’ll now be prompted to choose which metadata fields to pull into the form—similar to the Dataset Typeahead experience.

You can:

• Select available metadata fields
• Add them as data-linked gadgets
• Use them in workflows and read-only displays

This gives you more control over how user information appears and functions within your forms.

Using Extended Person Fields with Form Metadata

Form admins can also now pull additional person fields for the below metadata fields for a given form - which can be used to support Workflow routing, Integrations, Read Only gadgets:

• Creator
• Submitter
• Last Modified By

You'll need to enable the 'Access additional user metadata' option in Form Settings and you can then use the 'Edit Available Data' to configure the specific person fields you want to utilize. 

We’ve introduced a new Private Data gadget that allows you to securely store and manage sensitive information—such as Social Security numbers, credit card numbers, and driver’s license data—directly within your apps.  This feature is designed to help institutions meet higher security and compliance requirements while maintaining full visibility and control over who can access sensitive data.

Why this matters

Many institutions need to capture personally identifiable information (PII) but lack a secure, auditable way to do so. The Private Data gadget provides a safe, purpose-built solution that protects sensitive values while supporting everyday workflows.

Key capabilities

• Field-level encryption:  Private Data values are stored separately from other data and encrypted at the field level, adding an extra layer of protection beyond standard platform encryption.
• Flexible masking options:  Control how sensitive values appear throughout the application—including forms, emails, document lists, and PDFs. Choose from full masking or partial masking (such as showing only the last four digits).
• Controlled reveal access:  By default, saved private data is always hidden. Only users with the 'Reveal private data in this app' permission can temporarily reveal values, using a secure, time-limited reveal action.
• Audit-ready by design:  All Private Data activity is logged, including when values are entered, revealed, or when an unauthorized reveal attempt is made—giving you a complete audit trail.
• Security safeguards:  To prevent misuse, reveal actions are rate-limited per user and automatically re-mask after a short period.

Getting started with Private Data

• System Administrators must enable Private Data at the system or app level from Spaces & Settings (or System Settings for non-enterprise customers). By default, Private Data is disabled and set to None. You can enable it for all apps and products or limit it to specific apps and products, depending on your needs.
  
• Once Private Data is enabled for an app or product, App Administrators will see the Private Data gadget in the Advanced section of the gadget tray.
  
  Once added and published to a form, the field will appear to end users within the document, as shown below. Please note that the show/hide icon is available to the document initiator while the form is in an editable state, as well as to any user with the Reveal private data in this app permission.
  
• Within the Private Data gadget, you can configure several settings, including Data Type and Display Style which is specific to private data. The Data Type setting lets you choose between Social Security Number formatting or a generic entry for values such as driver’s licenses or credit card numbers. Display Style controls how the value appears throughout the app—whether it is fully masked or partially masked at the beginning or end of the input, with the option to specify how many characters remain visible.
  
• When Private Data is actively enabled in a form (or if a Private Data gadget has ever been published in the app) you’ll see a new Form Permission called Reveal private data in this app. This permission is disabled by default and must be explicitly added to the appropriate policies to allow users to view private data values.
  
• Lastly, we've added the below security warning messages when you enable private data from Spaces & Settings and when you add a Private Data gadget to a form to ensure users are aware of the implications.