Zenflow OA — Installation & Deployment Guide
Zenflow OA is an integrated Enterprise Office Automation platform for HR & organization management, attendance, payroll, performance, training, administration, assets, projects, and workflow automation.
1️⃣ Architecture Overview
[Web (React/TS)] → [API (Strapi)]
│
├─ DB: PostgreSQL/MySQL
├─ Cache: Redis
├─ Storage: S3 / MinIO / OSS
├─ Workflow: BPMN 2.0 Engine
└─ AuthZ: RBAC + ABAC + Audit
2️⃣ Requirements
- Linux x86_64 / ARM64
- Docker + Compose / Kubernetes
- PostgreSQL 14+
- Optional: Redis / MinIO / Nginx
3️⃣ Quick Start (Docker Compose)
git clone https://github.com/monzotechnology/zenflow-oa.git
cd zenflow-oa
cp .env.example .env
docker compose up -d
Create admin:
curl -X POST http://localhost:1337/admin/auth/local/register \
-H 'Content-Type: application/json' \
-d '{"email":"admin@example.com","password":"ChangeMe!123"}'
Access the portal → https://zenflow.example.com
4️⃣ Reverse Proxy (Nginx)
server {
listen 443 ssl http2;
server_name zenflow.example.com;
ssl_certificate /etc/letsencrypt/live/zenflow/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zenflow/privkey.pem;
location / {
proxy_pass http://web:8088;
}
location /api/ {
proxy_pass http://api:1337/;
}
}
5️⃣ Key Modules
- Organization & HR — employee profiles, contracts, onboarding flows
- Attendance & Leave — multi-method clock-in, leave tracking, appeals
- Payroll & Benefits — auto calculation, batch disbursement, cost analysis
- Performance & Training — goal setting, 360° feedback, analytics
- Administration & Projects — assets, budgets, tasks, collaboration
- Workflow & System — visual BPMN, conditions, notifications, audits
6️⃣ Integrations
- SSO – OIDC / SAML / LDAP (Azure AD, Google Workspace)
- Mail & IM – SMTP / Teams / Slack / Lark / Feishu
- Finance & ERP – REST / GraphQL / Webhooks
- Storage – S3 / MinIO / OSS
7️⃣ Monitoring & Backup
# Database backup
docker compose exec db pg_dump -U zenflow zenflow > backup.sql
# File backup
tar czf config_$(date +%F).tar.gz config/
Prometheus endpoint: /api/health
8️⃣ Security & Compliance
- Role- and attribute-based access control
- Full audit logging for login, workflow, and salary changes
- Data localization and field-level masking (PII / salary)
- Configurable retention policies and export restrictions
9️⃣ Common Issues
| Problem | Solution |
|---|---|
| Stuck workflow | Verify BPMN definition & queue status |
| Export encoding | Ensure UTF-8 & fonts installed |
| Missing attachments | Check object storage bucket policy |
🔗 VaultCX + Zenflow OA Integration
- Unified SSO (IdP / SCIM) for shared users and roles
- OA organizational data used as VaultCX ABAC attributes
- Unified audit logging to Grafana / Loki
- Shared deployment cycle and version governance
🔄 Release Flow
- Feature branch → PR → CI/CD test → build image
- Tag
vX.Y.Z→ push to registry - Run DB migration if needed
- Update changelog and Helm chart
💬 FAQ
- Can it run offline? Yes, both support air-gapped Docker images.
- Can OA and VaultCX share auth? Yes, via a central IdP (Keycloak / Azure AD).
- Is multilingual supported? Yes (EN / ZH / JA).
- RPO/RTO targets? RPO ≤ 15 min, RTO ≤ 30 min.
