The new SharePoint integration was released to production with the 22.3 release (July 2022.) Although your users can still access documents linked through the legacy SharePoint integration, they must use the new SharePoint integration to link documents from SharePoint.
The new SharePoint integration does not requre configuration by an administrator, and can be set up by individual users. However, to ensure a smooth transition to the new SharePoint integration, a Workfront administrator must make some small settings changes in the Workfront Setup area.
For information and instructions, see Configure the legacy SharePoint integration for continued access to documents in this article.
We recommend that users link documents that are currently linked through the legacy SharePoint integration through the new integration.
For instructions on linking documents, see Link documents from external applications.
You can integrate Workfront with SharePoint Online, providing users with the ability to navigate to, link, and add SharePoint documents within Workfront. The functionality provided is similar to that of other Workfront integrations, such as Google Drive, Box, and Dropbox.
This integration is compatible only with SharePoint Online. On-premise instances of SharePoint are not supported.
You must have the following to perform the steps in this article:
Adobe Workfront plan | Any |
Adobe Workfront license | Plan |
Access level configurations* | You must be a Workfront administrator. For information on Workfront administrators, see Grant a user full administrative access. |
*To find out what plan, license type, or access you have, contact your Workfront administrator.
You must have any necessary access or permissions in SharePoint to modify or configure your organization’s SharePoint.
Individual users can link documents through the new SharePoint integration. The integration does not require administrator configuration. Instead, the user logs onto their Microsoft account when linking a document, which enables the integration to access documents available in the user’s SharePoint.
The first time a user connects the Workfront SharePoint integration to their SharePoint account, they will see and agree to all of the permissions that Workfront uses when interacting with their SharePoint account. Read permissions allow Workfront to see and access files on SharePoint, and write permissions allow the user to upload files to SharePoint.
For instructions on linking documents through the new SharePoint integration, see Link an external document to Workfront
A SharePoint integration can connect to a single SharePoint instance. Therefore, a user can set up an integration for one SharePoint, but cannot set up an integration to a second SharePoint, even if they have permissions to and documents on the second SharePoint.
A user has access to the same sites, collections, folders, subfolders, and files through the Workfront SharePoint integration as they have in their SharePoint account.
To ensure that your users have continued access to documents linked to Workfront through the legacy SharePoint integration, you must reconfigure access to the legacy SharePoint integration and keep the SharePoint Client Secret up to date.
To ensure that you can access documents linked through the legacy SharePoint integration, while ensuring that your users cannot link new documents through that integration, complete the following procedure.
Your SharePoint Client Secret expires once a year. To ensure continued access to the documents in your legacy SharePoint integration, you must keep its SharePoint Client Secret up to date.
Because SharePoint Client Secrets are handled by Microsoft, Client Secret features and procedures may change based on updates to SharePoint made by Microsoft. Always check the Microsoft documentation for the latest information about procedures and features in SharePoint.
This integration has been deprecated. The instructions here are for information only and will be removed in the near future.
Workfront connects to SharePoint Online using OAuth 2.0, a standard used by most web-based integrations for the authentication and authorization of users.
To configure OAuth, you need to create a SharePoint site and a Site App within SharePoint. This process is described in the following sections.
For more information about OAuth, see http://oauth.net.
To make it easy to copy and paste information between Workfront and SharePoint in these steps, we recommend keeping both applications open in separate tabs.
In order for Workfront to authenticate with SharePoint, Workfront ca use a master site where users have the Full Control permission level or specific Manage permissions. This master site acts as an Authentication Entry Point for Workfront.
To create and configure a SharePoint Site:
(Optional) If you do not want to use your organization’s root site, you can create a master site in SharePoint.
For instructions, visit Create a site in the Microsoft Documentation.
(Conditional) If you created a site in step 1, go to the site you just created.
Or
If you did not create a site in step 1, go to your organization’s root site.
Add /_layouts/15/appregnew.aspx
to the end of the URL in the search bar at the top of your browser window.
Configure the following fields:
Client ID |
Click Generate to generate a Client ID. Copy this ID to a secure location. You will use it later when you set up the SharePoint integration in Workfront. |
Client Secret |
Click Generate to generate a Client Secret. Copy this Secret to a secure location. You will use it later when you set up the SharePoint integration in Workfront. |
Title |
Enter a title, such as Workfront Site App. Users see this title when adding documents.. |
App Domain |
|
Redirect URI |
|
Click Create
Continue to Grant write permissions to the site app.
At this point, you have successfully created a Site App and registered it within Workfront. This site app is also known as an app principal in SharePoint. It resides within your tenant. New site apps do not automatically have access to site collections within the tenant. Permissions must be granted explicitly, for each site collection. The steps below will show you how to grant Write permission to the new Site App a site collection. Repeat these steps for each of the site collections you added under Visible Site Collections in the steps above.
This site app must have Write permission to any site collections that users need to access through Workfront.
Add ‘/_layouts/15/appinv.aspx’ to the URL in Sharepoint.
Example:
https://mycompany.sharepoint.com/sites/mysite/_layouts/15/appinv.aspx
Configure the following fields
App ID | Add the Client ID that you created in Create and configure a SharePoint site and click Lookup. |
Client / App Domain / Redirect URL |
These automatically fill when you click Lookup. |
Permission Request XML | Copy the following XML to the Permission Request XML field. Make sure that it is added exactly as shown without additional spaces etc. in order to avoid errors.
|
Click Create.
In the dialog that appears, click Trust it.
Verify that the site app has access to the site collection by clicking the Site collection app permissions link in Site Settings.
Repeat the steps above for the remaining site collections, then continue with Create a Workfront SharePoint integration instance.
When you have created a site app in SharePoint, you can now copy information from the site app into Workfront. The site app is an app principal and acts as the conduit through which OAuth requests are made to access documents within site collections.
Log into Workfront as an administrator.
Click the Main Menu icon in the upper-right corner of Adobe Workfront, then click Setup
.
In the left panel, click Documents > SharePoint Integration.
Click Add SharePoint.
Configure the following fields:
Name |
Enter a name for the SharePoint integration. Users see this name when they click Add > From 'name of integration'. |
SharePoint Host Instance |
|
Azure Access Domain |
This refers to the Master Site that users will use to authenticate through. It is likely the same domain as the SharePoint Host Instance. |
|
Important Site collections are used only in the Legacy SharePoint Integration.
|
SharePoint Client ID | Enter the Client ID that you generated in Create and configure a SharePoint site . |
SharePoint Client Secret | Enter the Client Secret that you generated in Create and configure a SharePoint site . |
Visible Site Collections | Important Site collections are used only in the Legacy SharePoint integration.
|
Click Save
Continue to Complete your integration.
The basic configuration is almost complete.
In Workfront, Click the Main Menu icon in the upper-right corner of Adobe Workfront, then click Documents
.
Click Add new.
Click From <title of your SharePoint site>
in the dropdown.
A dialog that invites you to Trust this site appears.
If this dialog does not appear, your SharePoint integration is not configured correctly.
Click Trust it.
You can now add documents from your SharePoint site.
For instructions, see Link an external document to Workfront in Link documents from external applications
If the user who linked a folder no longer has access to the external application, Workfront can no longer access the contents of the folder. This may happen, for example, if the user who originally linked the folder leaves the company. To ensure continued access, a user with access to the folder must re-link the folder.
Solutions:
Users must be a member of a group that has appropriate permissions to the SharePoint site.
Users with Full Control access have all necessary permissions for your SharePoint integration. If you do not want to grant Full Control access to your users, you must grant the following permissions:
Design |
Can view, add, update, delete, approve, and customize |
Edit |
Can add, edit, and delete lists; can view, add, update, and delete list items and documents |
Contribute |
Can view, add, update, and delete list items and documents |
View only |
Can view pages, list items, and documents (Document types with server-side file handlers can be viewed in the browser but not downloaded) |
For instructions on creating and editing permissions levels, see How to create and edit permission levels in the Microsoft documentation.
Solutions:
This can be caused by a number of things, originating in either Workfront or SharePoint’s configuration. Verify that:
Solutions:
To see a site collection in Workfront, the following conditions must be met:
The site collection must be registered in the Workfront SharePoint Integration instance.
To verify this in Workfront:
The user must have view access to the site collection in SharePoint.
To verify this in SharePoint, go to SharePoint, and open the site collection > Settings > Site permissions.
The SharePoint Site App must have access to the site collection.
To verify this in SharePoint:
Go to the site collection > Settings > Site app permissions.
Ensure that the Site App used by Workfront is listed here.
(Conditional) If the Site App is not listed, add to the site collection using _layouts/15/appinv.aspx.
For information about adding the site collection, see Granting Write Permissions To The Site App.
Solution:
If the user who linked a SharePoint folder can no longer authenticate, Workfront can no longer access the contents of the folder. This may happen, for example, if the user who originally linked the folder leaves the company.
To ensure continued access, a user with access to the folder must re-link the folder.
For information on linking folders from external providers, see Link documents from external applications.
This error might occur if one of the sites configured in the Visible Site Collections list has been deleted in Sharepoint. Check the Visible Site Collections list, and remove any sites that have been deleted in Sharepoint.