The new SharePoint integration was released to production with the 22.3 release (July 2022.) Although your users can still access documents linked through the legacy SharePoint integration, they must use the new SharePoint integration to link documents from SharePoint.
The new SharePoint integration does not requre configuration by an administrator, and can be set up by individual users. However, to ensure a smooth transition to the new SharePoint integration, a Workfront administrator must make some small settings changes in the Workfront Setup area.
For information and instructions, see Configure the legacy SharePoint integration for continued access to documents in this article.
We recommend that users link documents that are currently linked through the legacy SharePoint integration through the new integration.
For instructions on linking documents, see Link documents from external applications.
You can integrate Workfront with SharePoint Online, providing users with the ability to navigate to, link, and add SharePoint documents within Workfront. The functionality provided is similar to that of other Workfront integrations, such as Google Drive, Box, and Dropbox.
This integration is compatible only with SharePoint Online. On-premise instances of SharePoint are not supported.
You must have the following to perform the steps in this article:
Adobe Workfront plan | Any |
Adobe Workfront license | Plan |
Access level configurations* | You must be a Workfront administrator. For information on Workfront administrators, see Grant a user full administrative access. |
*To find out what plan, license type, or access you have, contact your Workfront administrator.
You must have any necessary access or permissions in SharePoint to modify or configure your organization’s SharePoint.
Individual users can link documents through the new SharePoint integration. The integration does not require administrator configuration. Instead, the user logs onto their Microsoft account when linking a document, which enables the integration to access documents available in the user’s SharePoint.
The first time a user connects the Workfront SharePoint integration to their SharePoint account, they will see and agree to all of the permissions that Workfront uses when interacting with their SharePoint account. Read permissions allow Workfront to see and access files on SharePoint, and write permissions allow the user to upload files to SharePoint.
For instructions on linking documents through the new SharePoint integration, see Link an external document to Workfront
A SharePoint integration can connect to a single SharePoint instance. Therefore, a user can set up an integration for one SharePoint, but cannot set up an integration to a second SharePoint, even if they have permissions to and documents on the second SharePoint.
A user has access to the same sites, collections, folders, subfolders, and files through the Workfront SharePoint integration as they have in their SharePoint account.
Workfront uses OAuth2 to retrieve an access token and a refresh token. This access token is used for authorization with all SharePoint areas.
The first time a user adds a document to Workfront from SharePoint, they are directed to a screen that requests the following permissions:
Access | Reason |
---|---|
Have full access to your files | Allows Workfront to access a user’s files to link asset. When documents are sent from Workfront to SharePoint, Workfront requires access to create the asset. |
Read items in all site collections | Allows Workfront to read assets to enable user navigation. |
Edit or delete items in all site collections | Allows Workfront to create assets in sites and site collection. Delete is used only when cleaning up after unsuccessful link attempts. |
Maintain access to data you have given it access to | Allows Workfront to generate a refresh token. |
Sign in and read user profile | Allows Workfront to use the access token to act of behalf of the user, through the OAuth2 login flow. |
This access is granted by the user the first time they use the integration, and can be revoked at any time.
Consider the following regarding access to SharePoint through the Workfront SharePoint integration:
All communication between Workfront and SharePoint is conducted over HTTPS, which encrypts the information.
Workfront does not store, copy, or duplicate data from SharePoint. The only exception is that Workfront stores thumbnails from SharePoint to display in the list view and in Preview.
If an asset was first uploaded to Workfront, and then sent to SharePoint, Workfront retains the data for the first file because users can download a previous version of a Workfront document. If a document was created in SharePoint, Workfront does not store that file data.
To ensure that your users have continued access to documents linked to Workfront through the legacy SharePoint integration, you must reconfigure access to the legacy SharePoint integration and keep the SharePoint Client Secret up to date.
To ensure that you can access documents linked through the legacy SharePoint integration, while ensuring that your users cannot link new documents through that integration, complete the following procedure.
Your SharePoint Client Secret expires once a year. To ensure continued access to the documents in your legacy SharePoint integration, you must keep its SharePoint Client Secret up to date.
Because SharePoint Client Secrets are handled by Microsoft, Client Secret features and procedures may change based on updates to SharePoint made by Microsoft. Always check the Microsoft documentation for the latest information about procedures and features in SharePoint.
Solutions:
Users must have appropriate permissions to the SharePoint site.
Users with Full Control access have all necessary permissions for your SharePoint integration. If you do not want to grant Full Control access to your users, you must grant the following permissions:
Design |
Can view, add, update, delete, approve, and customize |
Edit |
Can add, edit, and delete lists; can view, add, update, and delete list items and documents |
Contribute |
Can view, add, update, and delete list items and documents |
View only |
Can view pages, list items, and documents (Document types with server-side file handlers can be viewed in the browser but not downloaded) |
For instructions on creating and editing permissions levels, see How to create and edit permission levels in the Microsoft documentation.
Solutions:
To see a site collection in Workfront, the following conditions must be met:
The user must have view access to the site collection in SharePoint.
To verify this in SharePoint, go to SharePoint, and open the site collection > Settings > Site permissions.
Solution:
If the user who linked a SharePoint folder can no longer authenticate, Workfront can no longer access the contents of the folder. This may happen, for example, if the user who originally linked the folder leaves the company.
To ensure continued access, a user with access to the folder must re-link the folder.
For information on linking folders from external providers, see Link documents from external applications.