Configure the Legacy SharePoint integration

IMPORTANT

The new SharePoint integration was released to production with the 22.3 release (July 2022.) Although your users can still access documents linked through the legacy SharePoint integration, they must use the new SharePoint integration to link documents from SharePoint.

  • The new SharePoint integration does not requre configuration by an administrator, and can be set up by individual users. However, to ensure a smooth transition to the new SharePoint integration, a Workfront administrator must make some small settings changes in the Workfront Setup area.

    For information and instructions, see Configure the legacy SharePoint integration for continued access to documents in this article.

  • We recommend that users link documents that are currently linked through the legacy SharePoint integration through the new integration.

    For instructions on linking documents, see Link documents from external applications.

You can integrate Workfront with SharePoint Online, providing users with the ability to navigate to, link, and add SharePoint documents within Workfront. The functionality provided is similar to that of other Workfront integrations, such as Google Drive, Box, and Dropbox.

This integration is compatible only with SharePoint Online. On-premise instances of SharePoint are not supported.

Access requirements

You must have the following to perform the steps in this article:

Adobe Workfront plan Any
Adobe Workfront license Plan
Access level configurations*

You must be a Workfront administrator. For information on Workfront administrators, see Grant a user full administrative access.

*To find out what plan, license type, or access you have, contact your Workfront administrator.

Prerequisites

You must have any necessary access or permissions in SharePoint to modify or configure your organization’s SharePoint.

Individual users can link documents through the new SharePoint integration. The integration does not require administrator configuration. Instead, the user logs onto their Microsoft account when linking a document, which enables the integration to access documents available in the user’s SharePoint.

The first time a user connects the Workfront SharePoint integration to their SharePoint account, they will see and agree to all of the permissions that Workfront uses when interacting with their SharePoint account. Read permissions allow Workfront to see and access files on SharePoint, and write permissions allow the user to upload files to SharePoint.

Sharepoint permissions

For instructions on linking documents through the new SharePoint integration, see Link an external document to Workfront

NOTE
  • A SharePoint integration can connect to a single SharePoint instance. Therefore, a user can set up an integration for one SharePoint, but cannot set up an integration to a second SharePoint, even if they have permissions to and documents on the second SharePoint.

  • A user has access to the same sites, collections, folders, subfolders, and files through the Workfront SharePoint integration as they have in their SharePoint account.

Security, access, and authorization information for the SharePoint integration

Authentication and authorization

Workfront uses OAuth2 to retrieve an access token and a refresh token. This access token is used for authorization with all SharePoint areas.

Access and permissions

The first time a user adds a document to Workfront from SharePoint, they are directed to a screen that requests the following permissions:

Access Reason
Have full access to your files Allows Workfront to access a user’s files to link asset. When documents are sent from Workfront to SharePoint, Workfront requires access to create the asset.
Read items in all site collections Allows Workfront to read assets to enable user navigation.
Edit or delete items in all site collections Allows Workfront to create assets in sites and site collection. Delete is used only when cleaning up after unsuccessful link attempts.
Maintain access to data you have given it access to Allows Workfront to generate a refresh token.
Sign in and read user profile Allows Workfront to use the access token to act of behalf of the user, through the OAuth2 login flow.

This access is granted by the user the first time they use the integration, and can be revoked at any time.

Consider the following regarding access to SharePoint through the Workfront SharePoint integration:

  • The permissions requested for this integration are delegated permissions.
  • Workfront requests the minimum access required to perform operations in the integration.
  • Access to view, edit, or delete an Adobe Workfront document linked to SharePoint is based on the user’s access in Workfront. However, any navigation, downloading, or editing of a SharePoint file or folder requires access to SharePoint, and access to these actions is controlled by SharePoint.
  • Users can view thumbnails and preview images sourced from SharePoint, and can see file and folder names in SharePoint, without logging into SharePoint.
  • A user’s access token is used only when the user is offline and another user views the contents of a folder that is linked to Workfront. The access token is used to discover if any documents in the folder have been added, removed, or edited.

Security

All communication between Workfront and SharePoint is conducted over HTTPS, which encrypts the information.

Workfront does not store, copy, or duplicate data from SharePoint. The only exception is that Workfront stores thumbnails from SharePoint to display in the list view and in Preview.

If an asset was first uploaded to Workfront, and then sent to SharePoint, Workfront retains the data for the first file because users can download a previous version of a Workfront document. If a document was created in SharePoint, Workfront does not store that file data.

Configure the legacy SharePoint integration for continued access to documents

To ensure that your users have continued access to documents linked to Workfront through the legacy SharePoint integration, you must reconfigure access to the legacy SharePoint integration and keep the SharePoint Client Secret up to date.

Reconfigure access to the legacy SharePoint integration

To ensure that you can access documents linked through the legacy SharePoint integration, while ensuring that your users cannot link new documents through that integration, complete the following procedure.

NOTE
  • The legacy SharePoint integration is labeled “SharePoint.”
  • The new SharePoint integration is labeled “SharePoint (Graph API).”
  1. Click the Main Menu icon Main menu in the upper-right corner of Adobe Workfront, then click Setup Setup.
  2. Select Documents in the left navigation, then select Cloud Providers.
  3. Make sure that the SharePoint option and SharePoint (Graph API) option are both enabled.
  4. Click Save.
  5. Select Documents in the left navigation, then select SharePoint Integration.
  6. Select the checkmark on the left of the list for all existing integrations, then select Disable.

Configure the Client Secret for continued access to the legacy SharePoint integration

Your SharePoint Client Secret expires once a year. To ensure continued access to the documents in your legacy SharePoint integration, you must keep its SharePoint Client Secret up to date.

IMPORTANT

Because SharePoint Client Secrets are handled by Microsoft, Client Secret features and procedures may change based on updates to SharePoint made by Microsoft. Always check the Microsoft documentation for the latest information about procedures and features in SharePoint.

  1. Generate a new client secret as described in Replace an expiring client secret in a SharePoint Add-in
  2. Copy this Client Secret to a secure location.
  3. Log into Workfront as an administrator.
  4. In Workfront, click the Main Menu icon in the upper-right corner of Adobe Workfront, then click Setup .
  5. In the left panel, click Documents > SharePoint Integration.
  6. Click on the SharePoint integration you want to update, then click Edit.
  7. Enter the new Client Secret into the Client Secret field.
  8. Click Save.

Troubleshooting

Problem: Users experience authentication-based errors when using the SharePoint integration.

Solutions:

Users must have appropriate permissions to the SharePoint site.

Users with Full Control access have all necessary permissions for your SharePoint integration. If you do not want to grant Full Control access to your users, you must grant the following permissions:

Design

Can view, add, update, delete, approve, and customize

Edit

Can add, edit, and delete lists; can view, add, update, and delete list items and documents

Contribute

Can view, add, update, and delete list items and documents

View only

Can view pages, list items, and documents (Document types with server-side file handlers can be viewed in the browser but not downloaded)

For instructions on creating and editing permissions levels, see How to create and edit permission levels in the Microsoft documentation.

Problem: When attempting to browse SharePoint files in Workfront, I do not see any or all of my site collections.

Solutions:

To see a site collection in Workfront, the following conditions must be met:

  • The user must have view access to the site collection in SharePoint.

    To verify this in SharePoint, go to SharePoint, and open the site collection > Settings > Site permissions.

Problem: I cannot access previously linked folders and documents in SharePoint.

Solution:

If the user who linked a SharePoint folder can no longer authenticate, Workfront can no longer access the contents of the folder. This may happen, for example, if the user who originally linked the folder leaves the company.

To ensure continued access, a user with access to the folder must re-link the folder.

For information on linking folders from external providers, see Link documents from external applications.

On this page