Configure the Legacy SharePoint integration

IMPORTANT

The new SharePoint integration was released to production with the 22.3 release (July 2022.) Although your users can still access documents linked through the legacy SharePoint integration, you must use the new SharePoint integration to link documents from SharePoint.

  1. Disable the legacy SharePoint integration so that your users do not use it to link to new documents.

    For instructions, see Disable linking to the legacy SharePoint integration in this article.

  2. Configure your legacy SharePoint Client Secret so that your users will continue to have access to documents linked through the legacy SharePoint integration.

    For more information, see Configure the Client Secret for continued access to the legacy SharePoint integration in this article.

  3. Link documents that are currently linked through the legacy SharePoint integration through the new integration.

    For instructions, see Link documents from external applications.

The procedure described in this document was deprecated with the 22.3 release, and is here for your information only.

You can integrate Workfront with SharePoint Online, providing users with the ability to navigate to, link, and add SharePoint documents within Workfront. The functionality provided is similar to that of other Workfront integrations, such as Google Drive, Box, and Dropbox.

This integration is compatible only with SharePoint Online. On-premise instances of SharePoint are not supported.

Access requirements

You must have the following to perform the steps in this article:

Adobe Workfront plan Any
Adobe Workfront license Plan
Access level configurations*

You must be a Workfront administrator. For information on Workfront administrators, see Grant a user full administrative access.

*To find out what plan, license type, or access you have, contact your Workfront administrator.

Prerequisites

You must have any necessary access or permissions in SharePoint to modify or configure your organization’s SharePoint.

Configure OAuth

Workfront connects to SharePoint Online using OAuth 2.0, a standard used by most web-based integrations for the authentication and authorization of users.

To configure OAuth, you need to create a Sharepoint site and a Site App within SharePoint. This process is described in the following sections.

For more information about OAuth, see http://oauth.net.

TIP

To make it easy to copy and paste information between Workfront and SharePoint in these steps, we recommend keeping both applications open in separate tabs.

Create and configure a Sharepoint site

In order for Workfront to authenticate with SharePoint, Workfront ca use a master site where users have the Full Control permission level or specific Manage permissions. This master site acts as an Authentication Entry Point for Workfront…

To create and configure a Sharepoint Site:

  1. (Optional) If you do not want to use your organization’s root site, you can create a master site in SharePoint.

    For instructions, visit Create a site in the Microsoft Documentation.

    • Select the Team Site option when creating the site.
  2. (Conditional) If you created a site in step 1, go to the site you just created.

    Or

    If you did not create a site in step 1, go to your organization’s root site.

  3. Add /_layouts/15/appregnew.aspx to the end of the URL in the search bar at the top of your browser window.

  4. Configure the following fields:

    Client ID

    Click Generate to generate a Client ID. Copy this ID to a secure location. You will use it later when you set up the SharePoint integration in Workfront.

    Client Secret

    Click Generate to generate a Client Secret. Copy this Secret to a secure location. You will use it later when you set up the SharePoint integration in Workfront.

    Title

    Enter a title, such as Workfront Site App. Users see this title when adding documents..

    App Domain

    my.workfront.com

    Redirect URI

    https://oauth.my.workfront.com/oauth2/redirect

  5. Click Create

  6. Continue to Grant write permissions to the site app.

Grant write permissions to the site app

At this point, you have successfully created a Site App and registered it within Workfront. This site app is also known as an app principal in SharePoint. It resides within your tenant. New site apps do not automatically have access to site collections within the tenant. Permissions must be granted explicitly, for each site collection. The steps below will show you how to grant Write permission to the new Site App a site collection. Repeat these steps for each of the site collections you added under Visible Site Collections in the steps above.

This site app must have Write permission to any site collections that users need to access through Workfront.

  1. Add ‘/_layouts/15/appinv.aspx’ to the URL in Sharepoint.

    Example:

    https://mycompany.sharepoint.com/sites/mysite/_layouts/15/appinv.aspx
    
  2. Configure the following fields

    App ID

    Add the Client ID that you created in Create and configure a Sharepoint site and click Lookup.

    Client / App Domain / Redirect URL

    These automatically fill when you click Lookup.

    Permission Request XML

    Copy the following XML to the Permission Request XML field. Make sure that it is added exactly as shown without additional spaces etc. in order to avoid errors.

    Copy
    <AppPermissionRequests>
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Write"/>
    </AppPermissionRequests>
  3. Click Create.

  4. In the dialog that appears, click Trust it.

  5. Verify that the site app has access to the site collection by clicking the Site collection app permissions link in Site Settings.

  6. Repeat the steps above for the remaining site collections, then continue with Create a Workfront SharePoint integration instance.

Create a Workfront SharePoint integration instance

When you have created a site app in SharePoint, you can now copy information from the site app into Workfront. The site app is an app principal and acts as the conduit through which OAuth requests are made to access documents within site collections.

  1. Log into Workfront as an administrator.

  2. Click the Main Menu icon in the upper-right corner of Adobe Workfront, then click Setup .

  3. In the left panel, click Documents > SharePoint Integration.

  4. Click Add SharePoint.

  5. Configure the following fields:

    Name

    Enter a name for the SharePoint integration. Users see this name when they click Add > From 'name of integration'.

    Sharepoint Host Instance

    <YourDomain>.sharepoint.com

    Azure Access Domain

    <YourDomain>.onmicrosoft.com

    This refers to the Master Site that users will use to authenticate through. It is likely the same domain as the Sharepoint Host Instance.

    Site Collections Authentication

    Important Site collections are used only in the Legacy Sharepoint Integration.
    • If you are using your organization's root site:

      Enter /

    • If you are using a master site and subsites:

      IMPORTANT: Microsoft SharePoint no longer recommends the use of subsites.

      Enter the URL stem for the site collection that you created in the section above.

      This is the section of the URL after .com.

      Example: for the URL https://mycompany.sharepoint.com/sites/mysite, the stem would be /sites/mysite.

    SharePoint Client ID Enter the Client ID that you generated in Create and configure a Sharepoint site .
    SharePoint Client Secret Enter the Client Secret that you generated in Create and configure a Sharepoint site .
    Visible Site Collections Important Site collections are used only in the Legacy Sharepoint integration.
    • If you are using your organization's root site:

      Enter /

    • If you are using a master site and subsites:

      IMPORTANT: Microsoft SharePoint no longer recommends the use of subsites.

      For each subsite you want to add to your SharePoint integration, enter the stem of the subsite.

      Example: for the URLhttps://mycompany.sharepoint.com/sites/mysite/mysubsite, the stem would be /sites/mysite/mysubsite.

      NOTE:

      If you want to test your configuration only (no subsites), enter the stem of the master site.

      Example: for the URL https://mycompany.sharepoint.com/sites/mysite, the stem would be /sites/mysite.

      When you have tested your configuration as described in Complete your integration, you must remove the master site and enter the subsites.

      1. Click the Main Menu icon in the upper-right corner of Adobe Workfront, then click Setup .
      2. In the left panel, click Documents > SharePoint Integration.

      3. Click the SharePoint integration you are setting up, then click Edit.

      4. Delete the stem for the master site from the Visible Site Collections field.

      5. For each subsite you want to add to your SharePoint integration, enter the stem of the subsite.

      6. Example: for the URLhttps://mycompany.sharepoint.com/sites/mysite/mysubsite, the stem would be /sites/mysite/mysubsite.

  6. Click Save

  7. Continue to Complete your integration.

Complete your integration

The basic configuration is almost complete.

  1. In Workfront, Click the Main Menu icon in the upper-right corner of Adobe Workfront, then click Documents .

  2. Click Add new.

  3. Click From <title of your SharePoint site> in the dropdown.

    A dialog that invites you to Trust this site appears.

    NOTE

    If this dialog does not appear, your SharePoint integration is not configured correctly.

  4. Click Trust it.

Add documents

You can now add documents from your SharePoint site.

For instructions, see Link an external document to Workfront in Link documents from external applications

IMPORTANT

If the user who linked a folder no longer has access to the external application, Workfront can no longer access the contents of the folder. This may happen, for example, if the user who originally linked the folder leaves the company. To ensure continued access, a user with access to the folder must re-link the folder.

Disable linking to the legacy SharePoint integration

To ensure that you can access documents linked through the legacy SharePoint integration, while ensuring that your users cannot link new documents through that integration, complete the following procedure.

NOTE
  • The legacy SharePoint integration is labeled “SharePoint.”
  • The new SharePoint integration is labeled “SharePoint (Graph API).”
  1. Click the Main Menu icon Main menu in the upper-right corner of Adobe Workfront, then click Setup Setup.
  2. Select Documents in the left navigation, then select Cloud Providers.
  3. Make sure that the SharePoint option and SharePoint (Graph API) option are both enabled.
  4. Click Save.
  5. Select Documents in the left navigation, then select SharePoint Integration.
  6. Select the checkmark on the left of the list for all existing integrations, then select Disable.

Configure the Client Secret for continued access to the legacy SharePoint integration

Your SharePoint Client Secret expires once a year. To ensure continued access to the documents in your legacy SharePoint integration, you must keep its SharePoint Client Secret up to date.

IMPORTANT

Because SharePoint Client Secrets are handled by Microsoft, Client Secret features and procedures may change based on updates to SharePoint made by Microsoft. Always check the Microsoft documentation for the latest information about procedures and features in SharePoint.

  1. Generate a new client secret as described in Replace an expiring client secret in a SharePoint Add-in
  2. Copy this Client Secret to a secure location.
  3. Log into Workfront as an administrator.
  4. In Workfront, click the Main Menu icon in the upper-right corner of Adobe Workfront, then click Setup .
  5. In the left panel, click Documents > SharePoint Integration.
  6. Click on the SharePoint integration you want to update, then click Edit.
  7. Enter the new Client Secret into the Client Secret field.
  8. Click Save.

Troubleshooting

Problem: Users experience authentication-based errors when using the SharePoint integration.

Solutions:

Users must be a member of a group that has appropriate permissions to the SharePoint site.

Users with Full Control access have all necessary permissions for your SharePoint integration. If you do not want to grant Full Control access to your users, you must grant the following permissions:

Design

Can view, add, update, delete, approve, and customize

Edit

Can add, edit, and delete lists; can view, add, update, and delete list items and documents

Contribute

Can view, add, update, and delete list items and documents

View only

Can view pages, list items, and documents (Document types with server-side file handlers can be viewed in the browser but not downloaded)

For instructions on creating and editing permissions levels, see How to create and edit permission levels in the Microsoft documentation.

Problem: As a Workfront user, I am unable to provision a new SharePoint instance. When I attempt to do I see an error.

Solutions:

This can be caused by a number of things, originating in either Workfront or SharePoint’s configuration. Verify that:

  • The Client ID, Client Secret, return URL and other configuration fields are correctly mapped between the Workfront SharePoint Integration instance and the SharePoint Site App.
  • The user has Full Control permission to the Site Collection used for authentication.
  • The Site App is listed under Site App Permissions for the Site Collection used for authentication.

Problem: When attempting to browse SharePoint files in Workfront, I do not see any or all of my site collections.

Solutions:

To see a site collection in Workfront, the following conditions must be met:

  • The site collection must be registered in the Workfront SharePoint Integration instance.

    To verify this in Workfront:

    1. Go to Setup > Documents > SharePoint Integration.
    2. Edit the SharePoint Integration instance information.
    3. Verify that the site collection is listed under Visible Site Collections.
  • The user must have view access to the site collection in SharePoint.

  • To verify this in SharePoint, go to SharePoint, and open the site collection > Settings > Site permissions.

  • The SharePoint Site App must have access to the site collection.

    To verify this in SharePoint:

    1. Go to the site collection > Settings > Site app permissions.

    2. Ensure that the Site App used by Workfront is listed here.

    3. (Conditional) If the Site App is not listed, add to the site collection using _layouts/15/appinv.aspx.

      For information about adding the site collection, see Granting Write Permissions To The Site App.

Problem: I cannot access previously linked folders and documents in SharePoint.

Solution:

If the user who linked a SharePoint folder can no longer authenticate, Workfront can no longer access the contents of the folder. This may happen, for example, if the user who originally linked the folder leaves the company.

To ensure continued access, a user with access to the folder must re-link the folder.

For information on linking folders from external providers, see Link documents from external applications.

Problem: I see a “404 not found” error when attempting to add a document from Sharepoint

Solution:

This error might occur if one of the sites configured in the Visible Site Collections list has been deleted in Sharepoint. Check the Visible Site Collections list, and remove any sites that have been deleted in Sharepoint.

On this page