Configure the SharePoint integration

IMPORTANT
The new SharePoint integration was released to production with the 22.3 release (July 2022.)
  • Although your users can still access documents linked through the legacy SharePoint integration, they can not link documents through it. they must use the new SharePoint integration to link documents from SharePoint.

  • If you do not have a legacy SharePoint integration configured, you cannot add it. You must use the new SharePoint integration to link documents to SharePoint.

  • The new SharePoint integration may not require configuration by an administrator, and may be set up by individual users. However, to ensure a smooth transition to the new SharePoint integration, a Workfront administrator must make some small settings changes in the Workfront Setup area.

    For information and instructions, see Configure the legacy SharePoint integration for continued access to documents in this article.

  • We recommend that users link documents that are currently linked through the legacy SharePoint integration through the new integration.

    For instructions on linking documents, see Link documents from external applications.

You can integrate Workfront with SharePoint Online, providing users with the ability to navigate to, link, and add SharePoint documents within Workfront. The functionality provided is similar to that of other Workfront integrations, such as Google Drive, Box, and Dropbox.

This integration is compatible only with SharePoint Online. On-premise instances of SharePoint are not supported.

Access requirements

Expand to view access requirements for the functionality in this article.

You must have the following to perform the steps in this article:

table 0-row-2 1-row-2 2-row-2 layout-auto html-authored no-header
Adobe Workfront plan Any
Adobe Workfront license

New: Standard

Or

Current: Plan

Access level configurations* You must be a Workfront administrator.

For more detail about the information in this table, see Access requirements in Workfront documentation.

Prerequisites

You must have any necessary access or permissions in SharePoint to modify or configure your SharePoint integration.

Individual users can link documents through the new SharePoint integration. The integration does not require administrator configuration. Instead, the user logs onto their Microsoft account when linking a document, which enables the integration to access documents available in the user’s SharePoint.

The first time a user connects the Workfront SharePoint integration to their SharePoint account, they will either see and agree to all of the permissions that Workfront uses when interacting with their SharePoint account, or be able to request permissions from their Microsoft administrator. Read permissions allow Workfront to see and access files on SharePoint, and write permissions allow the user to upload files to SharePoint.

Sharepoint permissions

For instructions on linking documents through the new SharePoint integration, see Link an external document to Workfront

NOTE
  • Depending on the organization’s Microsoft configuration, users may see an “Approval required” page instead of a “Permissions requested” page. In this case, the users can use this page to request that the organization’s Microsoft administrator grant permissions to the Sharepoint integration.

  • A SharePoint integration can connect to a single SharePoint instance. Therefore, a user can set up an integration for one SharePoint, but cannot set up an integration to a second SharePoint, even if they have permissions to and documents on the second SharePoint.

  • A user has access to the same sites, collections, folders, subfolders, and files through the Workfront SharePoint integration as they have in their SharePoint account.

For instructions on linking documents from SharePoint through the new SharePoint integration, see Link an external document to Workfront.

Send documents to SharePoint

To send a document to SharePoint:

  1. Click the Send to icon Send to and select SharePoint (Graph API).

  2. (Optional) Search in the search bar for the site or folder where you want to send the document.

  3. Select the site or folder from the list.

    • Sites are marked with Site icon .

    • Folders are marked with Folder icon .

    • Files are not marked with an icon.

  4. Click Save.

Security, access, and authorization information for the SharePoint integration

Authentication and authorization

Workfront uses OAuth2 to retrieve an access token and a refresh token. This access token is used for authorization with all SharePoint areas.

Access and permissions

The first time a user adds a document to Workfront from SharePoint, they are directed to the Permissions requested page, where they can grant permissions to their SharePoint integration.

NOTE
Depending on the organization’s Microsoft configuration, users may see an “Approval required” page instead of a “Permissions requested” page. In this case, the users can use this page to request that the organization’s Microsoft administrator grant permissions to the Sharepoint integration.

The following permissions are requested:

Access
Reason
Have full access to your files
Allows Workfront to access a user’s files to link assets. When documents are sent from Workfront to SharePoint, Workfront requires access to create the asset.
Read items in all site collections
Allows Workfront to read assets to enable user navigation.
Edit or delete items in all site collections
Allows Workfront to create assets in sites and site collections. Delete is used only when cleaning up after unsuccessful link attempts.
Maintain access to data you have given it access to
Allows Workfront to generate a refresh token.
Sign in and read user profile
Allows Workfront to use the access token to act of behalf of the user, through the OAuth2 login flow.
  • This access is granted by the user the first time they use the integration, and can be revoked at any time.
  • The permissions requested for this integration are delegated permissions.
  • Workfront requests the minimum access required to perform operations in the integration.
  • Access to view, edit, or delete an Adobe Workfront document linked to SharePoint is based on the user’s access in Workfront. However, any navigation, downloading, or editing of a SharePoint file or folder requires access to SharePoint, and access to these actions is controlled by SharePoint.
  • Users can view thumbnails and preview images sourced from SharePoint, and can see file and folder names in SharePoint, without logging into SharePoint.
  • A user’s access token is used only when the user is offline and another user views the contents of a folder that is linked to Workfront. The access token is used to discover if any documents in the folder have been added, removed, or edited.

Security

All communication between Workfront and SharePoint is conducted over HTTPS, which encrypts the information.

Workfront does not store, copy, or duplicate data from SharePoint. The only exception is that Workfront stores thumbnails from SharePoint to display in the list view and in Preview.

If an asset was first uploaded to Workfront, and then sent to SharePoint, Workfront retains the data for the first file because users can download a previous version of a Workfront document. If a document was created in SharePoint, Workfront does not store that file data.

Configure the legacy SharePoint integration for continued access to documents

To ensure that your users have continued access to documents linked to Workfront through the legacy SharePoint integration, you must reconfigure access to the legacy SharePoint integration and keep the SharePoint Client Secret up to date.

Reconfigure access to the legacy SharePoint integration

Reconfiguring the legacy SharePoint integration allows your users to access documents linked through the legacy SharePoint integration, while ensuring that your users cannot link new documents through that integration.

NOTE
  • The legacy SharePoint integration is labeled “SharePoint.”
  • The new SharePoint integration is labeled “SharePoint (Graph API).”
  1. Click the Main Menu icon Main Menu in the upper-right corner of Adobe Workfront, or (if available), click the Main Menu icon Main Menu in the upper-left corner, then click Setup Setup icon .
  2. Select Documents in the left navigation, then select Cloud Providers.
  3. Make sure that the SharePoint option and SharePoint (Graph API) option are both enabled.
  4. Click Save.
  5. Select Documents in the left navigation, then select SharePoint Integration.
  6. Select the checkmark on the left of the list for all existing integrations, then select Disable.

Configure the Client Secret for continued access to the legacy SharePoint integration

Your SharePoint Client Secret expires once a year. To ensure continued access to the documents in your legacy SharePoint integration, you must keep its SharePoint Client Secret up to date.

IMPORTANT
Because SharePoint Client Secrets are handled by Microsoft, Client Secret features and procedures may change based on updates to SharePoint made by Microsoft. Always check the Microsoft documentation for the latest information about procedures and features in SharePoint.
  1. Generate a new client secret as described in Replace an expiring client secret in a SharePoint Add-in.
  2. Copy this Client Secret to a secure location.
  3. Log into Workfront as an administrator.
  4. In Workfront, click the Main Menu icon Main Menu in the upper-right corner of Adobe Workfront, or (if available), click the Main Menu icon Main Menu in the upper-left corner, then click Setup Setup icon .
  5. In the left panel, click Documents > SharePoint Integration.
  6. Click on the SharePoint integration you want to update, then click Edit.
  7. Locate the Connection Info section of the editing window, then enter the new Client Secret into the SharePoint Client Secret field.
  8. Click Save.

Troubleshooting

Problem: Users experience authentication-based errors when using the SharePoint integration. problem-users-experience-authentication-based-errors-when-using-the-sharepoint-integration

Solutions:

Users must have appropriate permissions to the SharePoint site.

Users with Full Control access have all necessary permissions for your SharePoint integration. If you do not want to grant Full Control access to your users, you must grant the following permissions:

Design
Can view, add, update, delete, approve, and customize
Edit
Can add, edit, and delete lists; can view, add, update, and delete list items and documents
Contribute
Can view, add, update, and delete list items and documents
View only
Can view pages, list items, and documents (Document types with server-side file handlers can be viewed in the browser but not downloaded)

For instructions on creating and editing permissions levels, see How to create and edit permission levels in the Microsoft documentation.

Problem: When attempting to browse SharePoint files in Workfront, I do not see any or all of my site collections. problem-when-attempting-to-browse-sharepoint-files-in-workfront-i-do-not-see-any-or-all-of-my-site-collections

Solutions:

To see a site collection in Workfront, the following conditions must be met:

  • The user must have view access to the site collection in SharePoint.

    To verify this in SharePoint, check the site collection’s permissions in SharePoint.

Problem: I cannot access previously linked folders and documents in SharePoint. problem-i-cannot-access-previously-linked-folders-and-documents-in-sharepoint

Solution:

If the user who linked a SharePoint folder can no longer authenticate, Workfront can no longer access the contents of the folder. This may happen, for example, if the user who originally linked the folder leaves the company.

To ensure continued access, a user with access to the folder must re-link the folder.

For information on linking folders from external providers, see Link documents from external applications.

recommendation-more-help
5f00cc6b-2202-40d6-bcd0-3ee0c2316b43