Access requirements
Expand to view access requirements for the functionality in this article.
You must have the following to perform the steps in this article:
For more detail about the information in this table, see Access requirements in Workfront documentation.
Prerequisites
You must have any necessary access or permissions in SharePoint to modify or configure your SharePoint integration.
Link documents through the new SharePoint integration
Individual users can link documents through the new SharePoint integration. The integration does not require administrator configuration. Instead, the user logs onto their Microsoft account when linking a document, which enables the integration to access documents available in the user’s SharePoint.
The first time a user connects the Workfront SharePoint integration to their SharePoint account, they will either see and agree to all of the permissions that Workfront uses when interacting with their SharePoint account, or be able to request permissions from their Microsoft administrator. Read permissions allow Workfront to see and access files on SharePoint, and write permissions allow the user to upload files to SharePoint.
For instructions on linking documents through the new SharePoint integration, see Link an external document to Workfront
-
Depending on the organization’s Microsoft configuration, users may see an “Approval required” page instead of a “Permissions requested” page. In this case, the users can use this page to request that the organization’s Microsoft administrator grant permissions to the Sharepoint integration.
-
A SharePoint integration can connect to a single SharePoint instance. Therefore, a user can set up an integration for one SharePoint, but cannot set up an integration to a second SharePoint, even if they have permissions to and documents on the second SharePoint.
-
A user has access to the same sites, collections, folders, subfolders, and files through the Workfront SharePoint integration as they have in their SharePoint account.
Link documents from SharePoint
For instructions on linking documents from SharePoint through the new SharePoint integration, see Link an external document to Workfront.
Send documents to SharePoint
To send a document to SharePoint:
-
Click the Send to icon
-
(Optional) Search in the search bar for the site or folder where you want to send the document.
-
Select the site or folder from the list.
-
Sites are marked with
-
Folders are marked with
-
Files are not marked with an icon.
-
-
Click Save.
Security, access, and authorization information for the SharePoint integration
Authentication and authorization
Workfront uses OAuth2 to retrieve an access token and a refresh token. This access token is used for authorization with all SharePoint areas.
Access and permissions
The first time a user adds a document to Workfront from SharePoint, they are directed to the Permissions requested page, where they can grant permissions to their SharePoint integration.
The following permissions are requested:
Access | Reason |
---|---|
Have full access to your files | Allows Workfront to access a user’s files to link assets. When documents are sent from Workfront to SharePoint, Workfront requires access to create the asset. |
Read items in all site collections | Allows Workfront to read assets to enable user navigation. |
Edit or delete items in all site collections | Allows Workfront to create assets in sites and site collections. Delete is used only when cleaning up after unsuccessful link attempts. |
Maintain access to data you have given it access to | Allows Workfront to generate a refresh token. |
Sign in and read user profile | Allows Workfront to use the access token to act of behalf of the user, through the OAuth2 login flow. |
- This access is granted by the user the first time they use the integration, and can be revoked at any time.
- The permissions requested for this integration are delegated permissions.
- Workfront requests the minimum access required to perform operations in the integration.
- Access to view, edit, or delete an Adobe Workfront document linked to SharePoint is based on the user’s access in Workfront. However, any navigation, downloading, or editing of a SharePoint file or folder requires access to SharePoint, and access to these actions is controlled by SharePoint.
- Users can view thumbnails and preview images sourced from SharePoint, and can see file and folder names in SharePoint, without logging into SharePoint.
- A user’s access token is used only when the user is offline and another user views the contents of a folder that is linked to Workfront. The access token is used to discover if any documents in the folder have been added, removed, or edited.
Security
All communication between Workfront and SharePoint is conducted over HTTPS, which encrypts the information.
Workfront does not store, copy, or duplicate data from SharePoint. The only exception is that Workfront stores thumbnails from SharePoint to display in the list view and in Preview.
If an asset was first uploaded to Workfront, and then sent to SharePoint, Workfront retains the data for the first file because users can download a previous version of a Workfront document. If a document was created in SharePoint, Workfront does not store that file data.
Configure the legacy SharePoint integration for continued access to documents
To ensure that your users have continued access to documents linked to Workfront through the legacy SharePoint integration, you must reconfigure access to the legacy SharePoint integration and keep the SharePoint Client Secret up to date.
Reconfigure access to the legacy SharePoint integration
Reconfiguring the legacy SharePoint integration allows your users to access documents linked through the legacy SharePoint integration, while ensuring that your users cannot link new documents through that integration.
- The legacy SharePoint integration is labeled “SharePoint.”
- The new SharePoint integration is labeled “SharePoint (Graph API).”
- Click the Main Menu icon
- Select Documents in the left navigation, then select Cloud Providers.
- Make sure that the SharePoint option and SharePoint (Graph API) option are both enabled.
- Click Save.
- Select Documents in the left navigation, then select SharePoint Integration.
- Select the checkmark on the left of the list for all existing integrations, then select Disable.
Configure the Client Secret for continued access to the legacy SharePoint integration
Your SharePoint Client Secret expires once a year. To ensure continued access to the documents in your legacy SharePoint integration, you must keep its SharePoint Client Secret up to date.
- Generate a new client secret as described in Replace an expiring client secret in a SharePoint Add-in.
- Copy this Client Secret to a secure location.
- Log into Workfront as an administrator.
- In Workfront, click the Main Menu icon
- In the left panel, click Documents > SharePoint Integration.
- Click on the SharePoint integration you want to update, then click Edit.
- Locate the Connection Info section of the editing window, then enter the new Client Secret into the SharePoint Client Secret field.
- Click Save.
Troubleshooting
Problem: Users experience authentication-based errors when using the SharePoint integration.
Solutions:
Users must have appropriate permissions to the SharePoint site.
Users with Full Control access have all necessary permissions for your SharePoint integration. If you do not want to grant Full Control access to your users, you must grant the following permissions:
For instructions on creating and editing permissions levels, see How to create and edit permission levels in the Microsoft documentation.
Problem: When attempting to browse SharePoint files in Workfront, I do not see any or all of my site collections.
Solutions:
To see a site collection in Workfront, the following conditions must be met:
-
The user must have view access to the site collection in SharePoint.
To verify this in SharePoint, check the site collection’s permissions in SharePoint.
Problem: I cannot access previously linked folders and documents in SharePoint.
Solution:
If the user who linked a SharePoint folder can no longer authenticate, Workfront can no longer access the contents of the folder. This may happen, for example, if the user who originally linked the folder leaves the company.
To ensure continued access, a user with access to the folder must re-link the folder.
For information on linking folders from external providers, see Link documents from external applications.
More help on this topic
Workfront
- Workfront documentation
- Product announcements
- Administration and setup
- Adobe Workfront basics
- Agile
- Documents
- Manage Work
- Teams and groups
- Reporting
- Manage resources
- Review and approve work
- Timesheets
- Adobe Workfront Scenario Planner
- Adobe Workfront Goals
- Adobe Workfront Planning
- Adobe Workfront Integrations
- Workfront Proof
- Adobe Workfront API
- ProofHQ API
Learn: Automating Workflows with Workfront Fusion - Unique Use Cases in Action
Workfront
Tuesday, Mar 4, 6:00 PM UTC
Looking for creative ways to use Workfront Fusion to solve business challenges? Join Pan Shahbazian of Starbucks as she shares three unique use cases that can transform your workflows.
RegisterThe Perfect Blend: A New Era of Collaboration with AEM and Workfront
Adobe Customer Success Webinars
Wednesday, Apr 2, 5:00 PM UTC
Explore how Adobe Experience Manager and Workfront integrate to help teams move from ideation to delivery without the usual bottlenecks, ensuring content is organized, on-brand, and ready to go live faster.
RegisterAdobe Workfront at Summit
Register for these admin sessions:
Connect with Experience League at Summit!
Get front-row access to top sessions, hands-on activities, and networking—wherever you are!
Learn moreRegister to learn something new
WORKFRONT
Join Adobe product experts in live events where you will learn Adobe Workfront best practices, tips and tricks, and hear about the latest product features and updates.
Register