I'd love to hear others' experiences with integrating SharePoint at the folder level, and how to address the necessity to re-authorize those folders once the user who originally linked them are deactivated. We can't find an easy way to report on which folders are needing to be re-authorized and it's frankly slammed the brakes on our integration dreams! How can we proactively address this instead of finding out retroactively that authorization has broken for some folders?
The only half-baked solution I've found is to pull a Document report, pull all documents using the SharePoint integration type that are owned by the team member who was offboarded, include the project name and folder name, and then export that report to Excel. From there I remove duplicates so that I have a list of project names where there is at least one Document in a folder using the SharePoint integration, and that document was owned by an offboarded user.
Hopefully this braindump makes sense and would love to know if anyone's found a more viable solution.
This is interesting and definitely not ideal!
Docs in WF uploaded via an integration like Sharepoint inherit the access/perms the doc has in Sharepoint. So if a doc is linked, in a folder or not, has doc access to multiple people who are also in the WF project the doc is linked in, even if someone leaves wouldn’t the other users who have SP still be able to access those files in SP or in WF?
I'm not sure about the doc itself, but right now we can't even open up the folders! I forgot to mention in my initial post that I believe the thing really messing us up is that we have SSO enabled. So, when the user is deactivated or they leave the company, it breaks their connection that way.
Here's an example of what we see:
I've worked through this with Support and we determined there's no option other than to have another user re-authorize the folder by re-linking the folder(s). I guess my ask out of the Community is for any suggestions on being able to catch these broken links proactively! IE, user Jaye C is going to be deactivated, so pull a list of all folders that need to be re-authorized by someone else. I don't think it's possible, but I'm hoping someone has some ideas.
Here's the big question: Do these SharePoint spaces have more than one owner? If there is only one owner (and that's the person who offboarded), would more than one owner solve the problem?
Hey @Lyndsy-Denk, I'm not positive I understand the question (SharePoint newbie here). I don't believe our coordinators who set up the integrated folders are owners of the SharePoint space. They just have access to it and use the Graph API connector in Workfront to link in the associated folders from SharePoint. Does that change your perspective? I believe our issue has arisen due to implementing SSO.
Oops @Lyndsy-Denk, I take that back. It looks like all of our coordinators are owners of the SharePoint, but none of them can simply "re-authorize" the integration on a broken folder in Workfront. They have to completely remove the linked broken folders and then re-link them all over again.
What a bummer. It sounds like the recent SSO conversion broke the links? It might be worth reaching out to support to ask if they have any recommendations to more efficiently reconnect things. At minimum your ticket sends a message that this is something Workfront can coach system admins on when converting to SSO.
Right? Very frustrating. I did have a ticket already (sorry, didn't include this info in original post, only in a follow-up comment above). It looks like we have no easier way of reconnecting things. I was hopeful we could potentially get a report to help us flag where changes need to be made following a coordinator being offboarded, but no such luck so far! Thanks for trying to help - appreciate it!