How to change account used by K2 service to interact with SharePoint online
kbt142162
PRODUCTObjective
In certain scenarios you may need to change SharePoint Online account used by K2 for SharePoint app and/or K2 service to interact with SharePoint online.
For example:
- A personalized account has been used instead of generalized one and you would rather see some generalized account on SharePoint Online side (see more details below).
- A personalized/generalized account has been used but you don't have credentials for this account and want to switch to different SharePoint Online account.
Additional details:
When you have a K2 environment integrated with SharePoint Online, all interactions with SharePoint Online are happening in the context of the K2 service account and SharePoint Online "sees" the K2 service account as a specific SharePoint Online user based on a cached OAuth token which gets created when you run K2 for SharePoint App registration wizard for the very first time.
After this token has been created, the K2 service account uses it for any operation performed without context of any other SharePoint Online user. For example, when the 'Upload Document' method of the SharePoint Online document library SmartObject is being executed inside of the workflow event, then a file gets uploaded to SharePoint Online in the context of a SharePoint Online account which is cached inside of the K2 service account token. In case you are executing a similar method from SmartForms level and you logged in using SharePoint Online identity, then a different/user specific token may be utilized by K2.
In cases where you specified the wrong SharePoint Online identity while running the K2 for SharePoint App registration wizard or when it is just necessary to change it you need to delete the OAuth token cached for K2 service account and create a new one.
Before You Begin
Workflows are being executed in the context of the K2 service account. To interact with SharePoint Online, the K2 service account uses an administrative token created at the time you run the K2 for SharePoint App registration wizard on the app catalog level. When you are running it for the very first time you will get a SharePoint online credential prompt and the credentials you specify there will define the account/context which will be used by the K2 service account to interact with SharePoint Online.How-to Steps
To switch to another account, please do the following:
- Remove the two existing tokens associated with the K2 service account (https://graph.windows.net, https://%your_app_catalog%.sharepoint.com) which have Resource Type = "Microsoft Online"
- You may also have other tokens associated with the K2 service account - one token gets created for each site collection you activate with the K2 for SharePoint App. There is no need to delete them.
- Once the two tokens are removed, run the K2 for SharePoint App registration wizard again. There will be SharePoint Online credential prompts - make sure you use the SharePoint Online account which you want to be used by the K2 service account to interact with SharePoint Online. (You may want to create a dedicated K2 service account in SharePoint online for that.)
- New tokens for the K2 service account will be created.