How to change account used by K2 service to interact with SharePointonline

  • 24 February 2022
  • 0 replies
  • 42 views

Userlevel 5
Badge +20
 

How to change account used by K2 service to interact with SharePoint online

kbt142162

PRODUCT
K2 blackpearl 4.7
BASED ON
K2 blackpearl 4.7
This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
LEGACY/ARCHIVED CONTENT
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.

Objective

In certain scenarios you may need to change SharePoint Online account used by K2 for SharePoint app and/or K2 service to interact with SharePoint online.

For example:

- A personalized account has been used instead of generalized one and you would rather see some generalized account on SharePoint Online side (see more details below).

- A personalized/generalized account has been used but you don't have credentials for this account and want to switch to different SharePoint Online account.

Additional details:

When you have a K2 environment integrated with SharePoint Online, all interactions with SharePoint Online are happening in the context of the K2 service account and SharePoint Online "sees" the K2 service account as a specific SharePoint Online user based on a cached OAuth token which gets created when you run K2 for SharePoint App registration wizard for the very first time.

After this token has been created, the K2 service account uses it for any operation performed without context of any other SharePoint Online user. For example, when the 'Upload Document' method of the SharePoint Online document library SmartObject is being executed inside of the workflow event, then a file gets uploaded to SharePoint Online in the context of a SharePoint Online account which is cached inside of the K2 service account token. In case you are executing a similar method from SmartForms level and you logged in using SharePoint Online identity, then a different/user specific token may be utilized by K2.

In cases where you specified the wrong SharePoint Online identity while running the K2 for SharePoint App registration wizard or when it is just necessary to change it you need to delete the OAuth token cached for K2 service account and create a new one.

Before You Begin

Workflows are being executed in the context of the K2 service account. To interact with SharePoint Online, the K2 service account uses an administrative token created at the time you run the K2 for SharePoint App registration wizard on the app catalog level. When you are running it for the very first time you will get a SharePoint online credential prompt and the credentials you specify there will define the account/context which will be used by the K2 service account to interact with SharePoint Online.

How-to Steps

To switch to another account, please do the following:

 

  1. Remove the two existing tokens associated with the K2 service account (https://graph.windows.net, https://%your_app_catalog%.sharepoint.com) which have Resource Type = "Microsoft Online"
  2. You may also have other tokens associated with the K2 service account - one token gets created for each site collection you activate with the K2 for SharePoint App. There is no need to delete them.
  3. Once the two tokens are removed, run the K2 for SharePoint App registration wizard again. There will be SharePoint Online credential prompts - make sure you use the SharePoint Online account which you want to be used by the K2 service account to interact with SharePoint Online. (You may want to create a dedicated K2 service account in SharePoint online for that.)
  4. New tokens for the K2 service account will be created.

0 replies

Be the first to reply!

Reply