SharePoint

Feature ID: FU - 46

Release Version: Server v5.13.5

Date of Validation: 12-08-2025

Overview

This validation document covers the SharePoint feature in Unifize platform, which allows administrators to connect Microsoft 365 SharePoint and OneDrive to checklist fields. This setup ensures that files used in workflows remain centralized, version-controlled, and compliant with enterprise storage policies.

This validation document ensures that the SharePoint integration in Unifize operates predictably, meets all regulated industry requirements, and remains fully under control. It confirms that risks are identified, assessed, and managed, and that the feature’s impact is clearly understood.

1. Installation Qualification (IQ)

This section verifies that the SharePoint feature was correctly deployed and configured in the target environments before any testing was performed. Installation Qualification confirms that all required environments, dependencies, configurations, and version alignments are in place for successful validation execution.

1.1 Environment & Version Details

Component
Version/Status

Server Version

v5.13.5

Deployment Stack

Microsoft Azure

OS Environment

Ubuntu 22.04 LTS

Database

PostgreSQL v16

Frontend

React 18.3.1

1.2 Prerequisite Confirmations

  • SharePoint connector is enabled in Org Settings.

  • Microsoft 365 and SharePoint API credentials are correctly configured.

  • User permissions for accessing SharePoint libraries are mapped in Unifize.

  • Linked SharePoint document fields are selectable during document record creation.

  • Version tracking is enabled for SharePoint-linked files.

  • For external file sharing, the SharePoint organization-level sharing setting must allow at least "New and existing guests". This ensures that guests can sign in or provide a verification code to access shared files when using the SharePoint integration in Unifize.

2. Operational Qualification (OQ)

2.1 Testing Scope Overview

The following categories of testing were executed:

  • 1. Role-Based Testing: Verified access and behavior across various Unifize user roles (Admin, Editor, Viewer) as well as Microsoft permissions.

  • 2. Form Factor Validation: Feature behavior was tested on below platforms to check consistent functionality and UI/UX across supported platforms

    • Web App (Chrome, Firefox)

    • Unifize Lite

  • 3. Functional Testing: This test contains execution of predefined scenarios to verify that the SharePoint integration functions in accordance with approved requirements. It assesses system behavior under normal and stressed conditions, validating data integrity, permission controls, synchronization reliability, exception handling, and audit trail completeness to ensure the feature operates within compliant and controlled parameters.

2.2 Test Cases and Result Summary

Test Case ID
Test Case Description
Preconditions for Testing
Test Steps
Expected Behaviour
Results
Test case link

277a194d

To verify that the Microsoft 365 Integration is successful

1) User is an admin of the org where integration is set up. 2) Integration account has Global/Privileged Administrator permissions. 3) User’s email in Unifize matches email in SharePoint

  1. Open Org Settings.

  2. Go to App Pages.

  3. Click the Integrate button next to Microsoft 365.

App is integrated and enabled successfully.

Passed

ee998d73

Test by Enabling Office 365 OneDrive/SharePoint in File Upload checklist settings

1) Microsoft 365 App already integrated and enabled. 2) User has SharePoint access with same email on Unifize and SharePoint.

  1. Go to Process Settings.

  2. Open File Field Settings (for an existing or new file field).

  3. Tick the Office 365 OneDrive / SharePoint file upload option

Option is selected, new 'Add file from SharePoint' choice appears in upload checklist.

Passed

ef13563e

To verify that the Microsoft 365 Admin is successfully integrated

1) User is an admin. 2) Integration account has Global/Privileged Admin permissions. 3) User’s email in Unifize matches SharePoint.

  1. Open Org Settings.

  2. Navigate to App Pages.

  3. Click the Integrate icon next to Microsoft 365 Admin.

Microsoft 365 Admin is successfully integrated and enabled.

Passed

31e18520

Test by Adding Folder Under Office 365 OneDrive/SharePoint File Upload Option

1) User has Microsoft 365 App integrated and enabled. 2) User has SharePoint access with same email on Unifize and SharePoint.

  1. Open process settings.

  2. Go to an existing/new file field.

  3. Tick the Office 365 OneDrive / SharePoint upload option.

  4. Add a folder from OneDrive in the file upload option.

Folder is added successfully; 'Attach file' option appears enabling creation of docx, xlsx, pptx files.

Passed

084f875e

Test by Picking File from SharePoint (Read Only)

1) Microsoft 365 App integrated and enabled. 2) File field has Office 365 OneDrive/SharePoint upload option. 3) User has matching email access on Unifize and SharePoint.

  1. Go to the conversation with the file field.

  2. Select Add from SharePoint.

  3. Pick a file from the file picker.

  4. File gets shared with conversation members.

  5. Read-only rights set in SharePoint for conversation members.

File is picked, added to file field, shared with members, and given read-only access.

Passed

7d9f6338

Test by Picking File from SharePoint (Edit Access)

1) Microsoft 365 App integrated and enabled. 2) Microsoft 365 Admin App integrated and enabled. 3) File field has Office 365 OneDrive/SharePoint upload option. 4) User has matching email access on Unifize and SharePoint.

  1. Go to the conversation with the file field.

  2. Select Add from SharePoint.

  3. Pick a file from the file picker.

  4. File gets shared with conversation members.

  5. Edit rights set in SharePoint for conversation members

File is picked, added to file field, shared, and given edit access.

Passed

158d3c2a

Creating File from Unifize on SharePoint (Read Only)

1) Microsoft 365 Admin App integrated and enabled. 2) File field has Office 365 OneDrive/SharePoint upload option. 3) Folder selected by a user with SharePoint integration. 4) 'Give edit access' checkbox not selected.

  1. Go to the conversation with the file field.

  2. Click Attach file.

  3. Select a folder in SharePoint.

  4. File gets created inside the folder.

File is created inside folder, added to checklist, and shared with members with read-only access.

Passed

9e4ef88e

Creating File from Unifize on SharePoint (Edit Access)

1) Microsoft 365 Admin App integrated and enabled. 2) File field has Office 365 OneDrive/SharePoint upload option. 3) Folder selected by a user with SharePoint integration. 4) 'Give edit access' checkbox selected.

  1. Go to the conversation with the file field.

  2. Click Attach file.

  3. Select a folder in SharePoint.

  4. File gets created inside the folder.

File is created inside folder, added to checklist, and shared with edit access.

Passed

3c74054d

Creating Revision of Conversation with SharePoint Files

1) Microsoft 365 Admin App integrated and enabled. 2) Process has file fields with SharePoint files. 3) Process has revision field.

  1. Create a revision of the conversation.

  2. Verify SharePoint files get copied to new revision with correct permissions

Revision is created; SharePoint files are copied with correct permissions.

Passed

63fbf2a6

Locking File Fields via Approval

1) Microsoft 365 integrated and enabled for picked files. 2) Microsoft 365 Admin integrated for created files. 3) Approval field configured to lock SharePoint files on approve.

  1. Approve the checklist.

  2. All configured file fields get locked.

  3. SharePoint permissions change to owner-only access.

Files get locked; permissions set to owner-only access.

Passed

6c30fec3

Unlocking File Fields via Approval

Microsoft 365 integrated for picked and created files; Approval field configured to unlock SharePoint files on cancel/reject

  1. Cancel or reject approval.

  2. All locked file fields get unlocked.

  3. SharePoint permissions revert to original.

Files unlocked, permissions reverted

Passed

e7651141

Test by Generating PDF of Files

Microsoft 365 integrated for picked and created files; PDF field configured for generating PDFs

  1. Go to the conversation with files.

  2. Open checklist.

  3. Click Generate PDF.

PDF is generated successfully

Passed

391fb207

Viewing Files on SharePoint When Only Microsoft 365 App is Enabled

Microsoft 365 App enabled; Admin app not enabled; file field configured; user has SharePoint access

  1. Go to the conversation containing the file field with SharePoint files.

  1. Click the SharePoint file link in the field.

  1. Verify that the file opens in SharePoint with view-only access.

User can view file in SharePoint but cannot edit

Passed

e0f6a265

Restricting Edit Access When Only Microsoft 365 App is Enabled

Microsoft 365 App enabled; Admin app not enabled; file field configured; user has SharePoint access

  1. Go to the conversation containing the file field with SharePoint files.

  2. Open the file from SharePoint.

  3. Attempt to edit the file (e.g., add text to a document, modify an Excel cell, or update a PowerPoint slide).

File remains read-only in SharePoint

Passed

26f249ab

Adding a group/member in Unifize chatroom should grant permissions to existing and new documents

Microsoft 365 Admin App enabled; process configured with file fields

  1. Open the conversation that contains the file field

  2. Open the checklist

  3. Click "Attach file" in the configured file field, then either select an existing file or create a new one

  4. Add a group to the chatroom

All added users get permissions for existing and new files

Passed

ac79bc5c

Verify adding a member/group grants access to all existing documents

Chatroom has existing documents

  1. Add a new member or group to the chatroom.

  2. Check if they have access to existing documents.

New members get access to all existing documents

Passed

10d41902

Verify new documents created after adding a member automatically grant permissions

Chatroom exists; member/group already added

  1. Create a new document in chatroom.

  2. Check access with the added member’s account.

New document has permissions for all chatroom members

Passed

288e7697

Verify members added after document creation get retroactive access

Chatroom exists with documents

  1. Create a document.

  2. Add a member/group to chatroom.

  3. Check access with their account.

Member/group can access previously created documents

Passed

b5e72ee0

Verify removed members lose access to all existing and future documents

Chatroom exists with documents and member present

  1. Remove member from chatroom.

  2. Attempt to open chatroom documents with removed member’s account.

Access is denied for removed member

Passed

a4d436b0

Verify replacing one group with another updates document permissions

Chatroom exists with one group; Microsoft 365 Admin App enabled

  1. Remove existing group.

  2. Add a new group.

  3. Check document access for both groups.

New group gets access; removed group loses access

Passed

1cb32021

To Verify that members with a "Viewer" role only have read access - Member with Limited Role

Chatroom exists; roles configured (Viewer/Editor)

  1. Add a member with a restricted role (e.g., “Viewer only”).

  2. Check if they have read-only access to documents.

Role-specific permissions should apply to all existing and new documents.

Passed

6689d1e5

Verify that a user who is not part of the chatroom cannot access its documents – No Permissions Without Chatroom Membership

Chatroom exists with documents; test user is not a member.

  1. Attempt to open chatroom document as non-member.

Access is denied; error message displayed.

Passed

f7bbb10f

Verify that a non-admin user cannot add members to a chatroom – Adding Member Without Admin Rights

Chatroom exists; logged-in user is non-admin.

  1. Attempt to add a member as non-admin.

Member is not added; error/permission message displayed.

Passed

b328b060

Verify that only group members who are part of the chatroom get access to documents

Group exists with some members in chatroom, some not.

  1. Attempt to open chatroom document with group member not in chatroom.

Non-chatroom group members have no access.

Passed

e0fc4e35

Verify that a user whose account is deactivated cannot access chatroom documents – Expired Membership

Chatroom exists with document; member account active.

  1. Deactivate member’s account.

  2. Attempt to open chatroom document.

Access denied immediately after deactivation.

Passed

c6a391bc

Verify behavior when document permission synchronization fails after adding a member – Permission Sync Failure

Chatroom exists with documents; simulate sync failure.

  1. Add member to chatroom.

  2. Attempt to access documents.

Member has no access until sync is restored; error shown.

Passed

195d33c9

Verify that changing a member's role from "Editor" to "Viewer" removes edit rights

Chatroom exists; member has "Editor" role.

  1. Change role from "Editor" to "Viewer".

  2. Attempt to edit a document.

Member loses edit rights instantly; can only view.

Passed

2.3 Feature limitations

  1. Integrations required: To use the full range of SharePoint features (e.g., file creation, editing, and linking), both the Microsoft 365 Admin App and User App must be integrated. Having only one of them will result in limited or non-functional behaviour.

3. Impact Assessment

This section provides a combined analysis of the impact and associated risks for the current feature release. It outlines which user groups and workflows are affected, the extent of risk and corresponding mitigation and corrective actions.

3.1 Feature Impact Summary

Are of Impact
Details

Application / Module

File Upload Checklist, Approval Checklist, Revision Checklist

Impacted User Groups

Admins, Org Members, External users

Form Factors Affected

Web App, Unifize Lite

3.2 Risk Analysis

This table outlines potential risks associated with this feature. Each risk is assessed by its impact, likelihood, and revised score after mitigation. The industry sensitivity column highlights which industry groups may be more affected, helping customers assess relevance for their regulated environments.

Risk Scoring Methodology

The risk score is calculated as:

Risk Score = Impact (Severity) × Likelihood (Occurrence)

3.2.1 Severity (Impact Levels)

Label
Description

Low (1)

Cosmetic; no user impact

Medium (2)

Minor workflow disruption; not customer-facing

High (3)

Breaks validated workflow; affects customer operations

Critical (4)

System-wide failure; compliance breach or data loss

3.2.2 Likelihood (Occurrence Levels)

Label
Description

Rare (1)

The issue has never occurred

Unlikely (2)

Could occur under edge conditions

Possible (3)

Has occurred before

Likely (4)

Frequently seen in similar modules

Certain (5)

Actively happening or expected to occur

3.2.3 Risk Level Classification

Score
Risk Level
Action

1–3

Low

Acceptable – Document and monitor

4–6

Medium

Mitigation required before release

7–10

High

Compliance review needed

11–20

Critical

Block release – Executive review

3.2.4 Risk severity definitions

Severity
What it impacts

High

Data integrity, security, compliance, patient/user confidentiality, or critical workflows

Medium

May impact core application behavior, business processes, permissions, or interconnected features

Low

Minor UI inconsistencies, non-functional issues, or non-blocking bugs

NA

No risk observed or risk not applicable to any functionality

3.2.2 Risk Register

Risk ID
Risk Description
Industry Sensitivity
Impact Level
Likelihood
Risk Score
Affected CFI?
Risk Acceptance
Mitigation Plan
Target Date
Status

RISK-7

If a user changes their password or their active session is revoked, all files they uploaded will become inaccessible.

High

3

3

9

Yes

Escalate

Use an app token for file access wherever possible, so file access is independent of the owner’s user cycle lifecycle.

In-review

RISK-8

Edit or preview links can break if files are moved or SharePoint permissions are changed.

Medium

3

3

9

Yes

Same as above – use app token access to reduce dependency on individual user sessions.

In-review

RISK-9

If a user leaves the organization and their Microsoft account is deleted, any files in their personal OneDrive become inaccessible.

High

3

2

6

Yes

Enforce policies for uploading files only from approved SharePoint sites.

Open

RISK-10

App tokens may have broader access than required, allowing users to see files outside their scope.

High

3

2

6

Yes

Use scoped permissions such as sites.selected and enforce user-level permissions within Unifize.

Open

RISK-11

Using app tokens can reduce per-user traceability for file access, leading to gaps in the audit trail (when assigning user permissions).

High

2

2

4

Yes

Apply logging controls and monitor app token activity to maintain audit records.

Open

RISK-12

End users may not be aware when their access level has been elevated.

Medium

2

2

4

Yes

Add clear UI tooltips on the file picker and document actions, and include documentation for transparency.

Open

RISK-13

If a user creates a file but lacks the rights to edit under their account, editing will fail.

Medium

2

3

6

Yes

Check permissions before opening in edit mode and downgrade to view-only with an option to request access.

Open

RISK-14

Browser settings, such as pop-up blockers, can disrupt the SharePoint file picker flow.

Low

1

2

2

No

Provide a single-window fallback, display clear prompts, and offer help documentation for allowed sites.

Open

3.2.3 Residual risks summary

This section outlines any remaining (residual) risks after implementing mitigation plans. These are risks that cannot be fully eliminated but are considered acceptable within the operational context of SharePoint feature.

  • File inaccessibility due to password/session changes and broken edit/preview links if files are moved or SharePoint permissions change remain possible because they depend on external Microsoft account and SharePoint permission management, which are outside Unifize’s direct control.

  • Risks related to user account deletion, over-permission from app tokens, reduced audit trail visibility, unawareness of elevated access, and editing without sufficient rights have been reduced through scoped permissions, pre-checks, and user transparency measures. However, some dependency on user actions and external configurations remains.

  • Disruption to file picker flow due to browser pop-up blockers cannot be fully prevented because it is dependent on individual user browser settings.

4. Change log

4.1 Feature Improvements

Reference ID
Version number
Date
Change description
Risk level

11843

v5.8.2

2025-04-01

Generated only SharePoint token for MS365 filepicker. Previously, with 2 tokens that the API server sends in the response, the client could fail at key lookup using the command.resource key sent by the filepicker via Channel Messaging Web API, returning undefined to the filepicker in certain cases and causing an error when picking files from the sites. This change fixes the issue by sending only the SharePoint token in the response and making the client use only this token for the filepicker. Also updates some log messages in the same namespace.

2

8068

v5.1.0

2024-11-27

Added support for SharePoint file import using chatroom title. Given a CSV file with just a Chatroom title column and an empty column for a file field that supports SharePoint files, this change adds support for importing it through a REPL command.

2

6561

v0.0.1

2024-11-18

Added support for importing SharePoint files from CSV. Given the file path located in the user's OneDrive account or SharePoint site, this change adds support for importing them through the REPL.

1

4.2 Fixed Defects

Reference ID
Version number
Date
Change description
Risk level

20040

v5.13.10

2025-08-11

Fixed MS365 file PDF issue - Previously, we downloaded external files to determine their sizes and only updated the top-level :size field in the file record. We neglected to update the :size key in the file's version metadata, which caused PDFs to fail. This change ensures that both the file record and its version entries receive the correct size.

2

17380

v5.11.6

2025-07-01

Updated SharePoint filename if same file is relinked - Previously, if a SharePoint file was renamed and then removed and re-added in the file field, the old file name still showed in file field values. This fix ensures the file name in the database is updated when the same file (identified by its external-id) but with a different name is added.

2

11843

v5.8.2

2025-04-01

Generated only SharePoint token for MS365 file picker - Previously, the API server sent two tokens in the response, which could cause the client to fail at key lookup using the command.resource key from the file picker via the Channel Messaging Web API. This sometimes returned undefined and caused file picker errors. This update sends only the SharePoint token in the response and ensures the client uses only this token for file picker. Also updates some log messages in the same namespace.

3

11843

web v7.1.1

2025-04-01

Fixed site access issues in SharePoint file picker — The file picker failed in some cases where the command.resource from its channel message differed from the resources sent in the backend API's accessTokens map. Now, the backend API sends only the SharePoint token when queried, and uses the same token for all authenticated commands from the file picker.

2

11843

v5.8.2

2025-04-01

Added logs for SharePoint file picker component — Adds logging to better trace file picker operations.

1

8068

v5.1.0

2024-11-27

Added support for SharePoint file import using chatroom title — Adds support for importing SharePoint files through REPL when given a CSV with a chatroom title and empty file field column that supports SharePoint files.

1

8068

v0.0.4

2024-11-21

Fixed inaccessible SharePoint files after CSV import — Ensures that access permissions are correctly assigned to chatroom members after CSV imports add SharePoint files.

1

6561

v0.0.1

2024-11-18

Added support for importing SharePoint files from CSV — Adds support for importing SharePoint files from a file path in the user’s OneDrive account or SharePoint site through REPL.

1

7018

2024-11-15

Fixed SharePoint file access after chatroom revision — Previously, when creating a chatroom revision, the new owner became the file owner in the database. If they hadn’t done user-level MS365 authentication, editing files caused errors. Now the file owner remains unchanged during revisions, and permissions are correctly copied between revisions.

2

Last updated