FAQs
1) After importing the solution of SharePoint Security Sync from website all the Processes of SharePoint Security Sync are in a 'Draft/Deactivated' state? What to do?
Once the solution is imported, please follow the below steps to activate all the processes of SharePoint Security Sync.
Click on the gear icon --> Select Advanced Settings.

Next, select Processes.

From 'All Process' View activate the process shown in the below screenshot:

2) Is there a way to sync the previous records in bulk?
Yes, by using the Bulk Synchronization Tool you can sync the previous records in bulk.
3) How to enable file deletion?
You can enable file deletion by creating the Security Template for users with required actions.
4) Why am I seeing the error "Path doesn't exist" or "The selected entity ‘contact’ is not enabled for SharePoint integration"?
Whenever you enable the SharePoint integration for the respective entity, the document locations get created in the CRM.
But sometimes, the document locations don’t create automatically even when we integrate the entity for SharePoint integration.
Confirm if you have enabled the Contact entity for SharePoint integration in the document management settings. If not, please follow the steps outlined below:
Navigate to Advanced Settings.

Navigate to Document Management > Document Management Settings

Select Contact and Click on Next button.

Click on Next.

Click on Finish.

Once you've completed the steps above, please try creating the entity configuration for the Contact entity again.
If you have already followed the above steps, kindly confirm whether the Document Location has been created for the Contact entity by running an Advanced Find query, as shown in the screenshot below:

If the Document Location for the Contact entity has not been created, please manually create it for the Contact entity, as shown in the screenshot below:

Alternatively, you can navigate to the Documents tab from the Contact Entity record form. You can follow the steps outlined below to create the document location for the Contact entity as well.
Create a Contact record and select the Documents tab as shown in the below screenshot:

Once we click on the Documents tab then the document location is created for that respective entity.
Once the Document Location is created, please proceed to create the entity configuration for the Contact entity by navigating to the SharePoint Security Sync app.

5) How can I move history attachments?
You can move/copy your history attachments by using Bulk Migration Job feature.
6) How can I resolve the "Invalid JWT token. Could not resolve issuer token" error appearing in the error logs?
This error typically indicates that a user’s refresh token has expired.
Recommended Action:
Identify the affected users by reviewing the error logs where the "Invalid JWT token. Could not resolve issuer token" message appears.
Refer to the ‘Owner’ field in each error log entry — this will indicate the user who encountered the token issue.
Use the identified users in the query provided below to delete the corresponding Connection Detail records that contain both the access token and refresh token values.
After deletion, ask the respective user(s) to access the Attach2Dynamics UI button from the ribbon bar. This action will automatically reinitiate the token creation process.

Additional Recommendation:
Once the above steps are completed, enable the cloud flow that automatically refreshes tokens daily to avoid token expiration issues in the future. To do this: Navigate to the “SharePoint Security Sync” solution → Cloud Flows, and activate the relevant flow.

7) How do I resolve the "System.UnauthorizedAccessException" or "Access Denied" error when creating folders in SharePoint?
"Access Denied" or "UnauthorizedAccessException" error appears when the user performing the operation does not have sufficient permissions on the SharePoint site
To resolve this error, please follow these steps:
Step 1: Identify the Affected User
Check the error log details.
Find the ‘Owner’ field — this represents the user whose action triggered the error.
Step 2: Verify SharePoint Access for the User
Ensure that this user is a member of the relevant SharePoint site. If the user is not part of the SharePoint site, kindly add the user to the site with the required permissions.
8) We have done a sandbox copy of the production environment to a TEST env. and like to have the 'SharePoint Security Sync' solution to work in this new instance. What do we need to do?
When a UAT environment is created by copying from a DEV environment, the configuration for SharePoint Security Sync does not get carried over automatically. This is because the sync settings, license, and connector relationships are environment-specific. As a result, you’ll need to reset and reconfigure the setup manually in the UAT instance.
Here’s how you can fix it:
Delete the Inogic License – Open Advanced Find, search for Inogic License Details, and click on Results. From the results, select only the license related to the SharePoint Security Sync product and delete it.


Delete the Connection Details – Open the Connector, navigate to the Related tab, and select Connection Details. From there, delete all existing connection details.

Delete the Entity Configurations – Navigate to Entity Configurations via the sitemap, open the section, and delete each entity configuration one by one.

Delete the Connector – From the sitemap, select Connector, then choose and delete the existing connector.

Reconfigure SharePoint Security Sync – Set up the configuration from the beginning to restore full functionality.
Once these steps are completed, SharePoint Security Sync will be fully functional in your UAT environment.
9) What to do if I am unable to authenticate the connector?
In such situations, please ensure the credentials are correct and you have a Global administrator privileges and also are a SharePoint site owner.
10) I am getting an error pop-up stating ‘Unable to get Tokens’. What should I do?
Firstly, please check if the browser setting is to Enable the cookies. To know more please follow this link. If the solution still doesn’t work please then try to authenticate the connector once. If you are using Authentication mode as App then please make sure that you have selected the consent box while authenticating. Please follow this link to know about how to authenticate the connector.
11) I’m trying to uninstall the SharePoint Security Sync solution, but I’m encountering a sitemap dependency error. How can I resolve this?
If you're facing a sitemap dependency error while uninstalling the SharePoint Security Sync solution, it's likely due to a reference in the sitemap.
To remove this dependency, follow these steps using the Power Platform Environment Settings App:
Navigate to Power Platform Environment Settings and click Open in App Designer.

In the navigation panel, locate Attach2Dynamics.
Click the ellipses (three-dot menu ...) next to it and select Remove from Navigation.

Once removed, click Save and Publish.
This will remove the sitemap dependency, enabling you to proceed with uninstalling the SharePoint Security Sync solution. Once the sitemap dependency is removed, refer to the official documentation to complete the uninstallation process.
12) Which types of SharePoint Site does SharePoint Security Sync support?
Currently, we support only SharePoint Communication and Team site. SharePoint Subsite is not supported.
13) What to do if I get ‘Active user count exceeds the user limit’ error?
This message is displayed when the number of the CRM user is increased beyond the subscribed users. If you get this issue then please reach out to us at [email protected] with the total user count. To get the total user count please execute the below condition in Advanced Find:

14) What to do if I am not able to see the Attach2Dynamics button?
Please make sure the user has Attach2Dynamics Admin / User security role assigned. To know more about the Attach2Dyamics security role please follow this link. Also, please make sure the Entity configuration record is created for the respective entity. To know more about entity configuration please follow this link.
15) Can Attach2Dynamics UI be shown on a Tab instead of clicking the Attach2Dynamics button?
Yes, Attach2Dynamics can be shown on a tab. To know more regarding the configuration please follow this link.
16) I changed my Microsoft account password after which I started facing an issue while using SharePoint Security Sync solution. What to do?
In order to solve this issue, you will have to delete the connection detail record of the user who is this getting error.
To delete the connection detail record of the user please follow the steps given below:
Open Advanced Find from your CRM.

In the Look for dropdown select Connection Details entity.

Please add a condition as shown in the below screenshot:

Click on Results.

Select all the records of that user --> Click on Delete.

Once the record is deleted, you have to authenticate all the connectors and then hit the Attach2Dynamics button. For this, click on the Authenticate button on the ribbon bar.

Check the consent box as shown below:

17) What are the steps to export Log in Excel sheet?
To export the log record in Excel, follow the steps given below:
Open 'Advance find' in CRM.

In the 'Look for' dropdown, select Logs entity.

Add a condition for the error, as shown in the below screenshot.

Now click on the Edit Columns button.

After clicking on 'Edit Columns', you have to click on the Add Column option present inside the Common Task section.

Next, select the Trace Log field and then click on the OK button.

Once again click on the OK button on Edit Column window.

Click on the Result.

Now click on the Export Logs button dropdown and then click on the Static Worksheet option.

In a short time, an Excel file will be downloaded for offline consumption.
18) Why am I seeing the error "Entity configuration for regarding object with id (id value)and entity logical name=(Entity name) does not exist" during Bulk Migration or Email Sync?

This error typically occurs when you're performing a Bulk Migration Job or a real-time operation involving emails (or other activity records) that have a regarding entity (e.g., Case, Opportunity ,contact, account etc.).
To resolve this issue, make sure that:
You have created Entity Configuration records for both the main entity (e.g., email, appointment, phonecall, task etc.) and the regarding entity (e.g., Case, opportunity, account, contact etc.).
For the regarding entity, you do not need to select any Attachment Action, just having the configuration is enough to generate the folder structure correctly.
This ensures that the system knows how to handle folder creation and avoid this error.
19) Is it safe to delete the completed Batching and Sync Status?
Yes, it is safe to delete the batching and sync status which are completed. By using the Bulk deletion job, you can delete such batching and sync status records. You can make use of the below queries in the bulk deletion job to delete the records.
Query for Sync status:

Query for Batching:

20) How to fix the following error 'No reply address is registered for the application'?

This issue occurs when the Redirect URL has not been added in the redirect section of the Azure App as shown in the below image:

Please follow the below steps to add a redirect URL:
Navigate to Azure App --> Click on Redirect URL.

Click on Add a platform button --> Select Web.

Add the Redirect URL.


After adding the redirect URL, click on Configure button.

Navigate to SharePoint Security Sync App -> Connectors --> Authenticate the connector again.

To know more about this, kindly follow this link.
21) What is the difference between SharePoint Security Sync and Attach2Dynamics?

22) I get the following error while creating an anonymous link of file on Attach2Dynamics UI, how can I resolve this?

This error is due to insufficient permissions on SharePoint. So, you need enable some settings in SharePoint. For more details, please click here.
23) What are the advantages of using the SharePoint Security Sync Tool?
You can use the SharePoint Security Sync Tool to move bulk attachments from CRM to SharePoint.
In order to migrate historical data from the CRM to cloud storage such as SharePoint, we've implemented two distinct options: The Bulk Migration Job and the SharePoint Security Sync Tool.
We have incorporated the Bulk Migration Job feature into our solution to facilitate the migration of historical data from the CRM to respective cloud storage. Bulk Migration Job allowed us to migrate the data between specific time frame.
However, the Bulk Migration Job resides within CRM and is dependent on CRM resources, which may lead to extended migration durations.
To address the need for a faster migration process, we have developed the SharePoint Security Sync Tool. This tool is a Windows tool, so it operates independently of CRM resources. Consequently, it can efficiently migrate large volumes of data within a significantly shorter timeframe.
The SharePoint Security Sync Tool essentially replicates the functionality of the Bulk Migration Job but offers the advantage of speed.
To know more about SharePoint Security Sync Tool, click here.
24) How to identify the number of users in my CRM that will be considered for licensing?
Step 1: Log in to CRM and open the Sales Hub App

Step 2: Click on the Advance Find Option present in the right top corner (shown below)

Step 3: In the search bar, search for “User” keyword. Select the User entity and click on the Continue button

Step 4: Once clicked, a side panel will show up containing default conditions. Clear the condition by selecting “Delete all Filters” and apply the below conditions in the filter section as shown below
a. Status Equal Enabled
b. Access mode Equal Read-Write
c. Restricted Access Mode Equal No
d. Primary Email address Does not Equal [email protected]

Step 5: Add a new related entity condition, where you will find the Security Role option under the Many to many sections as shown below

Step 6: By default, contains data Operator will be selected which will retrieve only those users who have a security role assigned.
Delete the related entity field condition as shown in the screenshot below and then click on the Apply button to provide you with the list of respective users.


25) As a connector authenticated user, what technical step is required after a password change?
Following a password change, a connector authenticated user must interact with the Attach2dynamics User Interface. This action is crucial as it triggers a refresh of the user's authentication tokens or session within the Attach2dynamics connector, ensuring uninterrupted functionality.
26) Which Security-Related Actions in Dynamics 365 CRM Trigger a Permission Sync with SharePoint?
Here are some scenarios which can trigger a permission sync with SharePoint:
Assignment of a Security Role to a User: When a user is assigned a new security role in CRM, they will receive access in SharePoint based on the permissions defined by that role.
Removal of a Security Role from a User: When a security role is removed from a user in CRM, the access previously granted through that role is revoked in SharePoint.
User Added to a Team: When a user becomes a member of a team in CRM, they inherit the team’s access permissions, which are reflected in SharePoint.
User Removed from a Team: When a user is removed from a CRM team, their associated SharePoint permissions through that team are removed.
Modification of a Security Role: If a security role's privileges or definitions are modified in CRM, the changes are synchronized to update access in SharePoint for all associated users.
Record Shared: When a CRM record is explicitly shared with a user or team, SharePoint updates permissions to reflect this sharing.
Record Reassigned: When a CRM record is assigned to a different user or team, the ownership and corresponding SharePoint access are updated accordingly.
Security Role Deleted: When a security role is deleted from CRM, the associated permissions are removed from SharePoint to prevent unauthorized access.
Team Deleted: If a team is deleted in CRM, the corresponding SharePoint group and permissions are also removed.
Role Associated/Dissociated with a Team: When a security role is either linked to or removed from a team in CRM, SharePoint updates access rights for team members accordingly.
New User Added to CRM: When a new user is added in CRM, they are automatically added to the appropriate SharePoint groups based on their roles and team memberships.
User Added/Removed from an Access Team: When a user is added to or removed from an access team tied to a specific record, SharePoint permissions are adjusted for that record.
Unsupported Scenarios
Some changes in CRM do not automatically sync with SharePoint and require manual intervention:
Business Unit (BU) Change: Synchronization is not supported when a user’s Business Unit is changed in CRM.
Creation of a new Business Unit: Groups corresponding to the new Business Unit are not created automatically. You must manually run the tool to create the groups.
Deletion of a Business Unit: When a Business Unit is deleted, the related SharePoint groups and permissions are not removed automatically. You will need to delete them manually.
User Deactivation or Disabling: If a user is deactivated or disabled in CRM, their existing SharePoint access remains unchanged. You must manually revoke their permissions if necessary.
User Reactivation or Enabling: When a previously deactivated or disabled user is reactivated in CRM, the sync tool must be run to reassign them to the appropriate SharePoint groups.
Limitations (Due to SharePoint)
It’s important to be aware of technical limitations on the SharePoint side:
SharePoint Security Scope Limit: SharePoint enforces a limit of 50,000 unique permission entries per list or library. If this limit is exceeded, SharePoint Security Sync will not be able to apply permissions. To avoid reaching this limit, organize documents using the custom folder structure feature available in SharePoint Security Sync. For example, create separate libraries or folders by month, quarter, or year to manage permissions effectively and stay within SharePoint's limits.
For further queries, reach out to us at [email protected]
Last updated
Was this helpful?