Introduction

K2 for SharePoint Online integration requires that ASPX pages be uploaded to the https://yoursharepointsite/K2Pages document library. The AddAndCustomizePages SharePoint right required to upload pages is governed by the Custom Script setting on the site collection. For more information about this, see http://go.microsoft.com/fwlink/?LinkId=397546.

SharePoint Online has turned Custom Script setting OFF by default for personal sites, self-service created sites, root sites, and ‘modern’ sites. The K2 for SharePoint app detects that the Custom Script setting is off in the Registration Wizard, Manage App Activations, and Activate Site Collection pages, and will attempt to capture credentials to temporarily turn this setting on for uploading the pages as shown in the following images.

Registration Wizard

The warning you receive in the Registration Wizard may be slightly different depending on the path taken when it is detected, but the resolution is the same.
This is the text when using the K2 for SharePoint application when you install K2 for SharePoint with the K2 Setup Manager (K2 Five) or with K2 Operations (K2 Cloud).

Image

This is the text when using the K2 for SharePoint application from the SharePoint Store.
Image

Manage App Activations

The Manage App Activations page automatically detects the Custom Script setting is off and shows the SmartForms Pages Upload dialog when you click the link in the error message.
Image

Activate Site Collection

The Activate Site Collection page automatically detects the Custom Script setting is off and shows the SmartForms Pages Upload dialog when you click the link in the error message.
Image

SmartForms Pages Upload Dialog

The SmartForms Pages Upload dialog allows you to specify your admin site URL and credentials which are used to turn the Custom Script setting on, temporarily, to upload the SmartForms pages required for integration.
Image

K2 Five and K2 Cloud automatically show the dialog, reducing the need to click the link.

Multi-Factor Authentication and Special Characters Issue when using Dialog

The dialog does not support credentials with multi-factor authentication enabled or passwords with special characters which results in one of the following errors.

“The sign-in name or password does not match one in the Microsoft account system. System.Management.Automation.Interpreter”

“Could not connect to SharePoint Online.System.Management.Automation.Interpreter.InterpretedFrameInfo : System.Management.Automation.Interpreter.InterpretedFrameInfo[]”

To resolve this issue of not being able to use the dialog to temporarily turn the Custom Script setting on, use one of the manual workarounds below.

Workarounds

The workaround for the issue with multi-factor authentication and special characters involves manually configuring the Custom Script setting temporarily to complete the Registration Wizard and/or Manage Site Activations process. This can be done via the SharePoint administration pages or PowerShell scripts.

Option 1: Use PowerShell to turn the Custom Script setting on

This workaround is the recommended way to turn the setting on since the change is applied immediately.

  1. Download the latest SharePoint Online Management Shell https://go.microsoft.com/fwlink/p/?LinkId=255251
  2. Connect to SharePoint Online as a global admin or SharePoint admin in Office 365. To learn how, see Getting started with SharePoint Online Management Shell https://go.microsoft.com/fwlink/?linkid=869066
  3. Run the following commands

Connect-SPOService -Url https://{yourtenant}-admin.sharepoint.com -Credential admin@yourtenant.onmicrosoft.com

Get-SPOsite https://{yourtenant}.sharepoint.com/sites/{yoursite} | fl *

Set-SPOsite https://{yourtenant}.sharepoint.com/sites/{yoursite} -DenyAddAndCustomizePages 0

  1. Re-run the Registration Wizard, Manage App Activations and/or Activate Site Collection.
  2. Once the site has been activated and the pages uploaded, you can safely revert the Custom Script setting with the following commands.

Connect-SPOService -Url https://{yourtenant}-admin.sharepoint.com -Credential admin@yourtenant.onmicrosoft.com

Get-SPOsite https://{yourtenant}.sharepoint.com/sites/{yoursite} | fl *

Set-SPOsite https://{yourtenant}.sharepoint.com/sites/{yoursite} -DenyAddAndCustomizePages 1

  1. Once complete, revert the setting and/or Manage App ActicRun the following commands

Option 2: Use the SharePoint Administration Pages

This workaround may take up to 24 hours to take effect.

  1. Open SharePoint Admin Center (https://{yourtenant}-admin.sharepoint.com/) and navigate to the Settings page.
  2. Scroll down to the Custom Scripts section and enable scripts for either personal sites or self-service created sites.

Image

Image

Click “Go to the classic SharePoint admin center” if the Settings page does not contain the Custom Scripts section. Also, the self-service created sites option applies to ‘modern’ sites as well.
  1. Once the setting has taken effect, re-run the Registration Wizard, Manage App Activations and/or Activate Site Collection.
  2. Once the site has been activated and the pages uploaded, you can safely turn the Custom Script setting off.

Troubleshooting

You can also test the effects of this setting by logging into the target SharePoint site as the tenant administrator and then attempting to upload any ASPX file to the https://{yourtenant}.sharepoint.com/K2Pages document library. If this results in an error such as the following then Custom Scripts have not been enabled.

Access Denied: Before opening files in this location, you must first add the web site to your trusted sites list, browse to the web site, and select the option to login automatically.

Image