Intermediate

ShareFile Secure Client Document Exchange

When a client uploads a document to a Citrix ShareFile folder, the flow copies it to the matching client's SharePoint workspace, logs the exchange to Dataverse, and notifies the account manager in Outlook. Outbound: documents dropped in a SharePoint 'to client' folder are pushed to ShareFile and the client emailed a secure link.

HTTPSharePointOffice 365 OutlookMicrosoft Dataverse

Unique name

FlowLibsShareFileSecureClientDocumentExchange

Publisher

FlowLibs (flowlibs)

Version

1.0.0.0

Components

13 env vars + 1 cloud flow

Request access

Provided as-is, without warranty of any kind. Review and test each pattern in a non-production environment before deploying it to live automations. See our Terms.

Report an issue with this flow

What it does

Overview

This solution runs a two-way secure document exchange between Citrix ShareFile (client-facing) and SharePoint (internal staff workspace), with a full Dataverse audit trail and Outlook notifications.

Inbound — a client uploads a file to a ShareFile folder; the flow copies it into the matching client's SharePoint workspace, logs the exchange to Dataverse, and emails the account manager. Outbound — staff drop a file into a SharePoint "to client" library; the flow uploads it to ShareFile, creates a secure share link, emails the client, and logs the exchange.

Why it matters: ShareFile is built for secure external file exchange; SharePoint is where internal teams collaborate. Bridging the two gives clients a secure portal while staff stay in Microsoft 365, with a complete audit trail. The Citrix ShareFile connector is not available in this environment, so every ShareFile interaction uses the built-in HTTP action against the ShareFile REST API v3, with all credentials and IDs bound to flowlibs_ environment variables; SharePoint, Outlook and Dataverse remain connector-first. Both flows pass Flow Checker with 0 errors / 0 warnings.

Why you'd use it

Use Case

Professional-services and finance teams exchange sensitive documents with clients via ShareFile but collaborate internally in SharePoint. They want files moved between the two automatically, with logging and notifications, so clients get a secure portal while staff never leave Microsoft 365.

Step-by-step

Flow Architecture

Outbound trigger — When a file is created

SharePoint — GetOnNewFileItems (to-client library, poll 5 min, splitOn file)

Fires per new file dropped into the to-client SharePoint library; the inbound companion flow polls ShareFile on a 15-minute Recurrence.

Initialize + ShareFile Hosts

Initialize Variable

Mint a guid() correlation id and build the ShareFile API host (sf-api.com) and token host (sharefile.com) from the subdomain.

Get ShareFile Token

HTTP — POST (OAuth2 password grant)

Get the ShareFile bearer token and hold it for the REST calls.

Inbound: List & Copy Files

HTTP GET Items/Children + Query + Dataverse ListRecords + HTTP download + SharePoint CreateFile

Poll the ShareFile inbound folder, keep only files, dedup against the audit log, then download new files and copy them into the client's SharePoint workspace.

Inbound: Log + Notify

Compose + Microsoft Dataverse — CreateRecord + Office 365 Outlook — SendEmailV2

Log the inbound exchange to Dataverse and email the account manager.

Outbound: Read & Upload

SharePoint GetFileContent + HTTP POST Upload2 + HTTP POST ChunkUri

Read the outbound SharePoint file and stream the bytes to ShareFile via an Upload2 ChunkUri.

Outbound: Secure Share + Email

HTTP GET/Query + Compose + HTTP POST Shares + Office 365 Outlook — SendEmailV2

Find the uploaded item, create a secure ShareFile share link (ShareType Send), and email the client the link.

Outbound: Log Exchange

Compose + Microsoft Dataverse — CreateRecord

Write the outbound exchange to the Dataverse audit table.

Solution config

Environment Variables

Schema name	Type	Default	Description
flowlibs_ShareFileSubdomain	String	your-subdomain	ShareFile account subdomain (builds both hosts).
flowlibs_ShareFileClientId	String	<configure>	OAuth2 client_id.
flowlibs_ShareFileClientSecret	String	<configure>	OAuth2 client_secret.
flowlibs_ShareFileUsername	String	<configure>	Service-account username (password grant).
flowlibs_ShareFilePassword	String	<configure>	Service-account password (password grant).
flowlibs_ShareFileInboundFolderId	String	<configure>	Client upload folder (inbound poll).
flowlibs_ShareFileOutboundFolderId	String	<configure>	Push target folder (outbound).
flowlibs_SharePointSiteURL	String	https://your-tenant.sharepoint.com	SharePoint site for the exchange.
flowlibs_ClientWorkspaceLibrary	String	/Client Workspace	Inbound destination library path.

Auth dependencies

Connectors & Connections

Connector	API name	Actions used
HTTP	http	POST OAuth token GET Items/Children GET Items/Download POST Items/Upload2 POST Shares
SharePoint	shared_sharepointonline	GetOnNewFileItems GetFileContent CreateFile
Office 365 Outlook	shared_office365	SendEmailV2
Microsoft Dataverse

Tweaks & variations

Customization Guide

Almost every realistic variant of this flow can be implemented by changing environment variable values. A few cases require small edits inside the flow definition — those are called out explicitly below.

Client routing: Replace the single flowlibs_DefaultClientEmail and fixed folders with a per-client lookup (e.g. a Dataverse mapping table) so each client's files route to the correct ShareFile folder and SharePoint site.
DLP / malware scan: Add a scan step before the internal copy or the outbound upload.
Expiring links: The outbound share already sets a 14-day ExpirationDate; tune MaxDownloads and RequireLogin per policy.
Native connector: If Citrix ShareFile is added to the tenant, swap the HTTP actions for the connector's trigger / DownloadFile / UploadFile / CreateShareLink actions.
Polling cadence: Adjust the inbound Recurrence (15 min) and outbound SharePoint trigger (5 min) to taste.

Helpers & literals

Key Expressions

The flow is intentionally light on Power Fx / WDL gymnastics — the heaviest expressions are the branch-name concatenation and the approval outcome check. They are listed below in the order they appear in the flow.

EXPR.01ShareFile API host

Build the ShareFile REST host from the subdomain.

workflow definition language

@{concat('https://', parameters('EnvVar_ShareFileSubdomain'), '.sf-api.com')}

EXPR.02OAuth token (password grant)

Form-urlencoded token body (values encodeUriComponent-wrapped).

workflow definition language

grant_type=password&client_id=…&client_secret=…&username=…&password=…

EXPR.03Bearer header

Authorization header for ShareFile REST calls.

workflow definition language

@{concat('Bearer ', variables('varAccessToken'))}

EXPR.04Inbound dedup filter

Skip items already logged for the inbound copy.

workflow definition language

flowlibs_sharefileitemid eq '@{items('For_Each_File')?['Id']}'

EXPR.05Uploaded item id

ShareFile item Id of the just-uploaded file.

workflow definition language

@first(body('Filter_Uploaded_Item'))?['Id']

EXPR.06Secure link

Secure share Uri returned by Create Secure Share.

workflow definition language

@body('Create_Secure_Share')?['Uri']

Make it yours

Customize & download

Generate a ready-to-import copy of this solution with your environment-variable values baked in — available on Base, Pro, or Team.

Upgrade to customize

Overview

Use Case

Flow Architecture

Outbound trigger — When a file is created

Initialize + ShareFile Hosts

Get ShareFile Token

Inbound: List & Copy Files

Inbound: Log + Notify

Outbound: Read & Upload

Outbound: Secure Share + Email

Outbound: Log Exchange

Environment Variables

Connectors & Connections

Customization Guide

Key Expressions

EXPR.01ShareFile API host

EXPR.02OAuth token (password grant)

EXPR.03Bearer header

EXPR.04Inbound dedup filter

EXPR.05Uploaded item id

EXPR.06Secure link

Customize & download

Comments