{"id":20813,"date":"2025-11-14T11:41:32","date_gmt":"2025-11-14T16:41:32","guid":{"rendered":"https:\/\/securedb.io\/kb\/?p=20813"},"modified":"2026-03-09T08:28:09","modified_gmt":"2026-03-09T13:28:09","slug":"organization-level-asana-integration","status":"publish","type":"post","link":"https:\/\/securedb.io\/kb\/?p=20813","title":{"rendered":"Organization-level Asana Integration"},"content":{"rendered":"\n<p>These settings are required one time per organization and must be completed by an administrator. They allow this system to securely communicate with your company&#8217;s Asana workspace. This section configures how <strong>your entire organization<\/strong> connects SecureDB to Asana\u2019s API. <\/p>\n\n\n\n<p>It does <strong>not<\/strong> connect <em>your<\/em> personal Asana account.  Here&#8217;s how each user can <a href=\"https:\/\/securedb.io\/kb\/?p=20818\" data-type=\"link\" data-id=\"https:\/\/securedb.io\/kb\/?p=20818\">connect their own personal Asana account to SecureDB<\/a>.<\/p>\n\n\n\n<p>Instead, it establishes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>API identity for your organization<\/li>\n\n\n\n<li>Ability to map and sync Asana teams &amp; users<\/li>\n\n\n\n<li>Ability to create and manage webhooks<\/li>\n\n\n\n<li>Backend operations like importing projects<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"891\" height=\"297\" src=\"https:\/\/securedb.io\/kb\/wp-content\/uploads\/ps-asana-org-level-settings.png\" alt=\"\" class=\"wp-image-20814\" srcset=\"https:\/\/securedb.io\/kb\/wp-content\/uploads\/ps-asana-org-level-settings.png 891w, https:\/\/securedb.io\/kb\/wp-content\/uploads\/ps-asana-org-level-settings-300x100.png 300w, https:\/\/securedb.io\/kb\/wp-content\/uploads\/ps-asana-org-level-settings-768x256.png 768w\" sizes=\"auto, (max-width: 891px) 100vw, 891px\" \/><\/figure>\n\n\n\n<p>You must be logged into Asana using an account that has permissions to create an OAuth app from the <a href=\"https:\/\/app.asana.com\/0\/developer-console\" target=\"_blank\" rel=\"noreferrer noopener\">Asana Developers Console<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"839\" height=\"625\" src=\"https:\/\/securedb.io\/kb\/wp-content\/uploads\/asana-developer-console.png\" alt=\"\" class=\"wp-image-20815\" srcset=\"https:\/\/securedb.io\/kb\/wp-content\/uploads\/asana-developer-console.png 839w, https:\/\/securedb.io\/kb\/wp-content\/uploads\/asana-developer-console-300x223.png 300w, https:\/\/securedb.io\/kb\/wp-content\/uploads\/asana-developer-console-768x572.png 768w, https:\/\/securedb.io\/kb\/wp-content\/uploads\/asana-developer-console-583x434.png 583w, https:\/\/securedb.io\/kb\/wp-content\/uploads\/asana-developer-console-691x515.png 691w, https:\/\/securedb.io\/kb\/wp-content\/uploads\/asana-developer-console-542x404.png 542w\" sizes=\"auto, (max-width: 839px) 100vw, 839px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Steps to get your Client ID, Client Secret, and Optional Personal Access Token (PAT):<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Open the Asana Developer Console<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <a>https:\/\/app.asana.com\/0\/developer-console<\/a><\/li>\n\n\n\n<li>Click <strong>\u201c+ New App\u201d<\/strong><\/li>\n\n\n\n<li>Name it (example: \u201cSecureDB Integration\u201d)<\/li>\n\n\n\n<li>Select your organization\/workspace<\/li>\n\n\n\n<li>Create the app<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Retrieve Your Credentials<\/h3>\n\n\n\n<p>Inside your newly created app:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Client ID:<\/strong><br>Visible under the <em>OAuth<\/em> tab \u2192 copy &amp; paste it here.<\/li>\n\n\n\n<li><strong>Client Secret:<\/strong><br>Also inside the <em>OAuth<\/em> tab \u2192 copy &amp; paste it here.<br>(This value is hidden\u2014click \u201cShow Secret.\u201d)<\/li>\n\n\n\n<li><strong>Personal Access Token (PAT):<\/strong><br>Only required if you prefer API access without OAuth.<br>Create under:<br>Developer Console \u2192 <strong>Personal Access Tokens<\/strong><br>Then paste it here.<\/li>\n<\/ul>\n\n\n\n<p>Great \u2014 below are the <strong>remaining steps<\/strong> written in the same step-by-step style as your original content. Paste them directly after your existing Step 2. I kept the tone and formatting consistent and included the exact values and checks your admins will need.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 3: Register Redirect URI and Webhook URL in Asana<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the Asana Developer Console, open your app \u2192 <strong>OAuth<\/strong> (Authorization) settings \u2192 <strong>Redirect URIs<\/strong>.<\/li>\n\n\n\n<li>Add the exact redirect URI used by the application:<code>https:\/\/expand.securedb.io\/asana\/settings <\/code><em>Also add the trailing-slash variant to be safe:<\/em><code>https:\/\/expand.securedb.io\/asana\/settings\/ <\/code><strong>Important:<\/strong> Asana requires an <strong>exact<\/strong> match (scheme, host, path and trailing slash). If your org uses tenant subdomains (for example <code>acme.expand.securedb.io<\/code>), add each tenant\u2019s exact URL (Asana does not accept wildcards).<\/li>\n\n\n\n<li>If you will have Asana call webhooks directly, add the webhook target URL:<code>https:\/\/expand.securedb.io\/asana\/webhook <\/code>(The integration supports an optional prefix at <code>\/asana\/webhook\/{prefix?}<\/code>.)<\/li>\n\n\n\n<li>Save your changes in the Asana console.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 4: Configure OAuth Scopes and Distribution<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Still in the Asana app, open <strong>OAuth \/ Authorization<\/strong> \u2192 <strong>Scopes<\/strong>. You must choose scopes (or enable full permissions) before users can authorize.<\/li>\n\n\n\n<li>Two options:\n<ul class=\"wp-block-list\">\n<li><strong>Full permissions (recommended for simplicity)<\/strong> \u2014 enable <strong>Full permissions<\/strong> (often labelled <code>default<\/code>).<\/li>\n\n\n\n<li><strong>Or granular scopes<\/strong> \u2014 add the recommended minimal scopes below if you prefer to limit permissions:<code>projects:read tasks:read tasks:write users:read teams:read webhooks:write workspaces:read<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Open <strong>Manage distribution<\/strong> and set <strong>Choose a distribution method<\/strong> \u2192 <strong>Any workspace<\/strong> if you want any Asana workspace to be able to connect. If you intentionally restrict installs, add the specific Asana workspace(s) that may install the app \u2014 note this prevents other customers\u2019 Asana workspaces from authorizing.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 5: Copy Client ID \/ Client Secret \/ (Optional) PAT into SecureDB<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In Asana copy the <strong>Client ID<\/strong> and <strong>Client Secret<\/strong> from the OAuth tab.<\/li>\n\n\n\n<li>In SecureDB (Organization-level Asana OAuth Settings): paste <strong>Client ID<\/strong> into <strong>Asana Client ID<\/strong>, paste <strong>Client Secret<\/strong> into <strong>Asana Client Secret<\/strong>, and (optionally) paste a <strong>Personal Access Token (PAT)<\/strong> if you want company-level API access without per-user OAuth. The PAT will be used as a fallback for backend operations.<\/li>\n\n\n\n<li>Click <strong>Save Asana Settings<\/strong>. The application will store the credentials and then attempt to verify the connection; if a PAT is present it will be preferred for API calls, otherwise it will attempt to use an admin user\u2019s OAuth token.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 6: Complete the Connect \/ Authorize Flow<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>After saving, SecureDB will indicate whether it <strong>requires connection<\/strong> and provide a <strong>Connect \/ Authorize<\/strong> link. Click that link to open the Asana consent screen and approve the app. (If the UI shows a message and <code>connect_url<\/code>, SecureDB will redirect you into Asana.)<\/li>\n\n\n\n<li>Asana will redirect back to:<code>https:\/\/expand.securedb.io\/asana\/settings <\/code>The application exchanges the <code>code<\/code> for an access token using the same <code>redirect_uri<\/code> value. If the registered redirect URI does not match exactly, Asana will reject the request.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step 7: Verify and Test<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Use the SecureDB Asana settings page <strong>Quick Actions<\/strong>: <em>View Workspaces<\/em>, <em>View Projects<\/em>, or <em>Load Teams<\/em> to confirm the API calls succeed and the integration can list Asana data. If these returns lists of workspaces\/projects\/teams you are connected.<\/li>\n\n\n\n<li>Verify webhook accessibility using the built-in test handshake or by creating a test webhook in the Asana app and confirming SecureDB receives the handshake. The application exposes a webhook test endpoint and the public webhook endpoint (<code>\/asana\/webhook<\/code>) must be reachable by Asana.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>Troubleshooting \u2014 quick fixes for common errors<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Error: <code>The 'redirect_uri' parameter does not match a valid url for the application.<\/code><\/strong><br><em>Cause\/fix:<\/em> The redirect you registered in Asana does not match exactly the redirect used by the app. Add <code>https:\/\/expand.securedb.io\/asana\/settings<\/code> (and the trailing slash variant) to Asana and save.<\/li>\n\n\n\n<li><strong>Error: <code>Your app does not have any scopes registered.<\/code><\/strong><br><em>Cause\/fix:<\/em> Scopes are missing in the Asana app settings. Either enable <strong>Full permissions<\/strong> (<code>default<\/code>) or add the recommended granular scopes in Step 4. After saving scopes, re-run the Connect flow.<\/li>\n\n\n\n<li><strong>Error: <code>Authentication failed. Your token may have expired.<\/code><\/strong><br><em>Cause\/fix:<\/em> OAuth token expired and could not be refreshed. Reconnect the user (or disconnect &amp; reconnect) or configure a company PAT so the application can operate without per-user OAuth. The application will attempt to refresh tokens automatically, but when refresh fails it prompts reconnect.<\/li>\n\n\n\n<li><strong>Webhook unreachable \/ handshake failure<\/strong><br><em>Cause\/fix:<\/em> Asana cannot reach <code>https:\/\/expand.securedb.io\/asana\/webhook<\/code>. Ensure firewall and DNS allow public access and test the webhook handshake endpoint. The app excludes the webhook URL from CSRF so Asana\u2019s handshake will succeed if reachable.<\/li>\n\n\n\n<li><strong>Proxy \/ SSL \/ Unsupported SSL request errors<\/strong><br><em>Cause\/fix:<\/em> Corporate proxy or SSL inspection may block the token exchange. Confirm the server can make outbound TLS connections and configure <code>ASANA_PROXY<\/code> \/ proxy settings if necessary; check logs for the SSL\/proxy diagnostic message surfaced by the token exchange.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Paste those values into the <a href=\"https:\/\/securedb.io\/kb\/?p=20799\" data-type=\"link\" data-id=\"https:\/\/securedb.io\/kb\/?p=20799\">Asana Integration<\/a> inputs and click <strong>Save Asana Settings<\/strong> at the bottom.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>These settings are required one time per organization and must be completed by an administrator. They allow this system to securely communicate with your company&#8217;s Asana workspace. This section configures [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":20822,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_helpful_status":1,"footnotes":""},"categories":[36],"tags":[189,34,42],"class_list":["post-20813","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-admin","tag-integration","tag-projects","tag-tasks"],"wps_subtitle":"","_links":{"self":[{"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=\/wp\/v2\/posts\/20813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=20813"}],"version-history":[{"count":4,"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=\/wp\/v2\/posts\/20813\/revisions"}],"predecessor-version":[{"id":20922,"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=\/wp\/v2\/posts\/20813\/revisions\/20922"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=\/wp\/v2\/media\/20822"}],"wp:attachment":[{"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=20813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=20813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securedb.io\/kb\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=20813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}