Integration principles
Every integration follows four rules: least-privilege OAuth scopes, Customer-controlled consent at the workspace level, no persistent copies of source-system data beyond cache-with-TTL, and one-click disconnect that revokes tokens and clears caches.
Authentication model
Integrations use OAuth 2.0 / OIDC with PKCE against the Customer's identity provider wherever possible. Service accounts and API keys are stored in our envelope-encrypted secret manager, scoped to a single workspace and rotated on a defined cadence. Federated identity (SAML, OIDC) is preferred over long-lived API keys.
Data flows
Integration data flows are summarised in the matrix below. Every inbound and outbound call is logged in the workspace audit log with caller identity, scope and outcome.
Synchronization
Most integrations operate on-demand or via webhook-driven incremental sync. Where scheduled polling is required (typically ERP), the cadence is configurable per Customer and bounded by source-system rate limits. Sync state is kept in workspace-scoped tables.
Processing boundaries
TrackProject processes integration data solely to deliver the configured workflow. We do not copy source-system data into shared analytics, do not train AI models on it, and do not transmit it to subprocessors outside the documented chain.
Customer ownership
Source-system data remains the property of the source system; integration metadata remains the property of the Customer. Disconnecting an integration revokes tokens, deletes cached source data within 30 days and removes integration metadata when the workspace is deleted.
Customer-controlled access
Workspace administrators can connect, reconnect, restrict scopes or disconnect any integration at any time from the integration settings page.
Productivity
| Vendor | Scopes | Data in | Data out | Customer control |
|---|---|---|---|---|
| Microsoft 365 | Files.Read, Calendars.Read, Mail.Send (optional) | Documents, calendar events (on demand) | Notifications, document links | Per-workspace OAuth consent; admin can disconnect. |
| SharePoint | Sites.Selected, Files.ReadWrite.Selected | Drawings, documents (on demand) | Generated reports, exports | Site-scoped via Graph; admin picks sites. |
| OneDrive | Files.ReadWrite.AppFolder | User-selected files (on demand) | Generated exports to app folder | User-controlled file picker; app folder isolation. |
| Google Drive | drive.file (per-file access) | User-selected files (on demand) | Generated exports to picked folder | Per-file consent via Picker API; no broad scope. |
Messaging
| Vendor | Scopes | Data in | Data out | Customer control |
|---|---|---|---|---|
| Microsoft Teams | ChannelMessage.Send, Chat.ReadWrite | Channel metadata only | Workflow notifications, AI summaries, approvals | Channel-scoped; admin selects channels. |
| Slack | chat:write, channels:read | None | Workflow notifications, AI summaries | Channel-scoped; admin disconnect. |
Identity
| Vendor | Scopes | Data in | Data out | Customer control |
|---|---|---|---|---|
| Microsoft Entra ID | openid, profile, email (+ SAML attributes) | Authenticated identity, group claims | None | Customer-managed IdP; SAML/OIDC metadata exchange. |
| Google Workspace | openid, profile, email | Authenticated identity | None | Customer-managed IdP. |
| Okta | SAML 2.0 / OIDC | Authenticated identity, group claims | None | Customer-managed IdP. |
Construction
| Vendor | Scopes | Data in | Data out | Customer control |
|---|---|---|---|---|
| Autodesk Construction Cloud | data:read, data:write (per project) | BIM, drawings, sheets, issues (on demand) | Issues, RFIs (when configured) | Project-scoped OAuth; admin disconnect. |
| Autodesk Docs | data:read, account:read (per hub) | Folder tree, drawings, sheets | Updated metadata, transmittals | Hub/project-scoped OAuth; admin disconnect. |
| Autodesk Tandem | data:read, data:write (per facility) | Facility model, asset metadata, parameters | Twin sync updates, asset status | Facility-scoped OAuth; admin disconnect. |
| Procore | Read project, drawings, RFIs, daily logs | Projects, drawings, RFIs, daily logs | Status updates (optional) | Project-scoped OAuth; admin disconnect. |
| Oracle Primavera P6 | Read schedules, activities, baselines (REST/EPPM) | Schedules, activities, baselines | Status updates (optional) | Service account in Customer tenant. |
ERP
| Vendor | Scopes | Data in | Data out | Customer control |
|---|---|---|---|---|
| SAP | Read purchase orders, deliveries (OData) | POs, deliveries (scheduled sync) | None by default | Service account in Customer tenant. |
| Oracle ERP Cloud | Read purchase orders, suppliers | POs, suppliers (scheduled sync) | None by default | Service account in Customer tenant. |
Service Mgmt
| Vendor | Scopes | Data in | Data out | Customer control |
|---|---|---|---|---|
| Jira | read:jira-work, write:jira-work | Linked tickets | Issue creation, comments | Per-workspace OAuth; project allow-list. |
Developer
| Vendor | Scopes | Data in | Data out | Customer control |
|---|---|---|---|---|
| GitHub | repo:read, issues:write (per repo) | Issues, releases, repo metadata | Issue creation, comments, status checks | Per-repo install of GitHub App; admin disconnect. |