# Asana SureCloud connects to Asana to retrieve tasks, projects, and portfolio data from your Asana workspace. This allows SureCloud to track the completion status of compliance action items, audit remediation tasks, and control review activities managed in Asana — providing evidence that risk and compliance tasks are being actively monitored and resolved. ## Authentication and setup Asana supports OAuth 2.0 for third-party integrations. SureCloud connects via the Asana OAuth flow. {% hint style="info" %} SureCloud uses OAuth 2.0 for this integration. No credentials are stored — access is maintained via a refresh token that SureCloud rotates automatically. {% endhint %} {% stepper %} {% step %} ### Initiate the connection in SureCloud Navigate to **SureCloud → Integrations → Asana → Connect** and click **Authorise with Asana**. SureCloud will redirect you to the Asana authorisation page. {% endstep %} {% step %} ### Select your workspace Log in to Asana with an account that has access to the relevant projects and portfolios. If your organisation has multiple Asana workspaces or organisations, select the one containing your compliance and remediation projects. Approve the requested scopes and click **Allow**. {% endstep %} {% step %} ### Return to SureCloud After authorisation, you will be redirected back to SureCloud with the integration status updated to **Connected**. Click **Test Connection** to confirm access. {% endstep %} {% endstepper %} ## Endpoints | API Call | Use Case | | ------------------------------------------- | ----------------------------------------------------------------------------------- | | `GET /api/1.0/workspaces` | Enumerate accessible workspaces | | `GET /api/1.0/projects` | List projects to identify compliance and remediation work streams | | `GET /api/1.0/projects/{project-gid}/tasks` | Retrieve all tasks within a compliance project including status and assignee | | `GET /api/1.0/tasks/{task-gid}` | Retrieve individual task detail including due date, completion status, and subtasks | | `GET /api/1.0/portfolios` | List portfolios to track compliance initiative status at a program level | | `GET /api/1.0/users` | Enumerate workspace members and their roles | | `GET /api/1.0/teams` | Retrieve team structure for scoping task ownership | ## Pagination `GET /api/1.0/projects/{project-gid}/tasks` and other list endpoints use offset-based pagination. SureCloud uses the `next_page.offset` value from each response as the `offset` parameter in the next request, continuing until `next_page` is absent. ```json GET /api/1.0/projects/{project-gid}/tasks?limit=100&offset= ``` `GET /api/1.0/workspaces` and `GET /api/1.0/teams` return complete result sets in a single response for most organisations. ## Required permissions / scopes SureCloud requests the following OAuth scopes from Asana: | Scope | Purpose | | --------- | ------------------------------------------------------------------------------------- | | `default` | Read access to tasks, projects, users, and workspaces the authorising account can see | Asana's OAuth default scope provides read access to all resources visible to the authorising user. No elevated or admin scopes are required. Ensure the authorising account has access to the relevant compliance and remediation projects. ## Polling frequency | Data Type | Interval | | --------------------------- | -------------- | | Tasks and completion status | Every 6 hours | | Projects and milestones | Every 24 hours | | Portfolio status | Every 24 hours | | Workspace members and teams | Every 24 hours | ## Troubleshooting
OAuth authorisation fails or no workspaces appear after connecting This can occur if the authorising account does not belong to the expected Asana organisation, or if the account is a guest user with limited visibility. Confirm the account used is a full member of the Asana organisation containing your compliance projects, and retry from **SureCloud → Integrations → Asana → Connect**.
Some projects or tasks are missing from SureCloud SureCloud can only collect projects and tasks visible to the authorising user. If a project uses private permissions in Asana, the authorising account must be a member of that project to access it. Add the account to the relevant private projects in Asana and trigger a manual refresh in SureCloud.
Completed tasks are not appearing in SureCloud Asana's task list endpoints return incomplete tasks by default. SureCloud explicitly requests completed tasks as well, but if a task was completed outside the SureCloud lookback window, it may not be included. For historical evidence of task completion, query tasks directly in the Asana console or extend the lookback window via SureCloud Support.
Multiple workspaces — only one is returning data SureCloud collects data from the workspace selected during OAuth authorisation. If your compliance tasks span multiple Asana workspaces, each workspace requires a separate SureCloud connection. Contact SureCloud Support to configure multiple Asana connections for your account.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://surecloud.gitbook.io/surecloud-docs/integrations/ccm-and-evidence-collection-integrations/asana.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.