Forum Discussion
SPO - Guests inviting Guests - No AAD guest account created
Hi All, This lies across two products Azure B2B and SPO. I'm looking to test the "Allow Guests to Share items they don't own" global SPO control. I've noted with New and Existing Guests o...
Hi Miike ,
What are the emails from those guest accounts (domains)? Users who do not have Microsoft accounts usually have to enter a passcode to view the document.
check it out here: One-time passcode authentication for B2B guest users - Azure AD | Microsoft Docs
Hi Adin_Calkic,
No issues when testing with guest users and happy generally with Azure B2B integration into SPO/OD4B sharing. Upon tenant members sharing content with external guest users, their AAD account is created via the integration in an invitation pending state until the recipient logs in and completes the workflow to access the required item.
So it looks like this currently:
Tenant User ----> Guest User (Gmail) ----> Document
(Account is created at sharing time in Azure AD awaiting Invitation acceptance)
Then that Guest User is trying to share a document they don't own, given the global external sharing settings this is allowed. They can send an invitation to another guest user.
External User (Gmail) ---> Share File ---> External User (Microsoft Account) ---> Login error (Post Auth to 365).
It's the standard error with an account missing from AAD: User account from identity provider does not exist in tenant and cannot access the application. I expected the behind the scenes provisioning to work when initiated by guests but this could be by design to prevent abuse of sharing to guests who don't already have a tenant account. Just checked AAD ~10 hours later, the guest account hasn't been provisioned, so I don't think its a sync delay.
It's likely a niche scenario!
No issues when testing with guest users and happy generally with Azure B2B integration into SPO/OD4B sharing. Upon tenant members sharing content with external guest users, their AAD account is created via the integration in an invitation pending state until the recipient logs in and completes the workflow to access the required item.
So it looks like this currently:
Tenant User ----> Guest User (Gmail) ----> Document
(Account is created at sharing time in Azure AD awaiting Invitation acceptance)
Then that Guest User is trying to share a document they don't own, given the global external sharing settings this is allowed. They can send an invitation to another guest user.
External User (Gmail) ---> Share File ---> External User (Microsoft Account) ---> Login error (Post Auth to 365).
It's the standard error with an account missing from AAD: User account from identity provider does not exist in tenant and cannot access the application. I expected the behind the scenes provisioning to work when initiated by guests but this could be by design to prevent abuse of sharing to guests who don't already have a tenant account. Just checked AAD ~10 hours later, the guest account hasn't been provisioned, so I don't think its a sync delay.
It's likely a niche scenario!
