Forum Discussion
Sharing Folders with External Users spams Organization Login Prompts
In OneDrive, I can create a sharing link for a folder and set the link so "Anyone with the link can edit". I assume this means that even users outside my organization can edit the folders and files within the shared folder.
If I test this with an external account, I'm able to edit the files and folders. However, I'm periodically prompted with a Microsoft login pop-up window. I can ignore/close the login prompt and continue editing the files. However, the login prompt keeps popping up periodically, including every time I refresh the screen. If I try to log in with the external user account, it gives me an error saying I'm not part of the tenant and I need to be added as an external user to the tenant. But then I can still close that and continue editing the files.
If I send the invite link for a folder via a graph API call, I'm forced to set the "requireSignIn" property to True in the body of the request. If I set it to False, I get an error:
RequireSignIn cannot be false for folders
I do not run into the same issue when sharing files. Whether I create the link in OneDrive UI or via the API, the external user does not get hit repeatedly with login prompts.
Am I doing something wrong or is this a bug? If sharing a folder is not allowed outside an organization, why does it allow me to create a sharing link where "Anyone with the link can edit"? And why is the external user still able to edit the files despite the repeated login prompts?
14 Replies
I had previously given up on this issue as I was getting nowhere with MS support. However, many of my company's clients are getting frustrated with the confusion this is causing in their own sharing activities, so I have opened up another ticket with MS support. I had a call with a support rep, which I will summarize below:
- Support rep explained that there are two reasons the login prompts appear when sharing OneDrive folders:
- Link recipient has O365 credentials stored in their browser. When they access the shared folder, O365 tries to automatically log them in with their stored credentials. That doesn't work (because their account isn't part of the organization), so the pop-up appears prompting them to log in.
- There are multiple different levels of access/permissions on the shared folder, which creates a conflict. O365 has trouble determining who is accessing the folder and what permissions they should have, so it prompts the user to log in.
- The support rep explained that there are two "workarounds" to the problem
- Always access shared folders in a private (incognito) browser session.
- Create a guest account on your tenant for each user that you share the folder with. This requires sending an invitation by email to the person you're sharing with, and having them accept the invitation. I believe they are required to have their own O365 account. Once the guest account is created, you must re-share the folder with the user's guest account. Now, if the guest uses the new sharing link, they will not receive the login prompt.
- I explained that these workarounds are not sufficient for our purposes and do not address what I see as a significant bug in the OneDrive sharing model. Microsoft is advertising these sharing links as being able to share with "anyone", and yet the login prompts make it appear as though you need to be part of the folder owner's organization in order to access the folder at all. This is creating confusion and a sense of unprofessionalism with many of my company's clients, who are considering going with a different storage service altogether. When you are sharing OneDrive folders regularly with many different people - as our clients are - it is not reasonable to coordinate these workarounds with each link recipient. It should be Microsoft's responsibility to provide a solution to this issue.
- The Microsoft support rep said he would discuss with his dev team again. I asked him to keep me updated.
- Furthermore, after the support call I was able to reproduce the issue in a manner that refutes the supposed causes of the bug: I shared a folder with an anonymous link and there are no other access permissions or links on that folder. I accessed the folder via the anonymous link in a private browser session. I still got the login prompt, even though there should not have been any permissions conflicts and there were no O365 credentials stored in the browser since I was using incognito mode.
I finally made some progress in getting this issue addressed by Microsoft. I've been working with a new support ticket for a couple months now. They've resolved most of the issues and there's just one remaining edge case I'm trying to get resolved.
How it works now:
- If you have no O365 profile info saved in your browser (or you're in private browsing), you are not prompted to log in anymore.
- If you do have O365 profile info saved in your browser, you are prompted to log in with your O365 account. However, now it doesn't throw an error if you log in with an account that is not part of the organization that owns the shared resource. Once you've logged in, it does not ask you to log in again.
The last issue I'm trying to get resolved:
- If you access a sharing link that was shared with your specific email, and your email is not an O365 account - you still get the login prompt every time you view a PDF file within the shared folder. There is no way to get the prompts to stop, since you do not have an O365 account to log in with. Hopefully this one will be resolved soon as well!
fstephane Problem is unchanged for us also. This is a major problem and will very likely cause us to move off the Microsoft platform as our primary data store. Did you have to do anything to get the new improved behavior or did it just start working for you? IF we could get to the point you are we'd be much less likely to exit the MS platform.
Private window still never works, continuing to prompt for host tenant credentials.
Trying to login with credentials from another tenant account throws the error:
That didn't work
We're sorry but (other user account) can't be found in the (hosting tenant) directory. Please try again later while we try to automatically fix this for you.Here are a few ideas:
...(none of which work)
...Issue type: User not in directory
- Support rep explained that there are two reasons the login prompts appear when sharing OneDrive folders:
We're having about the same behavior using OneDrive for business. We shared a folder with external users using their email addresses, where when they got the shared folder email from OneDrive they click the open button and get to the shared folder as normal.
We've been using this from November and about a week ago every time a shared user tries to view the shared folder, when they enter the folder they get a popup to enter their login information from OneDrive, even though they are connected using the link from the shared folder email. If they close the popup they can upload, delete, edit documents, but every now and then they get the poup again, which is very annoying for the user.
Has anything changed from OneDrive? This is very frustrating...Not to my knowledge. It seems like it's been resolved in certain environments, but I still get it regularly in Chrome.
It was becoming too onerous to deal with Microsoft support on this, so we will just advise our clients to block the login pop ups if they are a problem.
