Forum Discussion
Solved
E-Signature cannot add external people as recipients for requests
Hi there,
I am facing the following issue.
I am testing the E-Signature in my tenant and whenever I try to add recipients from outside my org I get the following error message:
"Your admin does not allow signature requests to be sent to new guests"
I am aware that e-signature access rights are based on site settings, folder settings etc.
But external sharing is already set to "new and existing guests" for the SPO site. No Policies are active in our tenant either that could restrict it.
Where can I check the setting to fix the aforementioned error message?
I appreciate any input!
1. Convert to internal approval:
Download the document → send it via email to an external user for signing
Re-upload the signed document
2. Use shared links:
powershell
Set-SPOSite -Identity <SiteURL> -SharingCapability ExternalUserSharingOnly
3. Enable external user participation
powershell
Connect-SPOService -Url https://contoso-admin.sharepoint.com
Set-SPOSite <SiteURL> -ConditionalAccessPolicy AllowLimitedAccess
4. Configure signature policy
powershell
Set-SiteSignaturePolicy -Site <SiteURL> -ConditionalAccessPolicy AllowLimitedAccess
-AllowExternalRecipients $true
-RequireSignIn $false
5. Azure AD B2B Settings
powershell
New-AzureADPolicy -Definition @(‘{’B2BManagementPolicy‘:{’InvitationsAllowed‘:true}}’)
-DisplayName ‘AllowExternalSigners’
-Type ‘B2BManagementPolicy’
6. Enterprise Deployment Scenarios
Create a dedicated external signers group
powershell
New-UnifiedGroup -DisplayName ‘External Signers’ -AccessType Public
-AccessType Public
-AutoSubscribeNewMembers $true
7. Power Automate process transformation
yaml
actions.
- type: ‘RequestSignature’
inputs: -AutoSubscribeNewMembers $true
recipients: ‘${triggerBody(’external_email‘]}’)
- email: ‘${triggerBody()[’external_email‘]}’
authenticationType: ‘None’
8. Compliance Configuration
powershell
Set-IRMConfiguration -ExternalSignatureTypes @(‘All’)
9. Check the external share status:
powershell
Get-SPOSite <SiteURL> | fl SharingCapability, ConditionalAccessPolicy
10. Verify the organisation relationship:
powershell
Get-OrganisationRelationship | where {$_.DomainNames -like ‘*external.com*’}
11. Audit log analysis:
powershell
Search-UnifiedAuditLog -RecordType SharePointSharingOperation
Step 5 Checking our B2B Settings helped me, I had to Enable B2B Azure Integration by setting it to true via PowerShell
Thank you!
1. Convert to internal approval:
Download the document → send it via email to an external user for signing
Re-upload the signed document
2. Use shared links:
powershell
Set-SPOSite -Identity <SiteURL> -SharingCapability ExternalUserSharingOnly
3. Enable external user participation
powershell
Connect-SPOService -Url https://contoso-admin.sharepoint.com
Set-SPOSite <SiteURL> -ConditionalAccessPolicy AllowLimitedAccess
4. Configure signature policy
powershell
Set-SiteSignaturePolicy -Site <SiteURL> -ConditionalAccessPolicy AllowLimitedAccess
-AllowExternalRecipients $true
-RequireSignIn $false
5. Azure AD B2B Settings
powershell
New-AzureADPolicy -Definition @(‘{’B2BManagementPolicy‘:{’InvitationsAllowed‘:true}}’)
-DisplayName ‘AllowExternalSigners’
-Type ‘B2BManagementPolicy’
6. Enterprise Deployment Scenarios
Create a dedicated external signers group
powershell
New-UnifiedGroup -DisplayName ‘External Signers’ -AccessType Public
-AccessType Public
-AutoSubscribeNewMembers $true
7. Power Automate process transformation
yaml
actions.
- type: ‘RequestSignature’
inputs: -AutoSubscribeNewMembers $true
recipients: ‘${triggerBody(’external_email‘]}’)
- email: ‘${triggerBody()[’external_email‘]}’
authenticationType: ‘None’
8. Compliance Configuration
powershell
Set-IRMConfiguration -ExternalSignatureTypes @(‘All’)
9. Check the external share status:
powershell
Get-SPOSite <SiteURL> | fl SharingCapability, ConditionalAccessPolicy
10. Verify the organisation relationship:
powershell
Get-OrganisationRelationship | where {$_.DomainNames -like ‘*external.com*’}
11. Audit log analysis:
powershell
Search-UnifiedAuditLog -RecordType SharePointSharingOperation
