Forum Discussion
External Sharing
I have a project site which I want to share with some external user. External Sharing is enabled in site collection level and the new setting "External users must accept sharing invitations using the...
Yes, you are correct. The user has to login using the email address to which the invitation was sent. From the security perspective, this was correct because the user to whom the invite was sent alone can access it. If you want to allow the user to login with any email address, then you have to opt for Anonymous access which is considered less secure.
SanthoshB1 - That's actually not correct -- the optional requirement that someone accepts an invitation with an account that has the same email address that it was sent to was something new added in 2015 (IIRC), but based on the screen shot, it looks like this tenant is configured to not enforce that requirement.
So basically it is possible to share a site with any email address and then the email receiver chooses which Microsoft account he/she is using when logging in to the site? And this MS account which he/she uses does not have to be associated with the email address where the invitation was sent to? An other way to phrase it: Invitation sent to identity A can be accepted by identity B?
This is how I have experienced how it works. But still, some external users are getting this error while using https://support.microsoft.com/en-us/kb/3026478
I openend support case to Micsofot support and first the support engineer told that the sharing and logging in needs to be done with the same email address.. This is conflicting with the support articles.
I was doing some testing on this today.
I set up a new personal MS account for testing. I shared a site from my tenant with this email address (Andytest). Logged into Outlook.com and the invite email was there. Now I use several different browsers for different client O365 accounts and my own. So I opened IE11, logged into Outlook and clicked the link. Even though I hadn't logged into my tenant in this brower for several days, it brough me straight to the shared site but I was logged in as my organisation account and not Andytest! I got no options to choose what account I wanted to log in with. I was straight in.
Not very useful. I ended up logging out from my tenant and re-sending the email invite. Then it worked by requesting which account I wanted to use and I logged in as Andytest.
Have a look here as Sharegate explains it more detail.
http://en.share-gate.com/blog/ultimate-guide-deal-with-office-365-external-sharing
Sorry Teemu! More confusion. A lot depends on whether they have any sort of MS or O365 account and if the browser they are using has already authenticated against another account.
Deleted Thanks for correcting.
Thanks,
But MS support articles say explicitly "An external user invitation doesn't require that it be accepted by the email address to which it was first sent. It is a one-time invite"
In this article it pretty clearly says that invitations can be forwarded and someone else can use other account:
"Only one person may log in to access your site or document using an invitation you send. However, the person who gets your invitation may decide to not use it, and instead forward the invitation to someone else who can then log in using their Microsoft account or work account to access the site or document."
This is what bothers me now, because if I recall correctly, previously it worked in a way that you could send the invitation to any email address, and then the receiver could use one of his/hers Microsoft Accounts (Office 365 from work, private outlook.com or private Office 365 account).
I might only know external user's work email address and share the site using that email. I cannot know if that email address is tied or not to any MS accounts.
- I recommend first to have a look at the sharing settings at the tenant level...just remember that what you configure at the tenant level is what rules the sharing stuff
I have checked the settings from tenant level and everything works fine when sharing with other Office 365 tenants and if I share site site with firstname.lastname@outlook.com and users logs in with MS account withthe same email address. But it does not work if I share site with firstname.lastname@work.com and users logs in with MS account that uses email address firstname.lastname@outlook.com.
