Forum Discussion
External user access to the SharePoint Online library - howto
Hi everyone, I'm documenting this so as I found the related articles (see end of this post) were challenging to follow and didn't quite cover my scenario.
My use case
As an external user I need to to read ALL files in <company intranet> or other SharePoint online Library, but not have access to the entire site.
Issues with Share button
SharePoint online sharing is usually simple, select the file OR folder, click Share button, select type of sharing, enter email address of external user.
BUT in this case the external user needs access to the ENTIRE library (all files and folders). If you go to the library e.g. https://<your365tenant>.sharepoint.com/sites/<sitename>/<libraryname> and click the SHARE Button in the top right of that page you aren't sharing the library but the entire site.
To give an external user access to an entire SharePoint online library requires the following:
- URL of the library that needs to be shared
- Email address of the external user
Then you need to
- For the 365 tenant check Azure active directory, to see if the external user already has a Guest account (if you can't do the following steps, you can share just one file from the library with the user, have them view it, and this creates the Azure account, once they've done it).
- go here
https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers
- search for external user email address
- if the user doesn't exist then click the "new guest user"
- choose invite user
- the external user will get an email, they have to click the "Accept invitation" link at the bottom
- in Azure AD you'll see that their account now says "invitation accepted" = Yes
- I ask the user to let me know that they've been redirected to myapplications.microsoft.com
- go here
- Now that the account exists you can share the library with it
- Go to the library URL , click the cog, click Library settings link
- click "Permissions for this document library"
- click "Grant permissions"
- click "invite people", enter the external user's email address, it should then resolve to the first name lastname from Azure AD
- click "show options"
- select the options you need this user to have
- click Share
- The user will get another email, that has a link to the library and they should have access.
Errors and Fixes
If the user get's an error like the following <User email> "can’t be found in the <your365tenant>.sharepoint.com directory error",
Then I found I could resolve it by doing the following:
- Go to the following URL (update it with the site your library is in) https://<your365tenant>.sharepoint.com/sites/<sitename>/_layouts/15/people.aspx?MembershipGroupId=0
- search through the list to find the external user
- mouse over the user's name, look at the link and find what this user's ID =
- you should see something like https://<your365tenant>.sharepoint.com/sites/<sitename>/_layouts/listform.aspx?PageType=4&ListId={EEB5FB7D-8DF6-4274-BB3F-072B95C134A6}&ID=609
- note down the external user's ID number
- create the following URL using the external user's ID number in notepad
- visit the URL you've built
- e.g. https://<your365tenant>.sharepoint.com/sites/<sitename>/_layouts/15/userdisp.aspx?ID=609&force=1
- Now the user will be able to click on the link in the second email they got from the system, and will see the library contents rather than the error message.
I hope this helps, it took me a couple of days to test and find this. But only 2 mins to do for subsequent users.
References
- https://techcommunity.microsoft.com/t5/sharepoint/sharing-a-document-library-with-external-users/m-p/13718#M1156
- https://techcommunity.microsoft.com/t5/sharepoint/sharing-a-document-library-with-external-users/m-p/8098#M627
specifically the 1-8 items under “If you can't access the site as the incorrect external user, follow these steps:”
- Dorje-McKinnonSteel Contributor
I've had a few issues with this way of sharing entire sharepoint online libraries.
But they almost always boil down to a user getting one of two error messages:
- That didn't work
We're sorry, but <user email> can't be found in the <your company>.sharepoint.com directory
Issue Type: User not in directory. - Sorry, you don't have access. Then a message box, and a "Request access" button
In almost every case the issue has been the user has multiple email accounts associated with Microsoft accounts, and or browser cache of credentials.
The simple fix (8 hours to find this simple fix) is to get the user who is seeing these errors to go back to the email they got from you titled : “<person name> is inviting you to collaborate on <library name>” , right click on the OPEN button , select copy link, open an incognito / private or inPrivate browser window and paste in the OPEN button url. They are then prompted to login , ensure they use the email address you shared the library to, and 90% of the time they will get access.
Hopefully this helps everyone.
and right click on the- xoxideinIron ContributorI just tried this with my personal email and I never got the invite email. I see it in M265 as:
username_gmail.com#EXT#@domain.onmicrosoft.com
- That didn't work
- MadameMomCopper ContributorThanks for this! It is exactly what I needed.