Forum Discussion

Dorje-McKinnon's avatar
Dorje-McKinnon
Steel Contributor
Feb 01, 2021

External user access to the SharePoint Online library - howto

Hi everyone, I'm documenting this so as I found the related articles (see end of this post) were challenging to follow and didn't quite cover my scenario.

My use case

As an external user I need to to read ALL files in <company intranet> or other SharePoint online Library, but not have access to the entire site.

 

Issues with Share button

SharePoint online sharing is usually simple, select the file OR folder, click Share button, select type of sharing, enter email address of external user.

BUT in this case the external user needs access to the ENTIRE library (all files and folders). If you go to the library e.g. https://<your365tenant>.sharepoint.com/sites/<sitename>/<libraryname> and click the SHARE Button in the top right of that page you aren't sharing the library but the entire site.

 

To give an external user access to an entire SharePoint online library requires the following:

  • URL of the library that needs to be shared
  • Email address of the external user

Then you need to 

  1. For the 365 tenant check Azure active directory, to see if the external user already has a Guest account (if you can't do the following steps, you can share just one file from the library with the user, have them view it, and this creates the Azure account, once they've done it).
    1. go here

      https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers

    2. search for external user email address
    3. if the user doesn't exist then click the "new guest user"
      1. choose invite user
      2. the external user will get an email, they have to click the "Accept invitation" link at the bottom
    4. in Azure AD you'll see that their account now says "invitation accepted" = Yes
      1. I ask the user to let me know that they've been redirected to myapplications.microsoft.com
  2. Now that the account exists you can share the library with it
    1. Go to the library URL , click the cog, click Library settings link
    2. click "Permissions for this document library"
    3. click "Grant permissions"
    4. click "invite people", enter the external user's email address, it should then resolve to the first name lastname from Azure AD
      1. click "show options"
      2. select the options you need this user to have 
    5. click Share
  3. The user will get another email, that has a link to the library and they should have access.

Errors and Fixes

If the user get's an error like the following <User email> "can’t be found in the <your365tenant>.sharepoint.com directory error",
Then I found I could resolve it by doing the following:

 

I hope this helps, it took me a couple of days to test and find this. But only 2 mins to do for subsequent users.

 

 

References

 

  • Dorje-McKinnon 

    I've had a few issues with this way of sharing entire sharepoint online libraries.

    But they almost always boil down to a user getting one of two error messages:

    • That didn't work
      We're sorry, but <user email> can't be found in the <your company>.sharepoint.com directory
      Issue Type: User not in directory.
    • Sorry, you don't have access. Then a message box, and a "Request access" button

    In almost every case the issue has been the user has multiple email accounts associated with Microsoft accounts, and or browser cache of credentials.

    The simple fix (8 hours to find this simple fix) is to get the user who is seeing these errors to go back to the email they got from you titled : “<person name> is inviting you to collaborate on <library name>” , right click on the OPEN button , select copy link, open an incognito / private or inPrivate browser window and paste in the OPEN button url. They are then prompted to login , ensure they use the email address you shared the library to, and 90% of the time they will get access.

    Hopefully this helps everyone.

    and right click on the

    • xoxidein's avatar
      xoxidein
      Iron Contributor
      I just tried this with my personal email and I never got the invite email. I see it in M265 as:
      username_gmail.com#EXT#@domain.onmicrosoft.com

Resources