External user error message - I think it's on their end?

Question

I have a couple external users from the same company who are receiving identical error messages when trying to accept SharePoint invites.

Details:

Error message seems generic: Sorry, but we're having trouble signing you in. We received a bad request.... AADSTS70001: Application is disabled.

They previoulsy had access to our sharepoint site.

They tell me they have recently purchased Office 365, but not SharePoint.

They have an Exchange email plan only.

The error message they are receiving makes me believe something is not completely setup in their environment. AAD perhaps? It's a bit out of my area of expertise.

Error page attached. Please send prayers my way, along with any guidance I can give them to help them get into our site...

stephenrice · Answer

Hi Michael,Before they onboarded onto Office 365, were they using the same email address for a Microsoft account (EASI ID)? If so, here is what is likely happening...1) You previously invited Stephen@contoso.com to your tenant.2) I accepted using Stephen@contoso.com (MSA).3) Contoso onboards onto Office 365 and I begin using Exchange with Stephen@contoso.com (AAD).4) I click on the shared document.5) As I am not authenticated, I get redirected to AAd for auth.6). AAD says I'm signed in with Stephen@contoso.com (AAD) and sends me back to SPO with that identity.7) SPO throws the above error message because Stephen@contoso.com (AAD) does not have access to that document; Stephen@contoso.com (MSA) does. If you ask your users to sign out of their AAD account, then, when they log back in after clicking on the shared document, they will be asked which identity they want to use. If they pick the "personal" (MSA) option, it should work. Hope that helps!!!Stephen RiceOneDrive Program Manager II

stephenrice · Answer

If you want the users to sign out, you can have them go to portal.office.com to sign-out or they can signout from inside Exchange. That is the easiest short term solution to unblock your partners.
&nbsp;
Salvatore is correct for the long term approach though. Purge the MSA guest accounts from your directory (can be done in AAD directory or in O365 portal) and then reinvite them to all resources they need access to.&nbsp;
&nbsp;
Hope that helps!
&nbsp;
Stephen Rice
OneDrive Program Manager II

michael baird · Answer

Stephen,&nbsp;I believe you are correct - they had previously been using an MSA to log into sharepoint prior to adopting O365.&nbsp;Is there a specific address I can point them to when asking them to log out of their AAD account?&nbsp; They do not have a sharepoint site, so would portal.office.com work for them?&nbsp;Michael

salvatore biscari · Answer

I have seen a lot of authentication problems for people having the same username (i.e. email address) for the MSA and the Office 365 (commercial) account.

My advice is to get rid asap from the MSA username. It is actually very easy and, changing the username, they will loose neither their MSA identity, nor all the subscription and services associated with it.

Give a look to this article: https://www.howtogeek.com/277170/how-to-change-the-primary-email-address-for-your-microsoft-account/

michael baird · Answer

Thanks Salvatore.&nbsp;One question though about an issue that I don't know how to offer a resolution to these users.&nbsp; We are a business running projects, using sharepoint to distribute documents and send alerts.&nbsp; Previously these external users were signed in with the MSA tied to their work email account.&nbsp; Alerts and notifications wouild go to their work inbox.&nbsp;If they change the primary email on the MSA, alerts being sent out for a project they are working on for their company are now going to someone's personal, potentially unmonitored inbox.&nbsp;This seems like a very weak link in the business process.&nbsp;What is it in their AAD setup that is preventing them from logging into our sharepoint site with their Office 365 / AAD account???&nbsp;Michael

Forum Discussion

External user error message - I think it's on their end?

8 Replies

Resources