Forum Discussion

Deleted's avatar
Deleted
Mar 15, 2018

Site Collection external sharing option -ExternalUserSharingOnly not working as expected for folder

Hello, I was trying to share a folder in a site collection with a new external user who had never authenticated himself with any of our tenant's resources.   The sharing setting of the site col...
external sharing
Permissions
powershell
SharePoint Online
Sites
Deleted's avatar
Deleted
Mar 15, 2018
It's possible the user may be logged into an Org account or personal MSA account at the time of entering the code? I've seen some strange behavior where it will do this if not logged out. Maybe have your test try with In-Private browser session and see what happens, but my gut tells me it's going to be related.
  • StephenRice's avatar
    StephenRice
    Icon for Microsoft rankMicrosoft
    Mar 15, 2018

    Deleted,

     

    Can you send a screenshot of the error that you are seeing? Thanks!

     

    Stephen Rice

    • Deleted's avatar
      Deleted
      Mar 20, 2018

      Hi,

       

      sorry for the late response.

      Here's a screenshot of the error message. I tried this with another user (my personal Gmail account) but the error message I receive is the same. 

       

       

       

      Please be advised that this is in German. The translation is:

       

      Access denied.

      "emailAddress" has no permission to access this resource.

      -> Authenticate with the account that your employer or school has provided you in order to use Office 365 or other Microsoft servies.

       

      Testing further I found out that once my external user received the "access denied" message, sharing another folder (same library) immediately results in the error message. No code will be sent anymore.

      The same happens on another site collection.

       

      Next, I tried to paste the link in the sharing invitation email into a private session.

      I received this error message:

       

       

       

      It translates to:

       

      Sharing link verification

       

      You have received a secure link to:

      Folder 1 (icon)

       

      emailAddress exists within the list of people for which this link is secured but you must first login with urn:spo:guest#emailAddress. Login with urn:spo:guest#emailAddress. and we will grant you access instantly.

       

      Next (button)

       

      So when I klick next, I'm redirected to the Microsoft sign-in page.

       

       

       

      Obviously, entering urn:spo:guest#emailAddress. won't work so I entered my the regular one (a Gmail address). Then I was prompted to enter my password. I was able to do this but only because in the past I had already linked my Gmail account to an Outlook.com account so I used those credentials.

       

      After that I was asked if I wanted to remain loggin in and the next message was:

       

       

      Translation (not everything):

       

      Unfortunately, this has not worked.

       

      Unfortunately "emailAddress" was not found in the directory "tenantName". Please try again later. In the meantime we're trying to fix the problem automatically.

       

      Here're a couple of ideas...

       

      So this suggests that the user has to be in the tenant's directory.

      Hope that helps.

      Thanks.

       

      • Deleted's avatar
        Deleted
        Mar 20, 2018
        Yeah this is happening because that logged in address has been associated before with another account in the tenant. You'll have to basically remove that user and re invite and login with that MSA to be able to use that account. It can be rather annoying for users especially when they are already logged in with another MSA and hit a link that they don't have access too because they have been invited more than once on different e-mails associating different accounts. I've seen it happen a few times in my org where one person invites to a site, then another later uses a different e-mail to invite that same person.

Resources