Forum Discussion
Site Collection external sharing option -ExternalUserSharingOnly not working as expected for folder
Hello,
I was trying to share a folder in a site collection with a new external user who had never authenticated himself with any of our tenant's resources.
The sharing setting of the site collection is set to "ExternalUserSharingOnly".
The user received an email and was prompted to enter a security code which he was sent instantly.
However, after entering the code he get's the common "Access denied" message.
This is the behaviour I was expecting if the external sharing option was set to "ExistingExternalUserSharingOnly" since this states that the external user has to exist in the tenant's directory already.
This in turn means that I would have to share a site collection with the user first so that he can authenticate properly and a SPO user profile is created for him.
Any ideas?
Thanks in advance for your responses.
Edit: I have just tried it with a Word document that resides in the same library and with this it's working flawlessly. So the issue seems to pertain to folders.
14 Replies
- It's possible the user may be logged into an Org account or personal MSA account at the time of entering the code? I've seen some strange behavior where it will do this if not logged out. Maybe have your test try with In-Private browser session and see what happens, but my gut tells me it's going to be related.
- StephenRice
Microsoft
Deleted,
Can you send a screenshot of the error that you are seeing? Thanks!
Stephen Rice
Hi,
sorry for the late response.
Here's a screenshot of the error message. I tried this with another user (my personal Gmail account) but the error message I receive is the same.
Please be advised that this is in German. The translation is:
Access denied.
"emailAddress" has no permission to access this resource.
-> Authenticate with the account that your employer or school has provided you in order to use Office 365 or other Microsoft servies.
Testing further I found out that once my external user received the "access denied" message, sharing another folder (same library) immediately results in the error message. No code will be sent anymore.
The same happens on another site collection.
Next, I tried to paste the link in the sharing invitation email into a private session.
I received this error message:
It translates to:
Sharing link verification
You have received a secure link to:
Folder 1 (icon)
emailAddress exists within the list of people for which this link is secured but you must first login with urn:spo:guest#emailAddress. Login with urn:spo:guest#emailAddress. and we will grant you access instantly.
Next (button)
So when I klick next, I'm redirected to the Microsoft sign-in page.
Obviously, entering urn:spo:guest#emailAddress. won't work so I entered my the regular one (a Gmail address). Then I was prompted to enter my password. I was able to do this but only because in the past I had already linked my Gmail account to an Outlook.com account so I used those credentials.
After that I was asked if I wanted to remain loggin in and the next message was:
Translation (not everything):
Unfortunately, this has not worked.
Unfortunately "emailAddress" was not found in the directory "tenantName". Please try again later. In the meantime we're trying to fix the problem automatically.
Here're a couple of ideas...
So this suggests that the user has to be in the tenant's directory.
Hope that helps.
Thanks.
Adding StephenRice
