Forum Discussion

Salvatore Biscari's avatar
Salvatore Biscari
Silver Contributor
May 07, 2017
Solved

Guest Users vs. External Users

At this point, I cannot see any difference between the two wordings: it appears to me that "Guest User" and "External User" have exactly the same meaning, with the former being only a more "modern" w...
onedrive
SharePoint Online
  • StephenRice's avatar
    StephenRice
    May 15, 2017

    We use the terms interchangeably at Microsoft as well. External user is an older term from back when all "guests" in the directory authenticated outside of the home tenant. When we added support for managed guest users (i.e. the user authenticates inside the home tenant), the "external" piece stopped making sense and "guest user" was born. 

     

    And as with many of these types of things, we ended up using both names to refer to the same set of features. If there is a feature/scenario where this language does make a difference, we try to make sure it's clearly labeled to avoid confusion. 

     

    Thanks,

     

    Stephen Rice

    OneDrive Program Manager II

StephenRice's avatar
StephenRice
Icon for Microsoft rankMicrosoft
May 17, 2017

Almost got it! 

 

In that first case, the user will always authenticate with Fabrikam, not Contoso. Here are the two flows:

 

  • Stephen (a member of Contoso) invites Salvatore (a member of Fabrikam) to a document in the Contoso tenant. Salvatore receives an invitation mail.
  • When Salvatore clicks on the link in the mail, he goes through the invitation acceptance process which results in the creation of an account in the Contoso tenant. This is really kind of a sub account though as Salvatore will always authenticatate at Fabrikam.
  • When he attempts to access content, he will land at Azure Active Directory which recognizes that though he is logging into Contoso, he authenticates with Fabrikam. 

 

In the second case, Salvatore's user account is actually managed by Contoso (for example, Contoso admins could reset his password) and it is not tied in any way to his Fabrikam account. Thus, in the first case, Salvatore authenticates externally to the tenant while the second case has him authenticate internallyto the tenant.

 

Hopefully that made sense :)

 

Stephen Rice

OneDrive Program Manager II

 

 

Bharath Bharadwaj's avatar
Bharath Bharadwaj
Copper Contributor
Jan 05, 2018

Hi Stephen,

 

This is interesting topic and I do have few questions to you.

Stephen (a member of Contoso-Uses Azure AD) invites Salvatore (a member of Fabrikam-doesn't have an enterprise Azure Active Directory. Meaning, uses AD on premise (2008) and IBM web signon (for email and many web apps))

 

Now  Stephen  invites Salvatore to Contoso tenant. As usual Invite email sent to Salvatore and on click of accept it will ask to crate the password. After creating the password Salvatore  successfully invited to Contoso tenant. As he dosen't have Azure AD how he can reset the password to Contoso tenant access if he forgot the password he created during the Invite? Who have the ability to reset his password? 

 

Looking forward your inputs here. Thank you for your time.

 

 

  • StephenRice's avatar
    StephenRice
    Icon for Microsoft rankMicrosoft
    Jan 05, 2018

    Hi Bharath Bharadwaj,

     

    When you Stephen "invites" Salvatore, where are you assuming the action takes place? Is this in SharePoint or OneDrive? Or in Azure? Thanks!

     

    Stephen Rice

Resources