Dec 11 2019
- last edited on
Jan 14 2022
I've created a few Sharepoint sites, & added guest users. That was fine. However, one user has come into a problem I've no idea how to solve. When attempting to access the site by signing in/creating their account, they receive the following:
We cannot create a self-service Azure AD account for you because [site address] has disabled self-service account sign-up by email validation. Ask [site address]'s admin to enable EmailVerified users or create an account for you.
However, within my Azure Active Directory settings look fine to me:
Any ideas? Is this something the person I'm inviting has to get their Admin to edit? Or should I enable the Email One-Time Passcode - though by the sounds of it, that's a "Guests never gain permanant access, just temporary 24-hour slots requiring new codes each visit"
Dec 11 2019 09:50 AM
They should not be creating an account, but logging in with the one you added as guest user. Have they redeemed the invitation?
Dec 12 2019 12:39 AM - edited Dec 12 2019 12:40 AM
@Vasil MichevYou have me confused.
Within Outlook -> Group -> Group Settings -> Add Members , I have invited him/her as a Guest.
I can see within Azure AD the Name, UserName, Type & Source read [email], [email], Guest & Invited User.
What more should I be doing, as I've completed your objective?
When I say "creating", what I mean is, when a non-Microsoft User is invited, they'll need to create a psuedo-Microsft account when 1st logging in when accessing the Invitation Link; i.e. input a new password. It is here, I believe, where they're being barred entry when attempting to redeem their invitation.
Dec 12 2019 10:15 AM
I'm with you, but if they are creating a "pseudo-Microsoft" account they should not be running into such errors. More specifically, the error message suggests that the AllowEmailVerifiedUsers setting is set to false, which can only be done for actual O365 tenants. So either he is using an account associated with another O365 tenant, or maybe he has signed up for some of the free services (Teams free, Flow Free, etc) which has resulted in a tenant created.
Here's a similar thread we had here on the MTC a while back: https://techcommunity.microsoft.com/t5/Microsoft-Teams/Select-guests-unable-to-join-team-Azure-AD-pu...
And the documentation on the parameter in question: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-self-service-si...
Dec 13 2019 01:37 AM
Dec 13 2019 08:02 AM
Checking via Private session is always a good test, so let him try that. And "tenant" here means an organization registered with Microsoft. Problem is, end users can unintentionally register a tenant by signing up for one of the free services. If this is the case, then a "takeover" process must be initiated, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/domains-admin-takeover
In any case, you can always contact support for assistance on this.