Forum Discussion

JosephNierenberg's avatar
JosephNierenberg
Iron Contributor
Mar 03, 2020

AAD Guest Users and SPO list/library access

There is a list in a SharePoint site. I want to permit a guest to create and to modify list entries (i.e., “contributor” rights). The guest person is already a guest user object in AAD. I’ve broken...
Access Management
JosephNierenberg's avatar
JosephNierenberg
Iron Contributor
Mar 04, 2020

ChrisWebbTech 

When I try to add this user by their e-mail address, SPO won't recognize it or allow me to click or tab out of the field. (I thought I had done this successfully yesterday, but perhaps not.) See the attached image.

ChrisWebbTech's avatar
ChrisWebbTech
MVP
Mar 04, 2020
Hmm. Gonna have to go check sharing settings for that site in SPO Admin. Seems like external users is off.
  • JosephNierenberg's avatar
    JosephNierenberg
    Iron Contributor
    Mar 05, 2020
    ChrisWebbTech Any new insights after my reply to this, that 'new and existing guests' is enabled?
      • JosephNierenberg's avatar
        JosephNierenberg
        Iron Contributor
        Mar 10, 2020

        ChrisWebbTechIt seems to go like this:

        • For both lists and document libraries, it is possible to make the external guest available for sharing by sharing a document library file or folder with them. Sharing a site should also work, but I haven't tested it. Once they redeem the sharing invitation, they're known to SPO, and they could be given access permissions to a SharePoint list.
        • It is not possible to provide access permission directly (i.e., without a group) to an external guest who has not previously accessed SPO. (It is possible to do so from a document library, but not from a list.)
        • It is possible to provide list access permission to an external guest who has not previously accessed SPO by first inviting them to redeem status as a guest in Azure AD; then, after they redeem, adding them to an Azure AD security group; and finally giving that security group access permission to the list.

        At least this has been my experience. I'd be interested to hear anyone's views of other ways to go.

    • ChrisWebbTech's avatar
      ChrisWebbTech
      MVP
      Mar 06, 2020

      Only thing I know to try and I just did it, is use the modern interface to invite your guest to something on the site using the Share button on the list, to a individual item. Once you do this, they are added into the site's user list, then it will be available to select when sharing the entire list. 

       

      Use the "Specific people" option. 

      • ChrisWebbTech's avatar
        ChrisWebbTech
        MVP
        Mar 06, 2020
        That Modern Sharing dialog looks and see's external users in the org to select. So once added there, you can then add to the full list.
  • JosephNierenberg's avatar
    JosephNierenberg
    Iron Contributor
    Mar 04, 2020

    ChrisWebbTech 

     

    In SPO: "New and Existing Guests" is the sharing setting for both the organization and the root-level site that all of the sites/lists I tested are part of. (Rambling sentence, but hopefully clear.)

     

    In AAD: Under "External Collaboration Settings," everything seems to be toggled correctly, although this seems irrelevant to the task at hand. The specific external has already authenticated.

Resources