Hi everyone, I'm documenting this so as I found the related articles (see end of this post) were challenging to follow and didn't quite cover my scenario.
My use case
As an external user I need to to read ALL files in <company intranet> or other SharePoint online Library, but not have access to the entire site.
Issues with Share button
SharePoint online sharing is usually simple, select the file OR folder, click Share button, select type of sharing, enter email address of external user.
BUT in this case the external user needs access to the ENTIRE library (all files and folders). If you go to the library e.g. https://<your365tenant>.sharepoint.com/sites/<sitename>/<libraryname> and click the SHARE Button in the top right of that page you aren't sharing the library but the entire site.
To give an external user access to an entire SharePoint online library requires the following:
- URL of the library that needs to be shared
- Email address of the external user
Then you need to
- For the 365 tenant check Azure active directory, to see if the external user already has a Guest account (if you can't do the following steps, you can share just one file from the library with the user, have them view it, and this creates the Azure account, once they've done it).
- go here
https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers
- search for external user email address
- if the user doesn't exist then click the "new guest user"
- choose invite user
- the external user will get an email, they have to click the "Accept invitation" link at the bottom
- in Azure AD you'll see that their account now says "invitation accepted" = Yes
- I ask the user to let me know that they've been redirected to myapplications.microsoft.com
- Now that the account exists you can share the library with it
- Go to the library URL , click the cog, click Library settings link
- click "Permissions for this document library"
- click "Grant permissions"
- click "invite people", enter the external user's email address, it should then resolve to the first name lastname from Azure AD
- click "show options"
- select the options you need this user to have
- click Share
- The user will get another email, that has a link to the library and they should have access.
Errors and Fixes
If the user get's an error like the following <User email> "can’t be found in the <your365tenant>.sharepoint.com directory error",
Then I found I could resolve it by doing the following:
- Go to the following URL (update it with the site your library is in) https://<your365tenant>.sharepoint.com/sites/<sitename>/_layouts/15/people.aspx?MembershipGroupId=0
- search through the list to find the external user
- mouse over the user's name, look at the link and find what this user's ID =
- create the following URL using the external user's ID number in notepad
- visit the URL you've built
- e.g. https://<your365tenant>.sharepoint.com/sites/<sitename>/_layouts/15/userdisp.aspx?ID=609&force=1
- Now the user will be able to click on the link in the second email they got from the system, and will see the library contents rather than the error message.
I hope this helps, it took me a couple of days to test and find this. But only 2 mins to do for subsequent users.
References
