Guest account access challenges for volunteer SharePoint portal hub

Brass Contributor

We had the need for a volunteer hub (portal) that consolidates a bunch of info into an easy-to-use web-based solution. We compared many options and landed on SharePoint (365) for several reasons. We use AAD Guest accounts so thousands of volunteers can “log into” the hub with their personal email address and so we can control the content they see and their access (a little). The one-time code stinks, but it is what it is.

 

Here’s the problem – many volunteers are accessing this hub from Windows computers that are logged into a Microsoft account and/or trying to access the hub from browsers that are logged into a Microsoft account. In this case, they are prompted for Microsoft credentials rather than simply allowing them to get the code in their inbox and using it to gain access to the hub. One “solution” is having them access the hub from a Private or Incognito browser session but that has proven to be a horrible user experience.

 

Does anyone have any ideas for how I can mitigate the above issue for those already logged into Microsoft with some set of credentials? For example, is there code I could put on a web-hosted landing page that would, I don’t know, launch their browser to the Hub’s URL in a non-authenticated browser window? Any ideas would be very appreciated, thank you!!

 

Brian

3 Replies

@BrianRMI 

It seems that you're facing challenges with guest account access for your volunteer SharePoint portal hub, particularly when volunteers are already logged into Microsoft accounts on their Windows computers or browsers.

Here are a few ideas, with AI helps, to mitigate this issue:

  1. Clear browser cache and cookies: Encourage volunteers to clear their browser cache and cookies before accessing the hub. This can help remove any stored authentication information and prompt them to log in again with their guest accounts.
  2. Provide clear instructions: Clearly communicate the steps volunteers need to take to access the hub without being prompted for their Microsoft credentials. For example, you can provide step-by-step instructions on how to open a private or incognito browser session and access the hub from there. Make sure the instructions are easy to follow and readily available.
  3. Use direct URL links: Instead of relying on a landing page, provide direct URL links to the hub that bypass any authentication prompts. You can send these links to volunteers via email or provide them on a separate web page. When volunteers click on these links, they should be taken directly to the hub without being prompted for credentials.
  4. Single Sign-On (SSO) integration: Explore the possibility of integrating a Single Sign-On solution with your SharePoint portal hub. This would allow volunteers to log in once using their guest accounts and then access the hub without further authentication prompts, even if they are logged into Microsoft accounts elsewhere.

Remember to test any changes or solutions in a controlled environment before rolling them out to your volunteers to ensure they work as intended and minimize any disruptions to their user experience.

 

Hope its helps!

Thanks NikolinoDE - one issue with ChatGPT is it sometimes misses nuances (but I love it too!). I like the idea of #3, but I'm not sure if that will work or, more importantly, how to test it. Are you familiar with this option?
OK, I just used Chat GPT to ask how to accomplish #3, and removing authentication isn't an option because the hub needs to know who the user is in order for it to provide unique info to that user.

Other options using code or some other outside the box alternatives would be great!