When sharing with an external user, the user does not immediately appear in the permissions group. It turns out that the user needs to accept the invitation first.
Sharing with external users is very easy on SharePoint 2013. However, a user wanted to know why the external users were not appearing in the permissions group after they had been invited to join the site. The user had confirmed that they had made it work and was able to show me external users who were members of the group.
The Definitive Guide to Office 365 External Sharing by Nathalie Jard on the Sharegate site was very helpful when troubleshooting that everything was configured correctly on the platform, i.e. that sharing was enabled for that site collection and that I was actually doing it right. It turns out that it’s very hard to get wrong!
The very long story short is that users are not added to the permissions group until after they have accepted the sharing invitation and signed into the SharePoint environment with an organisation or LiveID.
Tips / lessons learned
Here’s a summary of the most important things I learned while investigating:
- Users are invited to share via email – this invitation has a seven day expiration period. If the user does not accept within seven days, the invitation will need to be re-issued.
- You may want to create an extra group for external users. See Add an extra group for management to a team site
for more information on how you could assign this group separate permissions.
- When testing sharing, share the content with yourself by using a personal email address which is not linked to your Active Directory account. In that way, you can follow the entire process.
- When choosing an account to log in with, it does not need to correspond with the email address the sharing invitation was originally sent to.
To share a site with an external user
- To share a site with an external user, click on the “share” button in the top right-hand corner of the screen.
- Type in the user’s email address. Make sure to click “show more options” and choose which permissions group the user should be added to. In this case, I added the user to the “members” group.
- You will see a small pop-up that the site has been shared with external users. At this point, SharePoint sends the user an invitation via email.
Verify that the user has not been added to the SharePoint group
You can verify that the user has not been added to the SharePoint group by following these steps. Unless the user has been incredibly quick with accepting the invitation, you will not be able to find them in the group.
- Go to Site Settings and choose “Site permissions”
- Open the group that the user was added to – in this example, that is “DW&C Members”. The only user in the group is the user I am currently logged in with
Accepting the share invitation
I tested this by sending the invitation to a personal email. That made it easy to follow the process.
- Check your email; you should have an invitation to visit the site. Click on the sharing link to start the process.
- You will be asked to choose what kind of account you’d like to log in with. It needs to either be a Microsoft LiveID or an organisation account. If you don’t have one of these types of accounts, the screen prompts you to create one.
- You will be able to log in as normal, using whichever account you choose. The site will load and show you the information based on the user permissions assigned to the external user.
Verify that the user has successfully been added to the SharePoint group
To verify that the user has been added to the group, follow these steps:
- Go to Site Settings and choose “Site permissions” with a user which has enough permissions to do so
- Open the group that the user was added to – in this example, that is “DW&C Members”. Now both the original user and the external user are visible in the group:
Now you can work with the user within the scope of the shared site (and inherited sites) as you would a normal user. Note that the user does have restrictions, e.g. they may not create a MySite or OneDrive.
Problem: user accepted the invite and is now in our system as a Guest User with MFA enabled – but I still cannot add them to my SharePoint site. They don’t show up. Other users setup exactly the same way do show up when I attempt to share. How long is this supposed to take?