This procedure will establish the necessary steps required to allow internal user access to external Microsoft tied resources. Additionally, there will be the inclusion of known errors that are encountered due to process break down.
Configuring External Access for Internal Users
- Access the Cross-Tenant Access Settings – Azure Active Directory portal, select Add Organization supplying either the Tenant ID or Domain Name associated with the desired External Identity. Finalize the addition by selecting Add.
- If done correctly the addition should now be listed below, select the Outbound Access hyperlink for the newly added org entry.
- A redirect will occur, from the new window we will be enabling Customized Settings for both B2B Collaboration and Trust Settings. Starting with B2B Collaboration we will be Allowing Access for all Internal Users and Applications to the External Identity resources. Select Save before moving to Trust Settings.
- Once B2B Collaboration has been configured we will move to Trust Settings, we will be enabling Automatic Redemption so internal users will not have to interact with the consent prompt that is sent for first time invitation acceptance to the external identities resources. Select Save to finalize Outbound Access customization.
- If done correctly Outbound Access should now be set to Configured for the newly added org entry.
Expected Behavior for User Receiving Invite
- The user receiving the invite for the external SharePoint site access or external application access should find the invitation within their Outlook inbox. From the email they should select the Go to SharePoint option to view the SharePoint Site or Accept Invitation to view My Apps.
- The user accepting the invite will need to fulfill basic authentication requirements for the account that the invitations was specified for. Once completed the user should be able to view the SharePoint site or the My Apps portal.
Error Handling Based on User Feedback
The following list includes screen captures of Errors that could impact Internal User access to the SharePoint site or My Apps portal either due to process break down or configuration constraints as well as possible ways to hotfix the issue.
- AADSTS500212 Error – This error is associated with default settings or configured organizational settings for an External Identity entry being set to block outbound access for B2B Collaboration. Internal Users that have received an external invitation to a SharePoint site or has been given access to the My Apps portal of an external organization but have not had the specified domain configured properly within the tenant as a trusted External Identity will encounter this error.
- How to alleviate this issue:
- Follow the steps listed in the Configuring External Access for Internal Users section above to alleviate the error impacting the users.
- Something Went Wrong Unknown Issue – This error is associated with the external domain not being included within the Allowed domain list to receive invitations of the External Collaboration Settings – Azure Active Directory and the More External Sharing Settings section of the SharePoint Admin Center. Internal Users that have received an invitation to an external SharePoint Site but have not had the organization domain properly configured within the external tenant will encounter this error.
- How to alleviate this issue:
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.