SharePoint Online offers users the ability to share documents with people outside your immediate organization. Seems simple enough in theory but gets confusing in practice. Here are the key elements to understand if you find yourself confused like I was when testing.
In order for this to work you must first configure the SharePoint Online Tenant and Site Collection to allow sharing. I am not covering how to set that up in this article but you can learn about that here, here and here.
Steps to share a document
The first order of business is to obviously select a document you wish to share by right clicking the ellipses to expose the “Share” option.
Once the share dialog is opened enter the following information:
- The email of the person you are sharing with.
- Permissions to either edit or only view the document.
(In my opinion, this incorrectly defaults to “Can Edit” instead of “Can View” so if you don’t want the person you are sharing with to edit you must remember to change this setting each time.)
- Enter a friendly message to go along with the email invitation.
Note that the “Get a Link” option on the left side of the dialog and the “Require sign-in” are available only if you have your SharePoint Online Tenant AND site collection configured to share using anonymous links. In most corporate environments you probably always want users to log in so you have control over who has access to your documents and this article assumes so. Otherwise, any user that has the link will be accessing your documents. The Site Collection and Tenant administrator have access to those settings so see them for further information.
After completing the dialog and pressing the “Share” button the user will receive an invitation email similar to the one below.
How External Users Log In
Assuming you require users to sign-in to view shared documents, the user can click the document link to be directed to a login page prior to access.
How users sign-in and what account they use was a point of confusion for me. Notice below the three login options.
- Microsoft Account: Use this option to use ANY Microsoft account the user may have. You may use Skype, Xbox, Hotmail, or anything Microsoft. This is the option to use if the “Organizational Account” option is not applicable and you have such an account.
- Organizational Account: Use this option if you have an Account specific to the SharePoint Online Tennant in which the Shared document resides. The term “Organizational Account” was and is confusing to me so I just think of it as the SharePoint Tennant specific account. It is possible that you belong to other SharePoint Online Tenants so login using the appropriate account.
- Create a Microsoft Account: This is the third option which I overlooked initially. If the user has no existing Microsoft accounts and no SharePoint Tennant specific account then just create an account on-the-fly using this option. Once it is created you can use it over and over again.
Choosing either option 1 “Microsoft Account” or option 2 “Organizational Account” will direct the user to a login page like this.
Choosing option 3 to create a Microsoft Account directs the user to an account creation page shown below. This form is straight-forward, just provide an email address and some other information for verification.
When the form is submitted a verification email is sent to the user and after verification is complete the user’s account is created and can proceed to access the document.
Managing Your Shares
As a site content owner you will want to manage what is being shared and with whom. There are two tools from which you can to do this.
Shared With Dialog
The first method is to use the ellipse menu associated with the document to expose the “Share With” option.
Note in this dialog, there are no option to remove users only view. However, when you click the “Advanced” link you will be taken you to the “Permissions” administration page for that document. The “Permissions” admin page is where you remove users to prevent further access.
Also note that shared external users will not be listed until they actually access it. Until accessed, the user are in a “Pending” list as demonstrated below.
Viewing all Shares
The method mentioned previously is fine for understanding shares with respect to a specific document, but what if you want to view all the shares for all documents? For that, go to “Site Settings” and select “Access Request and Invitations” in the “Users and Permissions” section. Don’t worry if you can’t find it immediately as it is only visible once the first invite is initiated and sharing is turned on for the Site Collection.
The Access Request page has three sections:
The first section shows any user that has requested access to something. When a user is selected in the list the top Ribbon menu will allow you to accept or reject the request.
External User Invitations
The second section shows any external user that has been invited to view or contribute to a document but not yet accepted. Selecting a user in this section enables the Ribbon options to Resend or Withdraw and invitation. Withdrawing the invitation will move the account to the History section mentioned below.
The third section is for historical reference. When an invitation is sent it is in a “Pending” status, it will eventually expire. Once the user accesses the document or the expiration date is reached you will find the account moved into “History” where it will reside for auditing.
It is interesting to note that the lists in each section provide the ability to create views (Note the “Modify this View” and “Create View” links) thereby allowing better organization of data when many records are present.
This article represents the core components and issues necessary for understanding how documents are shared with external users. Many of these concepts are applicable for sharing sites and folders as well.
Lastly, as with many testing exercises with SharePoint Online you are at the mercy of timer job frequencies which you have no control over. As such, at times is can be frustrating waiting for emails to be sent and dialog boxes actually show shared user accounts.
Thanks for reading and I look forward to your comments and questions.