{"id":5106,"date":"2019-04-12T15:42:09","date_gmt":"2019-04-12T20:42:09","guid":{"rendered":"http:\/\/lisa.rushworth.us\/?p=5106"},"modified":"2019-04-12T15:42:09","modified_gmt":"2019-04-12T20:42:09","slug":"spo-guest-access-stops-working","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=5106","title":{"rendered":"SPO Guest Access Stops Working"},"content":{"rendered":"

I ran across an interesting issue today — Windstream’s got a really awesome SPO site for SD Project Management \u2013 tracking orders, equipment orders, 3rd<\/sup> party cabling installations, etc. The cool part about the site being hosted in SharePoint Online<\/em> is that a customer<\/em> can get set up as a federated partner and be granted access to see equipment readiness and installation scheduling within our system.<\/p>\n

Guest access is an interesting concept \u2013 while I have an account in our tenant that is linked to my Active Directory account in our domain, you can also create links to accounts in other<\/em> company\u2019s directories. The guest account can then be set up to access our Azure resources \u2013 added to Azure groups, added to SharePoint Online groups, invited to join Teams<\/a>.<\/p>\n

A guest user had her computer replaced and could no longer access the site \u2013 SPO insisted that she was not a valid user. Looking in Azure AD, the account existed; the audit log even showed successful authentication events. I\u2019m not sure if the computer replacement was a coincidence, the new computer had a different configuration, or if your browser stashes some information that allowed her to avoid authentication failures, but her guest account in our tenant was no longer working.<\/p>\n

For companies that don’t have Azure AD, when an individual accepts guest account access … the guest account link in our tenant lists “Microsoft Account” as the source.<\/p>\n

<\/p>\n

But when the company sets up Azure, the auth framework seems to get confused by the Azure AD account. Easy enough solution \u2013 we\u2019ve got to delete the guest account that’s linked to their MS Account from Azure AD. Bonus step specific to SPO, a site administrator needs to use <site>\/_layouts\/15\/people.aspx?MembershipGroupId=0 to delete the guest account from the SPO site.<\/p>\n

 <\/p>\n

Once the \u201cMicrosoft Account\u201d guest account has been removed, the guest can be re-invited. They’ll step through the registration process again but <\/em>the guest account will be linked up to their Azure AD account.<\/p>\n

\u00a0Re-add the new guest account to whatever they were using & their access will be restored.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

I ran across an interesting issue today — Windstream’s got a really awesome SPO site for SD Project Management \u2013 tracking orders, equipment orders, 3rd party cabling installations, etc. The cool part about the site being hosted in SharePoint Online is that a customer can get set up as a federated partner and be granted …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[677,30],"tags":[663,415,747,748],"class_list":["post-5106","post","type-post","status-publish","format-standard","hentry","category-office-365","category-system-administration","tag-azure-ad","tag-sharepoint","tag-sharepoint-online","tag-spo"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/5106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5106"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/5106\/revisions"}],"predecessor-version":[{"id":5109,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/5106\/revisions\/5109"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}