SharePoint Online: How to Add External User using PowerShell?
Requirement: Add External User to SharePoint Online using PowerShell.
How to add an External User to SharePoint Online?
SharePoint Online provides an excellent solution when you have to share any site, list, library, or document with users outside your organization, such as vendors, clients, or partners. Before granting access to external users in SharePoint Online, we must ensure external sharing is enabled both at the tenant and site levels.
In this article:
Even though you allow external sharing at the tenant, external access is turned OFF in classic sites and communication sites to prevent sensitive information and avoid security risks. On group-connected SharePoint team sites, it’s “New and existing guests” at the site level. (More on enabling external user access to SharePoint Online: How to Enable External Sharing in SharePoint Online? Confirm it is not set to “Only people in your organization”).
If your Organization level external sharing setting is “Existing guests” in the SharePoint admin center, you must first add the external user to your Active Directory! (or invite guest users to Organization’s Azure AD, in other words!). “New and existing guests” allows any authenticated external user.
Add External User to SharePoint Online Site
How to provide access to external users in SharePoint Online? Well, here are the steps to add external users to SharePoint:
- Login to your Modern or classic SharePoint Online site as site owner >> Click on the “Share” button from the top-right section of the page.
- In the Share site pane, Enter the name of the user or Emails of external users, make sure the “Send Email” checkbox is ticked, Optionally enter any message to the user, and click on the “Share” button at the bottom. This triggers an Email to the external user with a link to accept the invitation.
A link to the site, document library, folder, or document will be emailed to the recipients. They can sign in with a Microsoft account or A work or school account in Azure AD from another organization. If they use non-Microsoft email accounts (such as Gmail), they’ll get prompted to create a Microsoft Account and password for the first time. External users are typically added to your Azure Active Directory as guests, and permissions and groups work the same way for them as they do for internal users.
SharePoint Online Add External User to Group
How to add an external user to the SharePoint group? To share a SharePoint site with an external user(s) by adding them to groups, follow these steps:
- Go to the site >> Click on Settings >> “Site Permissions”>> Advanced permission settings.
- On the Site Permissions page, click on the relevant group. You may not want an external user to have the “Full Control” permission level. So, select the “Members” group.
- Click on the “New” button in the toolbar >> “Add users”>> Type the name of the person or email and click share, to add external users to the SharePoint Online group.
If the user is added to your tenant for the first time, An invitation will be sent to the external user’s email address, inviting them to access the SharePoint site. Once they accept the invitation, they will be added to the site as an external user. When you share a file or folder, external users will be prompted to enter a verification code sent to their email address by Microsoft. If you share a site with external users, they may have to enter their username and password (i.e., credentials) to proceed.
Once added, they become group members and inherit the permission level configured for the group. It’s a best practice to share the site alone instead of adding external users to Microsoft 365 groups. Because adding them as group owners also grants them access to other resources like Planner, Group Emails, Teams, etc.
Similar steps involved sharing a SharePoint document library, folder, or file with external users. Just hover over any existing document and click on the “Share” icon. You can optionally set the expiration date for the link.
Add Guest user to SharePoint Online site using PowerShell
Use this PowerShell script to add an external user to the SharePoint Online site:
#Parameters
$AdminCenterURL="https://Crescent-admin.sharepoint.com"
#Setup Credentials to connect
Connect-SPOService -Url $AdminCenterURL -Credential (Get-Credential)
#add guest user to sharepoint online site
Add-SPOUser -Group "Marketing Visitors" -LoginName "George@NationalAquarium.com" -Site "https://Crescent.sharepoint.com/sites/Marketing"
Don’t forget to change the site URL, group name, and login name parameters in the script!
SharePoint Online PowerShell to Add External User to Group
Let’s add an external user to the SharePoint Online group using PnP PowerShell:
#Set Config Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/SalesPortal"
$GroupName = "Sales Portal Members"
$ExternalUserEmail = "Salaudeen.Rajack@Gmail.com"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials (Get-Credential)
#PowerShell to Add External User to group
Add-PnPGroupMember -Identity $GroupName -EmailAddress $ExternalUserEmail -SendEmail
Please note, only the user account objects are eligible for guest user access. You can’t invite a distribution list or shared mailbox to the external sharing! If you want to invite an external user to SharePoint Online using PowerShell CSOM, use: How to Share a SharePoint Online Site with External Users?
Conclusion
Adding external users to SharePoint Online is a straightforward process that can be done by any administrator of the site. By following the steps outlined in this guide, you can easily invite external users to access your SharePoint site, and set the appropriate permissions for them. For bulk user management and automation, You can use PowerShell to add external users to SharePoint Online. This allows you to share information and collaborate with external users, while still maintaining control over who has access to your organization’s data.
We must enable external sharing at the organizational level to allow an external user access to SharePoint Online. To do this, go to the SharePoint admin center and click Sharing. Our next step is to select the appropriate external sharing option, such as authenticated external users or anonymous external users. Once external sharing is enabled globally, we also have to turn ON the external sharing at the site level. Finally, we can share a SharePoint site externally by going to site permissions and adding the external user’s email address. We can assign proper permissions to the user and send them an invitation to access the site. How to allow guest access to SharePoint Online?
Yes, someone needs to have either a Microsoft Account (Free account) or Work/School account to be able to access a SharePoint site. However, if the external user does not have a Microsoft account, they will need to create one to access the SharePoint site.
To share files externally in SharePoint Online, we can navigate to the document library where the file is located and click on Share. Then we can enter the external user Email and set the permissions such as Read or Edit and generate the link to share. Once we have created the link, we can copy it and share it with external users via email or other means. It’s important to note that external sharing must be enabled at both the organization level and the site level to share with external users!
External users do not need a SharePoint license to access SharePoint Online. According to Microsoft’s official licensing definition, an external user is a user that is not an employee or an onsite contractor of the organization. SharePoint Online allows unlimited external users to be invited into the extranet as long as they are simply logging in to access content. External users can take full advantage of SharePoint Online features without requiring a SharePoint Online license.
To make a SharePoint site public, we can navigate to the site and add “everyone” to the site visitors group. This will make the site public within the organization. If we want to make the site public to external users, we need to add them as guests first. We can also change the site’s privacy settings from private to public by going to the site information page and selecting the option to change the privacy settings. However, You can’t make a SharePoint Online site as a Public internet site!
To add an external user to a SharePoint group, we can navigate to the SharePoint site and go to the group to which we want to add the user. Then we can click on the group name and select the option to invite users. We can enter the external user’s email address and select the appropriate permission level for the user. Once we have entered the user’s information, we can click on the Send button to send the invitation to the user. We can also add an external user to a SharePoint group using PowerShell.