External user sharing
Office 365 allows you to share your content with external users either at the site level, or the folder/document level, and this process is documented nicely here. Where things get tricky is if you need to share a document library or a list with external users, but not give them access to the rest of the site.
A quick permissions primer: you can give external users access at the site level, which gives them access to all the lists and libraries in that site (unless you have explicitly denied permissions from inheriting). If you share a document (or a folder) with an external user, they have access to that document, and that document only, and are only able to access it by the link provided to them.
Sharing lists or libraries
Now that’s all fine and dandy, but what happens if you want to share a document library, or a specific list with an external user without giving them access to the rest of your site?
You get the following error: 😦
In order to share a document library, you need to first give an external user access to your site. Of course, if you share the site with them, they will have access to the document library, but they will have access to the entire site as well – which is more than likely not what you wanted to achieve.
The way around this is to start by sharing a document or a folder with them so that they can log in and be authenticated with their Office 365 credentials, or Windows Live ID.
I’ve created a document that I want to share with my external users – in this case, the document simply informs them that they will be given access to relevant information by an administrator:
Share this document by clicking on the ellipse to the right of it, and then click the Share button:
Type in the email address of the user you’d like to share this file with, choose whether or not you’d like them to be able to edit the file, and click Share.
Note that in this case, I have opted to only allow the user to view the document, as it serves as a boilerplate welcome document for all my external users.
You can check on the status of your access requests and invitations, by going to Site Settings – Access requests and invitations:
Your external user receives an email from Office 365 letting them know that content has been shared with them, and provides a link to open the file, site, or folder.
Clicking on that link takes them to the page where they are required to authenticate – note that if you had enabled guest links or anonymous access, this step is not required.
Your users have an option of signing in with an existing Microsoft account, an Organizational (Office 365) account, or even the ability to create a new account if they don’t have one. This option allows them to use an existing email address as a Microsoft account, they don’t have to sign up for a new email address.
Once they’ve signed in, the user now has access to the document you originally shared. The important thing is that they are now authenticated in your SharePoint site, and can be assigned to a group, or given explicit permissions wherever you need to.
Now, if you go back to your document library, you can pick the external user(s) who have authenticated their sharing links, and give them permissions to the document library.
This exact same method can be used to share a list externally – remember, an external user must authenticate in your SharePoint site before you can add them to a group, or assign specific permissions to them.