When an external user access you SharePoint site, they receive nothing more than Issue Type: user not in directory
and a message We're sorry but <e-mailaddress> can't be found in the contoso.onmicrosoft.com directory. Please try again later, while we try to automatically fix this for you.
Hopefully those people inform you when they get this message, because don't trust the message: no one is fixing this automatically...
As an Office 365 consulting company we invite customers as guests into a project site in our SharePoint Online. We get to deal with this issue on a regular basis, but the first time it took us a lot of time to identify the issue.
At the beginning of the project, when we invite them, most of the time they don't ave their own Azure AD yet. We invite them with their company e-mailadress, and some users and up associating a Microsoft account with it. In Azure AD they show up with source Microsoft Account:
Initially, there is no issue and they can log in to our SharePoint Online without problems. When the project progresses, they get their own Azure AD and that's when the problems start...
It gets confusing for them to have both an Azure AD account and a Microsoft Account on the same e-mailaddress, so we removed them from Azure AD and reinvited them. Accepting the invitation, they now show up in Azure AD with source External Azure Active Directory:
Although the old and the new account use the same e-mailaddress, SharePoint doesn't seem to like this process: leaving their access rights or removing it and adding them back, still result in the same error messages.
Solution
Go to https://portal.azure.com -> Azure Active Directory -> Users
, and in the list find the user that is experiencing the login issue. Select the account and click "Delete User".
Switch to https://portal.azure.com -> Azure Active Directory -> Deleted Users
, in the list find the account that you just deleted. Select it and click "Delete Permanently".
In your browser, now go to the SharePoint site that the user would like to access and append /_layouts/15/people.aspx?MembershipGroupId=0
to the url. In the list, find the user account that has an issue and remove it from the list.
Go back into Azure AD and reinvite the user. Return to SharePoint and reassign the required permissions to the user.
Finally done, the guest user can now access SharePoint without a problem!