April 22, 2020 3 min to read

SharePoint and OneDrive integration with Azure AD B2B

SharePoint and OneDrive integration with Azure AD B2B

Azure AD B2B one time passcode feature gives as a wonderful familiarity through this feature you can invite and share the files with the external/guest user who is not having a work or school account or Microsoft account then the external/guest user can access the source with the one-time passcode.

What is one-time passcode?

One-time passcode is valuable for the external/guest users who didn’t carry out a Microsoft account. Using this one-time passcode feature you can share the files, folders, list item, document library and sites to the external/guest users. This one-time passcode will be sent to their email account and the code is valid for 30 minutes and they can authenticate with this code.

Guest user will receive the one-time passcode only if:

• They do not have an Azure AD account
• They do not have a Microsoft account
• The inviting tenant did not set up Google federation

Advantages of Azure AD B2B include:

• When Invited external users authenticate with the one-time passcode then their account will get added in the Azure AD as a guest user and are subject to Azure AD access policies such as multi-factor authentication.
• The external user no need to have Microsoft account
• SharePoint and OneDrive sharing are based on Azure AD organizational relationships settings, such as Members can invite, and Guests can invite.

How to enable one-time passcode:

To enable one-time passcode please follow the below steps

1. Go to Azure portal as an Azure AD Global Administrator
2. Go to Azure Activate Directory
3. Inside Manage go to Organizational Relationship
4. Settings
5. Enable Email One-Time Passcode for guests (Preview) → Yes

This setting might take a few minutes to activate.

How to enable SharePoint and OneDrive integration with Azure AD B2B?

To opt into the SharePoint and OneDrive integration with Azure AD B2B follow the below steps

1. Install the latest version of the SharePoint Online Services Module for Windows PowerShell (minimum version 8924.1200).
2. Connect with SPOService,
3. And type the code which is highlighted in the below image It shows the warning to enable the Azure Ad one-time passcode (preview), we already enabled this setting in the above steps.

Sharing SharePoint folder with the external user:

Here we are going to share the SharePoint folder with external users who don’t have Microsoft account and look at how the external user will authenticate with the help of one-time passcode.

1. How to share the SharePoint folder with the external user?

We can share the SharePoint folders with the external user which is shown below.

2. How the external user will opt-in into the SharePoint site?

Now the external user will receive the SharePoint folder sharing details.

During the sharing link validation, OTP sent to the email.

Now the external user needs to accept the review permission.

That’s it, the external user can access the SharePoint files with their Gmail account itself.

The user account will be added in our Azure AD.