search

opencdms-project / project-advisory-team

👥🗎 This repository is managed by the OpenCDMS Project Advisory Team (PAT) - see additional information under the wiki tab
https://www.opencdms.org/approach/groups/project-advisory-team/
2 stars 1 forks source link

Experiences with using SharePoint / Office 365 #27

Open isedwards opened 4 years ago

isedwards commented 4 years ago

The decision to use the Met Office SharePoint facility for real time authoring of documents and spreadsheets (#25) will be reviewed in 6 months time.

This issue is intended to collect information on people's experiences using the solution as part of our evaluation.

volloholic commented 4 years ago

There have already been problems accessing files. There seem to be a number of reasons behind this. For me it may be because my Microsoft account is not the same as my email, error provided below. These might be just teething problems but my recent experience is that such problems tend to persist on collaborative projects with teams across organisations.

AADSTS50177: User account 'd.a.stern@idemsinternational.onmicrosoft.com' from identity provider 'https://sts.windows.net/bda0a4ae-572b-4d8e-8ea4-826e69dc83d0/' does not exist in tenant 'Met Office' and cannot access the application '00000003-0000-0ff1-ce00-000000000000'(Office 365 SharePoint Online) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Steve-Palmer commented 4 years ago

The jargon about tenants and Azure Active Directory is horrible! But to put it more simply, access to a Sharepoint site (and all the associated resources including Teams, group email and Yammer social media) depends on each person having a Microsoft account, and that account has to be registered on the Azure Active Directory under which the Sharepoint site is registered. So for a Met Office Sharepoint site, each user has to have registered a Microsoft account on the Met Office Azure Active Directory.

If you already have a Microsoft account then it is simplest and easiest to use that. You will already have a Microsoft account if you have either a personal or a company registration for Microsoft Windows and/or Office. It might look a little worrying, because the registration process will ask you to sign in to your Microsoft Account (which will use your company password), but Microsoft have set up the Azure system so it passes tokens and not the passwords themselves. This means you can simultaneously be a member of your company Sharepoint/Azure system and a member of a Met Office external group, and the Met Office Azure Active Directory only holds a link from your company Azure Active Directory.

You can register a personal Microsoft account (free) with any email address, or you could set up a new email account using the free outlook.com service. This will be a personal registration on the Microsoft Azure Active Directory (which then links to the Met Office Azure Active Directory as before).

Some company Microsoft accounts may be set up to prohibit this type of external group working. If so, you will receive error messages when you try to register with either Sharepoint or Teams. In that case, you should set up a separate personal Microsoft account.

jaggh commented 4 years ago 
Adding to Steve's valuable info, just in case it can help others:
  Also valid e-mail accounts for registration are those for other
  services provided by the Microsoft group, such as Skype or GitHub.
  (I finally succeeded using this latter)