Out of the box, SharePoint’s policies stop Navo from working with external users. This article will show you how to activate external user support on your SharePoint tenancy.
Create an Azure AD external user group
To grant access to Navo to external users, we’ll first need to add them to an Azure AD Group. If your external users are already in a dedicated group, you can skip this section:
- Open your Azure Portal and navigate to the Azure Active Directory section.
- Click Groups on the left hand side, then click + New Group at the top.
- You’ll want to make a Office 365 Group. Name the group anything you want, and, if you wish, add a description. Under Membership type, the options you will see depend on your Azure Subscription.
- If you have at least an Azure AD Premium P1 subscription, you should see the option to create a Dynamic User group. We recommend using dynamic groups if you can.
- If you don’t see the option for a Dynamic User Group, select Assigned User.
- (Dynamic Group) Click Add dynamic query, and then Advanced rule. Paste (user.userType -eq "Guest") into the query box, click Add query, and then Create. After a few Microsoft minutes you should be good to go and can skip to the next section.
- (Assigned User) If you’re making an Assigned User group, click Create to save the group. Then, go back to the Groups Menu and open your new group.
- (Assigned User) Click Members on the left hand side, and then + Add Members. You’ll need to add all your external users to this group. Keep in mind that any time a new external user is added to your tenancy, you’ll need to add them to this group.
Granting Access to the App Catalog
Once your group is created, we need to give it access to your App Catalog:
- Open up your App Catalog site and find the Permissions Page under Site Settings.
- Open the Apps Visitors group and add the external user group you created.
Once this is done, Navo will start working for external users.
Adding Custom Code Access
If you use custom code in your Navo, it will only work for your external users once you have granted access for them.
- Open up the folder where your custom code is stored.
- Click the Share button in the top right corner, and invite the external group you created earlier.
- (Optional) Set the external group to read only by clicking Site Permissions and switching the rights to Read.