![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 67%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | SharePoint | For business | Windows
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIN%3C/text%3E%3C/svg%3E)
Hi @Mudasir Bari,
Welcome to the Microsoft Q&A forum.
I understand that you are experiencing an issue where a specific guest user is encountering a "You need permission to access this site" error, despite being a member of a group that has access.
Based on your information, this error typically occurs when SharePoint cannot validate that the guest user’s current sign-in identity matches the specific account that was granted permissions. Even if the user is part of a group, an identity mismatch or a stale entry in the site’s User Information List can prevent successful authorization.
I recommend performing the following steps to resolve the access conflict for this individual:
1/ Validate the Guest Sign-in identity
- Instruct the guest to sign out of all Microsoft accounts and open the site link in an InPrivate or Incognito window.
- They need to sign in using the exact email address that received the invitation. Access will be denied if they are logged into a different personal or work account that was not explicitly invited.
2/ Check effective permissions
- Navigate to the affected SharePoint site and go to Settings > Site permissions > Advanced permissions settings.
- Click on Check Permissions, enter the guest's email address, and select Check Now. This confirms if SharePoint recognizes the user’s effective rights at the site level.
-
3/ Verify external sharing configurations
- External sharing settings are enforced at both the tenant and site levels. Navigate to the SharePoint Admin Center > Policies > Sharing to ensure organization-wide sharing is permitted.
-
- Then, go to Sites > Active sites and verify that the specific site’s sharing policy is not more restrictive than the tenant policy, as the more restrictive setting always takes precedence.
4/ Refresh the guest authorization flow.
If the guest has never successfully accessed the site, remove their account from the group or site permissions entirely. Afterward, send a fresh invitation. This process clears the legacy SharePoint Invitation Manager data and triggers a modern invitation flow, which is often necessary for Entra ID to sync correctly with SharePoint.
For detailed instructions, you can follow the official article: Collaborate with guests in a site (IT Admins) | Microsoft Learn
I hope this response has helped address your concern. Please feel free to reply if you have any further questions; I would be happy to assist further.
Thank you for your patience and your understanding. I look forward to continuing the conversation.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have any extra questions about this answer, please click "Comment."
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related e-mail notification for this thread.
