Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Symptoms
Consider the following scenario:
- Your organization uses Microsoft Entra Conditional Access policies for access control. For example, users are required to accept terms of use, or guests are required to use MFA.
- A user in your organization shares a SharePoint site, a list, or a library with a new guest through the Permissions page.
In this scenario, when guests try to access the resource by signing in by using their credentials, they receive the following error message:
Selected user account does not exist in tenant '<tenant name>' and cannot access the application '<application GUID>' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
Cause
This issue is caused by changes in SharePoint sharing invitation redemption for guests. Because of these changes, when a site, list, or library is shared with guests, the guest account isn't provisioned in Microsoft Entra ID. Therefore, guest access to the resource is blocked by the Conditional Access policies.
Resolution
To fix this issue, use one of the following methods:
Method 1
Enable Microsoft SharePoint integration with Microsoft Entra B2B
Method 2
More information
Microsoft is updating the SharePoint Online sharing back-end process to use Azure B2B Invitation Manager instead of the legacy SharePoint Invitation Manager. After the changes are completed, this issue will no longer occur.