External User Access to SharePoint Online Using SharePoint Designer
A few weeks ago, I ran into an issue accessing a SharePoint Online site using SharePoint Designer: I needed to create a workflow on that site collection, but I was continuously prompted for credentials — despite the fact that my account was a site collection administrator. After a few hours of troubleshooting with the Microsoft IT support team, we were able to pinpoint the root cause.
Setup
The client provided site collection administrator access to my account using my work email. In other words, I was able to access the site collection as an administrator while being an external user on their Azure Active Directory. Everything was fine via the web, but once I tried to connect to the same site with SharePoint Designer, I would get continuous (very annoying) prompting.
Steps to Consider When Troubleshooting SharePoint Designer
The below steps are helpful when you are encountering “weirdness” using SharePoint Designer. They did not work for my specific case (and you will see why shortly), but together they create a good troubleshooting checklist to use before you should consider more advanced support. You will likely be asked to do the following steps when you first connect with Microsoft IT support, so completing them and preparing your answers ahead of time could save you 20–30 minutes of discussion with a technician.
- Update SharePoint Designer to the latest version, or uninstall/reinstall using the latest official link
- Install SharePoint Designer Service Pack 1
- Clear the SharePoint Designer cache from the following directories: %USERPROFILE%\AppData\Local\Microsoft\WebsiteCache AND %APPDATA%\Microsoft\Web Server Extensions\Cache
- Sign out of the Account tab on SharePoint Designer
Why Is This Happening?
I should note that the site collection I was given access to was NOT the root site collection and that I had no access/privileges provided there. As you probably already guessed, this was the main cause of my issue. When you are connecting as an external user, SPD will try to authenticate you from the root site collection. Without access to the root site collection, you will fail the authentication request even though you are trying to get to another site collection.
So, let’s look at what can be done to solve this.
Option 1. Request read access for the same external user account you are using, but this time do so from the root site collection. Depending on the organization’s policy, the data hosted, and the IT team you are working with, you may get that granted. Once you do gain access to the root site collection, you will be able to access the initial site (the one for which you are listed as site collection administrator) via SPD.
Option 2. Request a SharePoint license account (if the organization does not wish to pay for an additional Office 365 license) and set that new account as the site collection administrator of the desired site collection. With this option you will be able to access SPD at the non-root site collection without having access to the root site collection.
Hope you find this helpful!
