How to Fix SharePoint External Sharing Error: Guest Access Denied
Collaboration in Microsoft 365 often requires inviting external users to access SharePoint Online sites. However, administrators and users sometimes face frustrating errors when a guest tries to accept an invitation with the wrong account. These issues can block access, disrupt workflows, and confuse external partners.
In this SharePoint external sharing error guide, we’ll walk through the common symptoms, explain why they occur, and provide a step-by-step resolution to fix SharePoint external sharing errors.
Table of Contents
Symptoms of the Error
When a guest user attempts to access a shared resource, they may encounter one of the following messages:
- “Access Denied”
- “Let us know why you need access to this site”
- “User is not found in the directory”
- “You need permission to access this site”.
These errors typically occur when the invitation is accepted with a different account than the one originally invited.
Root Cause
SharePoint invitations are tied to a specific email address. If the guest accepts the invite using another Microsoft account (personal, work, or school), SharePoint cannot match the identity. Cached credentials in the browser can also cause mismatches, leading to login failures.
Fix SharePoint External Sharing Error
Determine Which Account Accepted the Invitation
If the guest can access the site:
- Sign in as the external user.
- Click the profile image → My Settings.
- Check the Account field (e.g., i:0#.f|membership|JonDoe@contoso.com).
- If the email is incorrect, proceed to remove the account.
If the guest cannot access the site:
- As a SharePoint Online admin, go to Site Settings → People and Groups.
- Modify the URL to MembershipGroupId=0.
- Locate the external user and copy their profile link.
- Add &force=1 to the URL and open it.
- Review the account email.
Remove the Incorrect External User Account
Follow below steps to remove incorrect external user account.
- Go to Microsoft 365 Admin Center.
- Navigate to Manage Organization-wide settings → Sites and Document Sharing.
- Select Remove individual external users.
- Delete the incorrect guest account.
You can also use below PowerShell commands to remove external users.
$cred = Get-Credential
Connect-SPOService -Url https://<contoso>-admin.sharepoint.com -Credential $cred
$ExtUser = Get-SPOExternalUser -filter "account@contoso.com"
Remove-SPOExternalUser -UniqueIDs @($ExtUser.UniqueId)Remove User Permissions from Site Collections
Even after deletion, the user may appear in search results. To fully remove them from SharePoint Admin Center, follow below steps:
- Navigate to https://.sharepoint.com/_layouts/15/people.aspx/membershipGroupId=0.
- Select the user → Remove User Permissions.
You can also use below PowerShell command to remove user permissions from site collections:
Get-SPOUser -Site https://<contoso>.sharepoint.com | FT –a
Remove-SPOUser -Site https://<contoso>.sharepoint.com -LoginName "live.com#jondoe@company.com"Remove the Account from Microsoft Entra ID (Azure AD)
Use below PowerShell commands to remove account from Microsoft Entra ID using PowerShell:
Install-Module Microsoft.Graph -Scope CurrentUser -Repository PSGallery
Connect-MgGraph -Scopes "User.ReadWrite.All","Directory.ReadWrite.All"
$guestUpn = 'jondoe_contoso.com#EXT#@yourdomain.onmicrosoft.com'
Get-MgUser -Filter "UserPrincipalName eq '$guestUpn'"
Remove-MgUser -UserId <user-id> -Confirm:$falseClear Browser Cache
SharePoint Online relies heavily on browser cookies and cached credentials to streamline authentication. However, this can backfire when a user tries to accept an invitation using a different account than the one cached in the browser.
What to Do
- Clear cookies and site data: This removes stored login tokens and session data that may auto-authenticate the wrong account.
- Clear cache for all browsers used: Especially Chrome, Edge, Firefox, and Safari.
- Include cookies and saved passwords: These are often the culprits behind automatic logins.
How to Clear Cache (Example: Chrome)
- Go to Settings → Privacy and Security → Clear browsing data.
- Select Cookies and other site data and Cached images and files.
- Click Clear data.
- Restart the browser.
Ask users to use an InPrivate/Incognito window when accepting invitations. This bypasses cached credentials entirely.
Reinvite the External User
If a guest accepted an invitation using the wrong account, simply removing them and sending a new invite is often the cleanest fix.
Steps to Reinvite
- Delete the incorrect guest account from SharePoint and Microsoft Entra ID (Azure AD).
- Send a new invitation to the correct email address.
- Instruct the guest to open the link in an InPrivate/Incognito browser window to avoid cached login issues.
Best Practices for Avoiding Guest Access Errors
Confirm Email Address Before Sending Invitations
- Double-check the spelling and domain of the guest’s email.
- Ensure the email is associated with a Microsoft account or Azure AD identity.
Educate External Users
- Let them know which account the invitation was sent to.
- Advise them to avoid using alternate accounts or auto-login features.
- Provide instructions for using Incognito mode if needed.
Audit Guest Accounts Regularly
- Use Microsoft Entra ID (Azure AD) to view and manage guest identities.
- In SharePoint Admin Center, check site-level permissions and external sharing settings.
- Remove inactive or misconfigured guest accounts to maintain security and compliance.
Conclusion
Errors like Access Denied or User not found in directory can disrupt collaboration in SharePoint Online. By carefully identifying the account mismatch, removing incorrect guest accounts, clearing cached credentials, and reinviting users, administrators can restore seamless external sharing.
With these steps, you’ll ensure that Microsoft 365 guest access works smoothly and securely for your organization.
Other Articles
If you like our article on SharePoint external sharing error, you might like other articles on Using Microsoft 365 Copilot in a Shared Mailbox and Email Retention Policy Not Working? A Complete Troubleshooting Guide.
Please join our YouTube channel for the latest videos on Cloud technology and join our Newsletter for the early access of the blogs and updates.
Happy Learning!!