Authenticating external users - suggestions

Similar Messages

• INTERNAL and EXTERNAL users authentication via OAM

  Hi ,
  We have a scenario where in a resource is protected by OAM and we want the internal users in the system to access the resource w/o and authentication , However at the same time we want the external users should be challenged by OAM for credentials .
  How to implement such a scenario ?
  Any ideas would be helpful ..
  Thanks
  Sid

  More details (architecture etc) would be needed to suggest any kind of solution.
  Also content served is static or dynamic ? If content is dynamic then backend component (app) would expect identity to be propagated to it. This could be potential issue if internal user wont authenticate.
  If it is static content then you can make use of rewrite rules / rewrite conditions to filter ip address (internal users should have some ip address range). Although you may have to do multiple url rewrite at apache level to by pass authentication.
  One another solution is to implement zero sign on experience via WNA for internal users. WNA would take advantage of user's login to desktop. Hope this helps.

• How to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically?

  Sharepoint 2013 online/office 365.
  I am creating site collection programmatically using sharepoint Auto hosted app.
  Now i want to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically after site collection creation.
  Is it possible through code? If yes please let me know how to do it?
  Najitha Sidhik

  For SharePoint 2013 Online, check below links:
  http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/manage-sharing-with-external-users-HA102849862.aspx
  http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx
  https://www.nothingbutsharepoint.com/sites/eusp/Pages/SharePoint-Online-2013-Sharing-with-External-Users.aspx
  http://blogs.office.com/2013/11/21/sharepoint-online-improves-external-sharing/
  Please ensure that you mark a question as Answered once you receive a satisfactory response.

• Need help with external user authentication

  Hello,
  I need some help to set up an external user authentication in Oracle DB 10g. Using the documentation at
  http://www.oracle-base.com/articles/misc/OsAuthentication.php
  I added the user alex to my linux system and checked the parameter os_authent_prefix:
  SQL> show parameter os_authent_prefix
  NAME TYPE VALUE
  os_authent_prefix string ops$
  SQL>
  I created the oracle user alex using
  CREATE USER alex IDENTIFIED EXTERNALLY;
  as well as
  CREATE USER ops$alex IDENTIFIED EXTERNALLY;
  The parameters in the sqlnet.ora are set to
  NAMES.DIRECTORY_PATH = (TNSNAMES, HOSTNAME, EZCONNECT)
  SQLNET.AUTHENTICATION_SERVICES = (ALL)
  Being the local user alex on the linux server I can login:
  $ sqlplus /
  SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 30 08:56:26 2011
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Connected to:
  Oracle Database 10g Release 10.2.0.1.0 - 64bit Production
  SQL>
  Now using a Windows Client:
  C:\>sqlplus alex@<netservicename>
  SQL*Plus: Release 10.2.0.1.0 - Production on Di Aug 30 10:31:37 2011
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Kennwort eingeben:
  ERROR:
  ORA-01017: invalid username/password; logon denied
  - So, what's wrong?
  - Do I always have to create oracle users with the prefix "ops$" to the local username? How do these users login - with or without the prefix 'ops$'?
  - I read that kerberos authentication is only available through oracle advanced security addon. What about authentication through ldap?

  Obviously it doesn't work from any remote system.
  For this to happen the parameter remote_os_authent would have been set to true.
  Warning: this poses a security risk.
  As far as I know you should have been logged in as alex on the client, and using sqlplus /
  However, from 10g onwards Oracle comes with Oracle Wallet, which stores the password encrypted outside the database in a file, called wallet, and which is accessible from anywhere.
  You would better use that.
  Sybrand Bakker
  Senior Oracle DBA

• How to create external users in SAP EP as authenticated users

  I am able to create portal users  . I would like to know how to acccess automatically login as external users (stored in Cutomized table in CRM).

  Rakesh,
  acccess automatically login as external users (stored in Cutomized table in CRM).
  Firstly, your question is a little unclear.
  Where is your UME pointing to?
  Go to http://<FQDN>:<Port>/irj/useradmin/index.jsp, click on configuration and check the datasource.
  1. If it is for external users you could use anonymous logon
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/cd/1aad4abcb98c4597f9e395a6b62f43/frameset.htm
  2. If you want to use the users exisiting in the CRM system to logon to the portal, then you might have to point your UME to it.
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/7e/a2d475e5384335a2b1b2d80e1a3a20/content.htm
  3. If you intend to use the users exisitng in a custom table in the CRM system, then I guess you would have to customize the UME Data Source .
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/b7/14d43f2dd44821e10000000a1550b0/content.htm
  Hope this helps.
  Cheers!
  Sandeep Tudumu

• Can't Login to SharePoint as an invited External User / Can't Remove All Traces of External User with Microsoft Account

  Hi TechNet,
  I have an MS SharePoint Online (SharePoint Plan 2) team site, quite simple, one document library etc.
  I have successfully added all users (E3) within the organisation to groups, and permissioned correctly.
  I have added myself (separate organisation, also Office 365 E3) as an External User, and have access to the website without any problems by authenticating with my Organization account e-mail address.
  I have a single user (separate organisation, also Office 365 E3), who's setup is identical to mine (Also Office 365 E3).
  However, when this user is added as an External User, they are unable to login, and get "Sign In is not complete":
  That didn't work
  We're sorry, but [email protected] can't be found in the CLIENT1.sharepoint.com directory. Please try again later, while we try to automatically fix this for you. 
  Correlation ID: dc1f7f9c-092b-20b8-7b35-89348ba22f71
  Date and Time: 3/20/2014 7:06:55 AM
  URL: https://CLIENT1.sharepoint.com/
  User: [email protected]
  Issue Type: Partner User Invalid.    
  I then remove the user using the Site Collection, and using the PRofile Manager, and using Remove-SPOUser, and using Remove-SPOExternalUser. Which is great, he's gone. However when I go to add him back to a group, as soon as I type his e-mail address, it
  'Resolves' into his full name! If I have completely(?) removed him form the site, how is he being resolved? And therefore me trying to remove him to re-add him to try and solve the user/directory/auth issue is not working.
  Furthermore, upon clicking on said client's username inside SharePoint (after I've 'added him back' of course), his ID, in format: i:0#.f|membership|live.com#[email protected] has an entirely different e-mail address, his Microsoft Account! 
  I'm assuming he must have been already signed into his Microsoft Account when he clicked on the External User e-mail invite? If so, I clearly do not want this, how can I remove lal traces of his Microsoft Account, given that I have gone to the lengths as
  detailed above?
  I have already completed these steps: http://community.office365.com/en-us/forums/148/p/228263/709905.aspx
  Some possible further reading regarding Microsoft ID's and Organization ID's:
  http://sergeluca.wordpress.com/2013/09/23/sharepoint-online-and-external-users-this-invitation-has-already-been-accepted-with-another-account-bug-or-feature/
  Please let me know if you need any more information regarding this issue, and thanks in advance to anyone who can shed some light on this situation for me and anyone whom encounters it in the future.
  Regards,
  Evanly.

  Hi Scott,
  Thank you so much for taking the time to read and respond to my issue.
  Certainly, it makes sense that regardless of where the invitation it sent, the user would authenticate with their Microsoft ID.
  In my case, I want the user to authenticate using their Microsoft Organisation ID, that they use for their seperate Office 365 account.
  This is the way I was able to log in, and worked great. With my client, they are unable to access Sharepoint because once they sign in with their Microsoft Organisation / Office 365 ID, they are told they are not in the directory, because their Microsoft
  ID is in the directory and it doesn't match up.
  I am simultaneously trying to 1) Remove all traces of this users Microsoft ID, which so far using the above steps, has been unsuccessful; and 2) Invite the user using his Microsoft Organisation ID, and have him authenticate with that (which is proved to
  work, as my account uses this).
  Looking forward to any more suggestions. Thanks in advance!

• Lyncdiscover reports HTTP 500 Internal Server Error for external users

  Hello,
  I have a problem providing lyncdiscover information for external Lync users. The same address works internal (prompts for file download) so I believe the problem is UAG/TMG providing the site which is not my cup of tea. I have a working external lyncdiscover
  for other domain in the same Lync + UAG/TMG server environment. I have also checked the public DNS records few times and everything should be fine. Firewall also shouldn't be an issue since it reports the internal server error, right? Any suggestions what
  should I check?

  more information based on Lync Autodiscover Web Service Remote Connectivity Test.
  Testing HTTP authentication methods for URL https://lyncdiscover.domain1.com/Autodiscover/AutodiscoverService.svc/root/user.
  HTTP authentication methods successful.
  Additional Details
  Testing HTTP content for URL https://lyncdiscover.domain1.comi/?sipuri=[email protected] has
  token="User".
  HTTP content isn't verified.
   <label for="testSelectWizard_ctl12_ctl06_ctl00_ctl04_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  HTTP 200 status received from server, but no token="User".
  Elapsed Time: 203 ms.
  The same result goes for the other domain that provides the lyncdiscover information correctly for external users. It doesn't seem to solve the root cause but might help to understand
  the problem.

• Project Online External User Access

  Hello,
  I'm testing the Project Online Preview and I would like to share the deliverables list on a project site with an external user (a client for example); so I configured the site collection with Project Web App to the "Allow
  external users who accept sharing invitations and sign in as authenticated users" option. Then I tried to share the list with an external e-mail with a Microsoft account, but the invitation email was not sent.
  External Sharing on SharePoint admin Center is configured on "Allow both external users who accept sharing invitations and anonymous guest links"
  and my PWA site works in S"harePoint Permission Mode".
  The same procedure on a classic SharePoint site collection work perfectly.
  Any suggestions, please?
  Matteo

  Hello,
  I got some of the external users to work.  I am still trying to sort it out, but thought I will give you what I found.
  The external user that I got work was another user in another domain, but the account was separate domain in a Office365.  I have not been successful so far with an external account, that was not part of the Office
  365.
  Here is what I did to get it to work.
  1) Login into an Office 365 account.  Let's call it OFFICE999.
  2) Then paste the link from my PWA site into browser.
  3) Access was denied, but page provide me a link to Request Access
  4) Then jump to my Office 365 account with PWA. Went to the PWA site and click on Settings icon and then site settings.
  5) click on "Access request and Invitation"
  6) under the Pending request, approved user and put the user as "Project Web APp Visitor"
  7) Jump back to the Office999 and read my email, click on the link.
  8) I got access denied again
  9) When back to Office 365 PWA Admin account and added user to PWA users
  10) went back to Office999 account, refreshed the screen and get access to PWA site,
  11) BUT it says account doesn't have a LICENSE.  So I am at that point trying to find out how to give an external user a license.
  Cheers!
  Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
  Website http://www.WhartonComputer.com
  Blog http://MyProjectExpert.com contains my field notes and SQL queries

• TWO_TASK parameters prevents OS authenticated DB user

  Hi All,
  I am facing problem while connecting an OS authenticated database user.
  I am installing an application which first sets TWO_TASK parameter to the database name (e.g. TWO_TASK=DMDB .Here DMDB is also ORACLE_SID) and then tries to connect to database with a user (say appuser) which is externally authenticated by OS.
  But the connection fails with an error:
  ERROR:
  ORA-01017: invalid username/password; logon denied
  SP2-0751: Unable to connect to Oracle. Exiting SQL*Plus
  I am working on SunOS and Oracle db is 9iR2.
  Also note that database authenticated users are still able to connect.
  This user(appuser) is created by the application itself as external user and hence cannot be modified.And in this scenario TWO_TASK variable cannot be unset.
  Please help. Thanks in advance...
  Also suggest whether I need to configure sqlnet.ora( I haven't done yet) ??
  remote_login_passwordfile=EXCLUSIVE
  Regards,
  Saket Bansal

  Hi hemant,
  remote_os_authent = FALSE
  But hemant ,do I need to bother for this parameter when I am connecting through server itself.
  I would like to bring into ur notice that problem is relatde to TWO_TASK.
  Please view the below commands and their responses.
  root@chbdat4 # su - appuser
  Sun Microsystems Inc. SunOS 5.9 Generic May 2002
  You have new mail.
  $ sqlplus /
  SQL*Plus: Release 9.2.0.5.0 - Production on Fri Jun 12 12:14:02 2009
  Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
  Connected to:
  Oracle9i Enterprise Edition Release 9.2.0.5.0 - 64bit Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.5.0 - Production
  SQL> exit
  Disconnected from Oracle9i Enterprise Edition Release 9.2.0.5.0 - 64bit Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.5.0 - Production
  $
  $
  $ TWO_TASK=DMDB
  $ export TWO_TASK
  $ echo $TWO_TASK
  DMDB
  $ sqlplus /
  SQL*Plus: Release 9.2.0.5.0 - Production on Fri Jun 12 12:14:38 2009
  Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
  ERROR:
  ORA-01017: invalid username/password; logon denied
  Enter user-name:
  This shows that connection is not made when TWO_TASK is set.
  Setting of this variable cannot be avoided since it is set by the application itself.
  Please suggest a solution for this.
  Regards,

• External Users not able to login to Essbase Admin Services.

  Hi,
  We are facing strange problem in one of our Essbase 9x environments. In this environment, we installed Shared Services, Essbase Admin Services in one server and Essbase in another server.
  We configured MSAD and provisioned some users. Now, these users are able to login to Essbase, Shared Services without any issues but not to EAS. Whats more strange is, Native users are not facing any issue while logging to EAS, Essbase. Just externally authenticated users are having this problem.
  We checked the logs, but nothing to deduct from them. The EAS screen is just hanging as soon as credentials are entered. We did lot of troubleshooting and even Oracle Support is working
  and is of the opinion that the issue is because we installed EAS Console on Virtual Machine which is out of their policy.
  Any suggestions are welcome!!
  Thanks,
  PM

  Guys,
  I found something that may help or you may have seen this and rectified it already.
  When i started the services in foreground, External users are able to login.
  This is what i got in the cmd prompt.
  INFO: Installing web application at context path /hbrlauncher from URL jar:file:
  F:\Hyperion\AnalyticAdministrationServices\deployments\Tomcat\5.0.28\webapps\hbr
  launcher.war!/
  Jan 6, 2012 11:17:29 AM org.apache.coyote.http11.Http11Protocol start
  INFO: Starting Coyote HTTP/1.1 on http-10080
  Jan 6, 2012 11:17:29 AM org.apache.coyote.http11.Http11Protocol start
  INFO: Starting Coyote HTTP/1.1 on http-10090
  Jan 6, 2012 11:17:29 AM org.apache.catalina.startup.Catalina start
  INFO: Server startup in 18952 ms
  !!!Setting HBR appname to : HBR:XYZSERVER
  2012-01-06 11:19:39,843 WARN http-10080-Processor23 com.hyperion.hbr.core.Access
  ControlManagerServer - Error authenticating user in UserServerManager.
  2012-01-06 11:19:39,843 WARN http-10080-Processor23 com.hyperion.hbr.core.UserMa
  nagerServer - Error authenticating user in UserServerManager.
  PM

• Office 365 + Sharepoint Login page Branding + external user

  Hi,
  I have found, way to branding login page in Office-365 on this link
  http://technet.microsoft.com/en-us/library/dn532270.aspx 
  Is branding is possible to log-in in office 365 share point  of Organization accounts  and as well as external user also log-in through custom branding log-in page?
   i have required custom branding for office 365 login page for external user??
  please suggest me to full fill my requirement.
  Thanks in advance
  anuj

  Hi,
  According to your post, my understanding is that you want that external user log-in through custom branding log-in page.
  You don’t need to custom branding for office 365 login page for external user.
  You can custom solution to capture user credentials and pass them to master login page.
  Please refer to the official article related, hope you could find something useful from it:
  Remote Authentication in SharePoint Online Using Claims-Based Authentication
  Remote Authentication in SharePoint Online Using the Client Object Model
  Authentication with
  SharePoint Online and the Client Side Object Model
  Regarding Office 365, for quick and accurate answers to your questions, it is recommended that you initial a new thread in Office 365 forum.
  Office 365 forum
  http://community.office365.com/en-us/forums/default.aspx
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Public SharePoint Online Site with External User Portal

  Hello Everyone,<o:p></o:p>
  My company switched over to Office 365 a few months ago, and now would like to start using our Public SharePoint site to share information (documents
  pertaining to their orders/drawings/etc.) with our customers (external users).<o:p></o:p>
  <o:p> </o:p>
  I have seen documentation on how to share documents with individual users, but we were looking to do something a little bit different. We would ultimately
  like to have a public site with generic company information (like hours, about us,directions etc.) that anyone can see.
  We would also like to use SharePoint as almost an "FTP type" service where we could post documents and share them with individual
  external
  users. HOWEVER, instead of sharing individual documents, we were wondering if there was a way that an external user (that we have granted
  access) could sign into the public SharePoint site, and then see information that ONLY pertains to them.
  I have been doing some research on this, and I haven't seen that anyone else has tried this. Has anyone had any luck? Or would you have suggestions on how to make
  this work? I had originally posted this question on the Office 365 SharePoint forum, and they suggested posting this question here. Any help would be appreciated. Thanks!

  Hi,
  did you finally manage to get what you requested here above ? Indeed, I am also struggling to set up the same (public website with individual content sharing with external authentified user).
  For external user, I am quite sure that we need to go through MS ID creation (I have created some test users using https://login.live.com).
  Our public website is done and (almost) working. I have then created a sub-site for the same, this one to manage permission based on authentified user
  But I am stuck when trying to assign a document library with relavant permission.
  Would be great to share our feedback and I have searched a lto on the web and did not find any satisfying answer to this design (If there is any... here is my doubt...)
  Thanks in advance
  stef

• SharePoint 2013 CAL and External users

  Hi,
  We are setting up an extranet site(SharePoint 2013 standard version) on Rackspace, Both employee and non-employee will use this site. Employee will use company existing SAML 2.0 based authentication and non-employee will use FBA to login to
  the portal.
  I would like to know if we need to buy CAL for external users(non-employee)? What is the definition of external users?
  Thanks,
  Pat

  Check out this post and this should answer all you questions. 
  http://social.technet.microsoft.com/forums/sharepoint/en-US/0756aaa7-b307-4793-b019-bc58d4ace8b2/sharepoint-foundation-fba-on-internet-licensing
  Thanks, Danny Hickman IT Support Specialist

• Sharepoint 2013 - domain configuration, external users, creating subsite in site collection, moving subsites

  Hello all, first of all thank you for reading this post. Please bare with me, I am new with this environnement. I have had several problems in past week trying to configure a local sharepoint server 2013, most of it went well but now I am stuck and I badly
  need help! I intend to make sharepoint available through the Ethernet connection in my office.
  Here is my config:
  Sharepoint 2013 (local)
  Microsoft SQL 2012
  Microsoft Server 2012
  I am able to access the sub-site I created in the Sharepoint Central Administration Web Application.
  My first problem is, I created another Web Application with the following URL config http://intranet.[domain].com but I am not able to access it through my browser. It seems to point to bad IP I probably configured accidentally a CNAME on my hosting Cpanel
  with the IP 192.168.1.199. So, When I ping the URL I do not get any connection. Just that it couldn't connect to 192.168.1.199. Now I added a CNAME on my CPANEL for the URL http://intranet.[domain].com --> 127.0.0.1. Is this the correct way to do it?
  More information: The DNS manager has been configured following this tutorial:
  Create SharePoint 2013 Web Application
  http://www.youtube.com/watch?v=yW7LT99eUMs
  I am not too sure of the proper configuration for the IIS Manager.
  Anomymous Authentication is enabled
  Windows Authentication is enabled
  Everything else is disabled.
  My second problem is that I cannot invite any user to the site. Even the one that have the email corresponding to our domain. Will I be able to invite parent domain users if the Web Apllication is properly configured with the CNAME on the Cpanel?
  I tried to activate the External user invitation feature from Site Collection Features but it's not in the list. I am logged in as an administrator but next to the wrench it says "System Account" (with an arrow pointing down) so I guess this is
  the "logged in user as..."? Am I missing something here?
  Any advices would be greatly welcomed. I've run out of ideas.
  Much appreciated,
  Herb

  Hello Ramu, thank you for your fast reply.
  Quote Ramu: "You have to create A record called intranet.your-domain.com points to your SharePoint Server
  IP and also loop back ip address in the host file entry on the SharePoint server(127.0.0.1  intranet.SharePoint.com)"
  Is this a record on our corporate website Cpanel? What should I put in the "Address" field of
  the Record (we do not have static IP)?
  For the loop back, is this on the DNS Manager of our local Sharepoint 2013 server?
  Quote Ramu: "3.
  if you want to publish this externally, then your site needs to publish in your Network and it should points to your public static IP in your public domain control panel(Cpanel)."
  In the first scenario where I only want intranet access, should everything be OK with the above mentionedconfiguration a DNS Record:
  Which address should it be for the record?
  Should I assign a fix IP to our server like 192.168.1.55?
  What if another desktop computer gets an IP conflict with the server
  fix IP, or what if we have to shut down the server everyday will the server IP change ?
  General question: From what I understand, it is possible to put a DNS Record on the public Cpanel from our corporate website with a local IP that will only be resolved
  if accessed through the local network? Ex.: Name: intranet.[our-corporate-public-domain].com, Address: 192.168.1.55 ?
  Much appreciated RAMU.
  Regards,
  Herb

• All external users are missing in Shared services.

  Hi All,
  We are on Hyperion System 11.1.2.. Today all of a sudden in production users are not able to log in. So logged in as admin (native user) to see whats going on. Surprised to see that all the groups are empty and all the users are removed from all groups. So when tried to add back its unable to find the external users.
  So some thing is wrong with external users.
  Any suggestions on how to fix or any one experienced similar issues?

  Got this same error in Shared Services 11.1.1.3 Was due to an Active Directory Domain Controller being decommissioned Here is a fix you might try, It basically refreshes your user database connection
  Log into Shared Services
  Click on “Administration” on the “Shared Services” toolbar
  Click “Configure User Directories
  Check the Radio button next to “Active Directory” (or the db your are experiencing the error) and then click “Edit”
  The next screen displays the connection info for “Active Directory”(or the db your are experiencing the error), nothing to change here, just click “Finish” and the connection refresh should start
  Re-start All Services
  Verify that you can now look up an external user without error