Adding Social Capabilities for Office365/SharePoint Online External Users

This is the third in a series of posts exploring the limits, boundaries, options, and possibilities with external users in Office365/SharePoint Online. In this post, I’ll show how you can use audiences to provide basic social capabilities for external users.

Overview

As shown in the first post in this series, you can give external users the capability to view and edit their profiles, as well as update their profile picture. However, since external users are not allowed to create personal sites, they do not have access to social features such as following people or documents, or the newsfeed. They don’t have the personal site for storing this data, so it is effectively unavailable to them. External users do not have access to the Newsfeed page in the MySite Host (default.aspx). If they try to access that page, they are automatically redirected to the About Me page (person.aspx).

This post will describe how to enable tags and notes for external users, and how to give external users basic microblog capabilities on their About Me page.

The External Users Series:

  1. Profile and Pictures for External Users
  2. Audiences for External Users
  3. Adding Social capabilities for external users (this post)

Prerequisites

Before starting, make sure you’ve read the first two posts in this series, and have enabled profiles for your external users, and created audiences for Internal Users and External Users (as described in the second post in this series).

Enabling Tags and Notes

The first step to getting basic social capabilities is to enable Tags and Notes in the User Profile Application in Tenant Administration. Just as I showed for enabling profile editing, you can change the permissions for external users and grant them access to Tags and Notes functionality.

Granting social permissions

Granting social permissions.

What happens if external users don’t have this right? First of all, they won’t be able to get to their About Me page (they’ll still see the My Settings link). Next, if there is a Note Board web part on a page, they will only see the web part title (the actual Note Board will not show up, no message or anything).

Disabled Note Board

Only the web part title appears.

Finally, in the ribbon, the Tags and Notes button will be disabled.

Tags and Notes Button

The Tags and Notes button is disabled without social permissions.

Setting Enterprise Keywords on a document will work without this permission, since it doesn’t use Social Tags, just the Managed Metadata term set.

Enterprise keywords

Enterprise keywords work without this permission.

Creating a Second MySite Host for External Users

Once you’ve enabled the permissions on the User Profile Application, the next step is to create a second MySite Host site collection to use just for external users. The reason for doing this will become clear in a little bit.

To create a second MySite Host, you’ll have to be a bit clever with Office365. If you try to create a MySite Host site collection from Tenant Administration, you’ll get an error message:

The My Site Host template is not available for new site collections in SharePoint Online. A My Site Host site collection was automatically created for you when you signed up.

MySite Host Error

Error when creating MySite Host from Tenant Admin.

To get around this, choose the Custom Tab, and the Select Template Later option. This will create the site without a site template (blank site).

Custom template

Choose a template later.

Once the site collection is created, navigate to the newly created site, and you’ll be prompted to select a template. Choose the MySite Host template and you won’t receive an error this time.

Select Template

Select the template. This time no error occurs.

Since you don’t have configurable managed paths, you can use use the /sites path, and create a url similar to https://yourdomain.sharepoint.com/sites/externalprofiles.

Configure Trusted MySite Host Locations

If you are familiar at all with globally distributed SharePoint On-Premises deployments, you know that you can have multiple UPAs and MySite Hosts in different geographic regions to improve performance. Well, Office365 still has this concept active in tenant administration. We’ll use this to ensure that any time a profile of an external user is accessed, the viewer will be redirected to the MySite Host for external users. This enables us to customize the user experience for external users, while leaving the original MySite Host for internal users relatively untouched.

To setup a Trusted MySite Host location, navigate to Tenant Administration > User Profiles > Configure Trusted Host Locations. Add a new link to a trusted MySite Host, specifying the absolute url to the newly created MySite Host, and use the External Users target audience that was created as a prerequisite.

Add Trusted MySite Host

Add Trusted MySite Host link.

Once this is configured, anyone viewing an external user’s profile will be redirected to the MySite Host for external users. The following table describes where users are redirected when viewing profiles with this configuration in place:

Viewer Profile Being Viewed MySite Host Used
Internal User Self Original MySite Host
Internal User Other Internal User Original MySite Host
Internal User External User External MySite Host
External User Self External MySite Host
External User Internal User Original MySite Host
External User Other External User External MySite Host

Fixing 403 Errors When Viewing Profiles

As explained in the issues section of the first post in this series, when external users try to view the About Me page (person.aspx) of any other user, they are given an unforgiving 403 forbidden message. The reason they get this message is that something inside the Activity Feed web part on that page is throwing an AccessDeniedException. Now that we have audiences setup for our external users, we can clean this up.

Navigate to person.aspx on both MySite Hosts, as a Site Collection Admin, or someone with Owners rights to the root site. From the gear icon, choose Edit Page. Find the Activity Feed web part, and edit it.

Edit Activity Feed web part

Editing the Activity Feed Web Part properties.

In the Advanced section of the toolpane, find the Target Audiences field, and enter the Internal Users audience created as a prerequisite to this effort, and click OK. You want to hide this web part for external users to prevent the 403 error, but keep it displayed for internal users.

Audience Targeting

Targeting to Internal Users only.

Note:

There isn’t really a way to exit Edit Mode of the page. You’ll just have to navigate to a different page, and then back to person.aspx.

Once set, internal users can see the Activity Feed of other internal users, but external users will not see the activity feed for internal or external users, and will not get the 403 forbidden error anymore.

Adding Social for External Users

Since external users don’t have a personal site, and can’t create one, they don’t have the personal storage area necessary for a personal Newsfeed. Getting a Newsfeed web part to work for external users is just not possible. As a workaround to providing social microblogging capabilities, the older Note Board web part is still available, and can be used as a substitute to give external users additional social capabilities.

To add the Noteboard Web Part, login to the external MySite Host as a site collection admin, and navigate to person.aspx. From the gear icon, choose Edit Page. click to Add a Web Part, choose the Social category, and add the Noteboard web part. Move it under the Activity Feed web part. Again, since you can’t exit edit mode, just navigate to another url and then back to person.aspx to see your changes applied.

When done, your external users will have basic microblogging capabilities through the Noteboard web part, and both external and internal users can exchange notes when visiting external user profile pages.

Social for external users

Social for external users.

Benefits and Drawbacks

Ok, so this is all admittedly pushing it a bit (especially the workaround to creating another MySite Host), and I doubt Microsoft has expected its customers to go this far down the road with external users. There are a few drawbacks to this approach which I’ll outline in a bit, but there are also some benefits to having this configurability, and I think it’s worth highlighting so that Microsoft can see the use cases here and continue to improve on the external user experience.

For benefits, obviously having the social capabilities is a big win, especially for companies that have very close relationships with contractors or embedded partners/vendors. Having a second MySite Host site collection enables you to take it even further, and brand the external MySite Host differently to further highlight the fact that these are external profiles being viewed. Conceivably, you could even have multiple MySite Hosts for different kinds of external users (vendors, partners, contractors, clients) and use audience targeting to send people to differently branded MySite Hosts. You could control the email addresses used for the Microsoft Accounts, and create audiences specifically looking for parts of that email address (e.g. somepartner@yourdomain-partners.com, someclient@yourdomain-clients.com).

For drawbacks, they are mostly minor. Here are a few I’ve noticed:

  • When external users use the Noteboard, the status icon next to their name shows the full sprite image shrunk down, instead of just the offline part of that image.

    Broken Status Icon

    Broken status icon.

  • External users receive an email that someone has left them a note. if the person leaving the note was an internal user, the text of the email provides links to leave a Note on the internal user’s profile. When clicking this link, the external user is taken to the About Me page of the internal user (on the original MySite host), and there is no Noteboard on this page to leave a note).

    Noteboard email

    Noteboard email.

  • If an external user views an internal user’s profile, and clicks the link to “Mention me in a post”, they are taken to the external MySite Host’s Newsfeed page (default.aspx). There they will either see a Newsfeed web part that will not work (most functions will throw an error), or will see the message that the social features are being setup (the typical experience before the personal site has been created). To get around this, I would suggest adding a Script Editor web part to this page, targeted to external users, with a javascript redirect to person.aspx.

    Broken Newsfeed

    Broken Newsfeed.

  • If an internal user ever navigates to default.aspx of the external MySite Host, he/she will see a typical Newsfeed page, however some of the links in the left nav Quick Launch might be incorrect. To get around this, I would suggest adding a Script Editor web part to this page, targeted to internal users, with a javascript redirect to the original, internal MySite Host.

If you notice any other drawbacks, please leave a comment.

Summary

In this post I’ve shown how you can use a combination of audience targeting, multiple MySite Host, and Trusted MySite Host locations to provide basic social capabilities for external users in Office365/SharePoint online.