This is the third in a series of posts exploring the limits, boundaries, options, and possibilities with external users in Office365/SharePoint Online. In this post, I’ll show how you can use audiences to provide basic social capabilities for external users.
As shown in the first post in this series, you can give external users the capability to view and edit their profiles, as well as update their profile picture. However, since external users are not allowed to create personal sites, they do not have access to social features such as following people or documents, or the newsfeed. They don’t have the personal site for storing this data, so it is effectively unavailable to them. External users do not have access to the Newsfeed page in the MySite Host (default.aspx). If they try to access that page, they are automatically redirected to the About Me page (person.aspx).
This post will describe how to enable tags and notes for external users, and how to give external users basic microblog capabilities on their About Me page.
The External Users Series:
- Profile and Pictures for External Users
- Audiences for External Users
- Adding Social capabilities for external users (this post)
Before starting, make sure you’ve read the first two posts in this series, and have enabled profiles for your external users, and created audiences for Internal Users and External Users (as described in the second post in this series).
Enabling Tags and Notes
The first step to getting basic social capabilities is to enable Tags and Notes in the User Profile Application in Tenant Administration. Just as I showed for enabling profile editing, you can change the permissions for external users and grant them access to Tags and Notes functionality.
What happens if external users don’t have this right? First of all, they won’t be able to get to their About Me page (they’ll still see the My Settings link). Next, if there is a Note Board web part on a page, they will only see the web part title (the actual Note Board will not show up, no message or anything).
Finally, in the ribbon, the Tags and Notes button will be disabled.
Setting Enterprise Keywords on a document will work without this permission, since it doesn’t use Social Tags, just the Managed Metadata term set.
Creating a Second MySite Host for External Users
Once you’ve enabled the permissions on the User Profile Application, the next step is to create a second MySite Host site collection to use just for external users. The reason for doing this will become clear in a little bit.
To create a second MySite Host, you’ll have to be a bit clever with Office365. If you try to create a MySite Host site collection from Tenant Administration, you’ll get an error message:
The My Site Host template is not available for new site collections in SharePoint Online. A My Site Host site collection was automatically created for you when you signed up.
To get around this, choose the Custom Tab, and the Select Template Later option. This will create the site without a site template (blank site).
Once the site collection is created, navigate to the newly created site, and you’ll be prompted to select a template. Choose the MySite Host template and you won’t receive an error this time.
Since you don’t have configurable managed paths, you can use use the /sites path, and create a url similar to https://yourdomain.sharepoint.com/sites/externalprofiles.
Configure Trusted MySite Host Locations
If you are familiar at all with globally distributed SharePoint On-Premises deployments, you know that you can have multiple UPAs and MySite Hosts in different geographic regions to improve performance. Well, Office365 still has this concept active in tenant administration. We’ll use this to ensure that any time a profile of an external user is accessed, the viewer will be redirected to the MySite Host for external users. This enables us to customize the user experience for external users, while leaving the original MySite Host for internal users relatively untouched.
To setup a Trusted MySite Host location, navigate to Tenant Administration > User Profiles > Configure Trusted Host Locations. Add a new link to a trusted MySite Host, specifying the absolute url to the newly created MySite Host, and use the External Users target audience that was created as a prerequisite.
Once this is configured, anyone viewing an external user’s profile will be redirected to the MySite Host for external users. The following table describes where users are redirected when viewing profiles with this configuration in place:
|Viewer||Profile Being Viewed||MySite Host Used|
|Internal User||Self||Original MySite Host|
|Internal User||Other Internal User||Original MySite Host|
|Internal User||External User||External MySite Host|
|External User||Self||External MySite Host|
|External User||Internal User||Original MySite Host|
|External User||Other External User||External MySite Host|
Fixing 403 Errors When Viewing Profiles
As explained in the issues section of the first post in this series, when external users try to view the About Me page (person.aspx) of any other user, they are given an unforgiving 403 forbidden message. The reason they get this message is that something inside the Activity Feed web part on that page is throwing an AccessDeniedException. Now that we have audiences setup for our external users, we can clean this up.
Navigate to person.aspx on both MySite Hosts, as a Site Collection Admin, or someone with Owners rights to the root site. From the gear icon, choose Edit Page. Find the Activity Feed web part, and edit it.
In the Advanced section of the toolpane, find the Target Audiences field, and enter the Internal Users audience created as a prerequisite to this effort, and click OK. You want to hide this web part for external users to prevent the 403 error, but keep it displayed for internal users.
There isn’t really a way to exit Edit Mode of the page. You’ll just have to navigate to a different page, and then back to person.aspx.
Once set, internal users can see the Activity Feed of other internal users, but external users will not see the activity feed for internal or external users, and will not get the 403 forbidden error anymore.
Adding Social for External Users
Since external users don’t have a personal site, and can’t create one, they don’t have the personal storage area necessary for a personal Newsfeed. Getting a Newsfeed web part to work for external users is just not possible. As a workaround to providing social microblogging capabilities, the older Note Board web part is still available, and can be used as a substitute to give external users additional social capabilities.
To add the Noteboard Web Part, login to the external MySite Host as a site collection admin, and navigate to person.aspx. From the gear icon, choose Edit Page. click to Add a Web Part, choose the Social category, and add the Noteboard web part. Move it under the Activity Feed web part. Again, since you can’t exit edit mode, just navigate to another url and then back to person.aspx to see your changes applied.
When done, your external users will have basic microblogging capabilities through the Noteboard web part, and both external and internal users can exchange notes when visiting external user profile pages.
Benefits and Drawbacks
Ok, so this is all admittedly pushing it a bit (especially the workaround to creating another MySite Host), and I doubt Microsoft has expected its customers to go this far down the road with external users. There are a few drawbacks to this approach which I’ll outline in a bit, but there are also some benefits to having this configurability, and I think it’s worth highlighting so that Microsoft can see the use cases here and continue to improve on the external user experience.
For benefits, obviously having the social capabilities is a big win, especially for companies that have very close relationships with contractors or embedded partners/vendors. Having a second MySite Host site collection enables you to take it even further, and brand the external MySite Host differently to further highlight the fact that these are external profiles being viewed. Conceivably, you could even have multiple MySite Hosts for different kinds of external users (vendors, partners, contractors, clients) and use audience targeting to send people to differently branded MySite Hosts. You could control the email addresses used for the Microsoft Accounts, and create audiences specifically looking for parts of that email address (e.g. email@example.com, firstname.lastname@example.org).
For drawbacks, they are mostly minor. Here are a few I’ve noticed:
- When external users use the Noteboard, the status icon next to their name shows the full sprite image shrunk down, instead of just the offline part of that image.
- External users receive an email that someone has left them a note. if the person leaving the note was an internal user, the text of the email provides links to leave a Note on the internal user’s profile. When clicking this link, the external user is taken to the About Me page of the internal user (on the original MySite host), and there is no Noteboard on this page to leave a note).
If you notice any other drawbacks, please leave a comment.
In this post I’ve shown how you can use a combination of audience targeting, multiple MySite Host, and Trusted MySite Host locations to provide basic social capabilities for external users in Office365/SharePoint online.