Trouble adding external e-mail addresses to SharePoint

akus1
akus1 used Ask the Experts™
on
We are trying to add SharePoint user accounts to four individuals  outside of the domain.

(As an aside, we are also trying to give them access to a specific folder. I need some direction with that, but we haven't been able to get that far yet.)

When we put in the e-mail address in Sharepoint (from Site Settings>Permissions>Add Users), we get an "No exact match was found" error message.

Is is possible to add external users to Sharepoint?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
Is your SSP/UPS syncing with your user source (for example, Active DIrectory)?

The SSP/UPS has to sync with the store that you are keeping the user information in.  You can't just add them straight into SharePoint.
SQL / SharePoint Engineer
Commented:
SharePoint doesn't store user accounts; it is designed to pass this off to an external service such as Active Directory or a custom claims-based authentication source (i.e. where usernames and passwords are stored in SQL Server).  Like all .NET applications, security is handled in two phases: Authentication (who are you?) and Authorization (what can you see?).   Once a user has been authenticated, SharePoint handles the authorization.

http://technet.microsoft.com/en-us/library/cc262350.aspx

If you have non-employee users you have several options (in order of complexity):

1. Add these users to your Active Directory
2. Set up Claims Based Authentication to an internally-controlled database
3. Set up Claims Based Authentication to an externally-controlled service

Option 1 is the simplest, and it's the default configuration for SharePoint so it will always look in AD for users first.  BUt this may not be your preference, since creating domain accounts for these users would automatically give them the ability to log into your domain machines, which is a security concern.

Option 2 is the preferred choice for an Extranet Collaboration Portal, where you work with external partners and vendors.  You can create a web application and "Extend" it so that it has two addresses.  One zone is for internal employees who authenticate via AD, and the other is for non-employees, who authenticate using claims.  (In SP 2010 you can also configure this using a single URL).  User accounts are stored in a SQL database.  The drawback to this, unfortunately, is that users don't control their own passwords.  There are some third party solutions for an entirely claims-based SharePoint solution, but in the the out of the box solution, you're basically managing everyone's passwords, which can be cumbersome if there are a lot of them.
http://blogs.msdn.com/b/russmax/archive/2010/05/27/understanding-sharepoint-2010-claims-authentication.aspx

Option 3 is complex and I've never done it, but it's definitely possible using Claims.  You could, for example, allow users to sign in using their Windows Live ID or OpenID account.  This means they are able to manage their own passwords and usernames.  
http://blog.fpweb.net/claims-authentication-windows-live-id-for-sharepoint-2010/
http://technet.microsoft.com/en-us/library/ff973117.aspx

Justin SmithSr. System Engineer
Top Expert 2012

Commented:
LOL.  It was an extreme waste of time to type all that up and find out he's on SharePoint 2007.
Greg BurnsSQL / SharePoint Engineer

Commented:
Thats OK. I like to write.  And I do a lot of cut and paste.  
Greg BurnsSQL / SharePoint Engineer

Commented:
And with all due respect, I don't believe in answering questions with shorthand.  People come here because they're confused.  Your answer was technically correct, but if I was a novice I would have found it confusing.  I'd rather risk over-explaining something than giving someone an enigmatic answer.  

You do great work here, I've been following you for a while, and you answer nearly everything promptly and accurately... but your answers are all very short.  I just like to provide more depth in my answers, which is why I'm not as active here as you.  
1) Ask your windows admin to create a UPN in AD for specific external email IDs.
2) Add the email in any share point site.

Author

Commented:
Thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial