Microsoft 365 provides authentication and management of guests accessing your New Collaborate site.
To ensure New Collaborate functions as intended, the settings must be configured as per the article below.
To complete these one time steps, you will need to log in as your Microsoft 365 Administrator User.
Step 1 - External Collaborate Settings (Mandatory)
- Go to the Microsoft Entra Admin Centre https://entra.microsoft.com and log in as the Microsoft 365 Administrator.
- From the menu on the left, click the External Identities dropdown and select External collaboration settings.
- In the Guest invite settings section, ensure as a minimum the following option has been selected:
➡️Member users and users assigned to specific admin roles can invite guest users including guests with member permissions. This is the default Microsoft setting.
To restrict the ability for users to share directly from the SharePoint Collaborate site, we recommend updating this directly within the site once you have completed the New Collaborate configuration wizard. Refer to How to restrict the ability for internal users to invite guests to SharePoint.
- Scroll down to the Collaboration restrictions section.
- Select "Allow invitations to be sent to any domain (most inclusive)". This is the default Microsoft setting.
Step 2 - Enable One-Time Passcode (Mandatory)
One-Time Passcode enables guest users to use a one-time passcode to authenticate their accounts.
If this option is not enabled, users will be required to create a Microsoft Account to access the New Collaborate site.
If your practice has additional Multi-Factor Authentication (MFA) settings in place, the client will be asked to keep their account secure by setting up an Authenticator app. If the client already uses MFA on their email account, they may be prompted to authenticate twice. Refer to Step 5 - Review the Multi-Factor Authentication (MFA) Setup below.
- Open Microsoft Entra Admin Centre - https://entra.microsoft.com/ and log in as the Microsoft 365 Administrator.
- From the menu on the left-hand side, in the External Identities section, select All identity providers.
- Select Email one-time passcode and change the toggle for Email one-time passcode for guests to Yes. This is the default Microsoft setting.
Step 3 - Assign the User Administrator Role (Optional)
This step is optional as:
- The only effect of not configuring this is that New Collaborate will not be able to complete the final step when sharing is stopped with guest users. The final step is to automatically delete the guest user from Entra.
- This can be completed manually and periodically by the Microsoft 365 Administrator.
- The reason some practices may choose not to configure this, especially enterprise practices, is they may have security protocols to prevent sharing such a powerful permission with an integration app.
Note: If enabling the User Administrator Role, the Guest User role (to limit sharing to specific users only) is not required.
To assign the User Administrator role:
- Open Microsoft Entra Admin Centre - https://entra.microsoft.com/ and log in as the Microsoft 365 Administrator.
- From the menu on the left-hand side, in the Users section, select All Users.
- Locate the Practice OneDrive Admin User Account and click the name to open the user properties.
- On the User menu on the left-hand side, in the Manage section click Assigned roles.
- Click + Add Assignments.
- Tick the User Administrator role.
- Click Add.
- The next time you load the Assigned Roles page, the User Administrator role will be displayed for the user.
Step 4 - Update SharePoint External Settings (Mandatory)
- Open Microsoft 365 Admin Center by visiting https://admin.microsoft.com/ and log in as the Microsoft 365 Administrator.
- From the menu on the left-hand side, locate the Admin Centers section and select SharePoint (you may need to first click Show All).
- From the menu on the left-hand side, select Policies, then select Sharing.
- In the External Sharing section:
- As a minimum, set "Content can be shared with" to "New and existing guests" for SharePoint. This is the default Microsoft setting.
- For "More external sharing settings", ensure "Limit external sharing by domain" is not enabled. This is the default Microsoft setting.
Step 5 - Review the Multi-Factor Authentication (MFA) Setup (optional)
Some practices may select to use Multi-Factor Authentication (MFA) enabled for clients/guest users. This is enabled by default if the practice is using MFA for internal users.
If a guest uses a Microsoft email account, for example Hotmail or Outlook, the guest user will be prompted to complete authentication twice - once for their email login, and one for the practice's own MFA security requirements.
If the one-time code with MFA has been enabled, users will still be required to complete the authentication process.
To disable MFA for guest users, while retaining MFA security for the practice, refer to How can I Disable Guest User Multi-Factor Authentication (MFA)?
Step 6 - Add Privacy Information to Microsoft Entra (optional)
When clients are added to your New Collaborate site they'll be prompted to accept the permissions requested by your practice.
If your practice has not added privacy information to Microsoft Entra the permissions will display "(Practice) has not provided links to their terms for you to review."
To create a Privacy Policy refer to the Microsoft article Add your organization's privacy information to Microsoft Entra
Next Steps: To continue setting up New Collaborate, refer to Setting up Collaborate Email Templates.