Collaboration with external users – Manage clearly, securely and consistently in SharePoint.
Nowadays almost all products and services in the IT sector are created in cooperation with many different people and companies. In the context of globalization, the network of contacts is constantly growing. But instead of continuing to collect air miles, the new focus is on collaborating effectively digitally. Secure data exchange is essential.
Problems granting guest access
Giving an external user access to your own system is technically not a problem on most platforms. The real problem often lies in security concerns and the administrative burden.
Again and again, customers come to us who complain about a lack of transparency in external access rights. The problem is almost always the same: Employees who work with customers or suppliers authorize them for pages, libraries or elements. In most cases, there is no specific regulation as to who can authorize external access. In addition, the authorizations are only revoked in very few cases after the end of the collaboration and colleagues are often not even aware of the external authorizations. It can quickly happen that internal documents fall into the wrong hands.
Create transparency with external user management
We have implemented a SharePoint-based solution for our customers that consistently avoids this “authorization chaos” and makes working with external users transparent. This enables easy data exchange and access between suppliers, customers and employees while ensuring that control over the data is not lost.
The external user management can of course be individually adapted to the specific requirements of your company. Below we describe one of our projects in brief as an example.
Overview of external users with a SharePoint list
The external users are maintained centrally via a SharePoint list. In addition to the classic properties such as name, e-mail address and company, further information is requested and saved as metadata. This includes, for example:
- Reason for access
- Start date access
- Duration of access
- Permission level
A new external user can be created by adding a new element (+icon). This option is available to every employee. A workflow is automatically started when the corresponding properties are filled out and saved.
Standardized and secure processes with SharePoint workflows
If a new user is created, an approval process starts automatically. This first checks whether the user has the authority to authorize an external user. If so, the task of approval is assigned to him, if not, the approval request is forwarded to the responsible user (eg head of department). This person receives the approval task and information about the request by e-mail. If the approver doesn’t respond, they’ll get a reminder after a set amount of time. If the manager approves the request, he invites the external user in the next step and can add an individual text to the standard SharePoint notification.
Also Read About: Revamp Traditional Business Processes with Innovative Custom SharePoint Development Services
Authorization assignment via SharePoint groups
To ensure that only authorized people approve external users, we work with SharePoint groups. The groups ensure a high level of transparency and the associated workflow ensures an effective process.
In our example there are the following groups:
- External users
This group includes all external users with currently valid access rights. After an approved list entry, the external user is automatically added to this group.
- External User Manager
This group is responsible for approving or denying permission requests. In addition, members can also edit the “External users” group manually at any time and thus, for example, remove the access rights of an external user prematurely.
Stay up to date with SharePoint workflows
So that the overview is not lost over time, the external user management must always be kept up to date. This is ensured with the help of SharePoint workflows.
A user account must always be created with an expiry date. 14 days before the access expires, the user is automatically notified by email. In addition to the expiration information, the e-mail also contains a description of how an extension of the authorization can be requested.
If no renewal of access has been requested, the user will be removed from the external users’ group on the expiration date and will receive an email notification to that effect. The user’s data will also be removed from the SharePoint list after one year. This ensures that the external user management remains clear.
Have trouble managing or setting up external access? Are you interested in our solution described here or do you have other special requirements? Don’t hesitate to contact us. Find out more about our Microsoft SharePoint consulting at Al Rafay Consulting.