Problem
You are a Global Administrator for your organization's Office 365 subscription, employing both cloud and federated identities. Various site collection administrators look after day-to-day administration of user content site collections. One site collection administrator manages a site having hundreds of internal (federated) and external (cloud) users. The site collection is configured to allow both internal and external users to access the site.
The site collection administrator sends an invite to an external user, and the external responds and a cloud account is created for her. The site collection administrator deletes the account for some reason and sends out another invite, which the external user responds to but experiences an error:
The site collection administrator sends an invite to an external user, and the external responds and a cloud account is created for her. The site collection administrator deletes the account for some reason and sends out another invite, which the external user responds to but experiences an error:
Sorry, something went wrongIn order to recover from the problem, the external user's account must be completely removed from both SharePoint Online and O365.
We're sorry, sign-in isn't working right now. But we're on it! Please try again later.
Solution
- Remove user account from all user groups: request the site collection administrator remove the user account from all SharePoint user groups he or she may have added the external user's account to.
- Remove the user account from the site collection: request the site collection administrator use this user listing to remove the user completely from the site collection:
_layouts/15/people.aspx?MembershipGroupId=0
- Remove the user profile from SharePoint Online: request the SharePoint Online Admin to remove the user's profile:
Navigate to: SharePoint Admin Center > user profiles > People > Manage User Profiles
- Remove the user's cloud account: as Global Administrator, remove the cloud account:
Navigate to: Admin Center > Users > Guest users > [click Delete a user button]
References
- About Office 365 admin roles
- Office 365 admin overview
- About the SharePoint Online admin role
- 3 Ways to Plan an Identity Model for Your Office 365 Deployment
- SharePoint Online Authentication Options - Part 1
- How to remove users from SharePoint Online
- What is Hidden User Information (Userinfo) List in SharePoint 2010/2013 and how to fix when it causes a site collection to show old User metadata properties in People Picker control or in a Person or Group column?
Notes
- Cloud Identity: the identity exists in the cloud in Microsoft Azure Active Directory (MS AAD) and not in your organization's on-premises Active Directory. Also referred to as an external user.
- Federated Identity: the identity exists in your organization's on-premises Active Directory, which is synchronized with AAD. Also referred to as an internal user.
- Global Administrator: has access to all administrative features in the Office 365 suite of services in your organization's Office 365 subscription. They are the only admins who can assign other admin roles (e.g., SharePoint Admin, Exchange Admin, etc).
- SharePoint Administrator: effectively the farm administrator, has access to all site collections in the O365 subscription.