locked
Is it possible to bypass SharePoint login from different domain? RRS feed

  • Question

  • Hello SharePoint Fam,

    Is it possible to setup Anonymous Access to a totally different domain?  So SharePoint is on Domain1 but needs to be accessed by folks on Domain2.  Currently when users from Domain2 try to access Domain1(http:domain.domain1.local) they are always presented with the login box.  So they are able to get to SharePoint with but are always presented with login, is it possible to get past the login and allow all users from Domain2 to get read only access.  Is just a matter of adding http://domain.domain1.local to trusted sites zone?

    Thanks N Advance

    Thursday, July 23, 2020 5:48 PM

Answers

  • Without the trust in place, that won't do anything. SharePoint needs to know about the end user and the only way to accomplish that in your scenario is to create that forest trust.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by 41global Thursday, July 30, 2020 2:02 PM
    Tuesday, July 28, 2020 4:16 PM

All replies

  • Anonymous is different than what you're asking for.

    Given there is a domain trust in place between the two domains and you're adding users from Domain2 to SharePoint, then yes you can add the URL to the IE zone configured for automatic login with current username and password. That will allow the browser to automatically submit credentials on behalf of the user and prevent the login dialogs.


    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, July 23, 2020 6:03 PM
  • Hi 41global,

    To grant permissions for users of Domain B in Domain A sites, if you want people picker to return query results from more than one domains, you must have a two-way trust between domains. You could use below command:

    stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:DomainA.com;forest:DomainB.com,DomainB\login,password" -url "Your webapp url"

    Reference:

    https://sharepoint.stackexchange.com/questions/174389/sharepoint-2013-multiple-domains-in-people-picker

    This “SharePoint 2013 - Setup, Upgrade, Administration and Operations” Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best regards,

    Emily Du


    "SharePoint" forums will be migrating to a new home on Microsoft Q&A !
    We invite you to post new questions in the "SharePoint" forums' new home on Microsoft Q&A !

    Friday, July 24, 2020 10:04 AM
  • Thanks so much for response.  Is there a way to confirm the trust between the 2 domains?  Currently users from Domain2 are not apart of Domain1 SharePoint environment at all.  So users from Domain2 are always presented with a pop up box due them being a different domain and no access to Domain1 SharePoint.  I am able to get into Domain1 SharePoint on Domain2 by entering domain1\username and password.  Trying to somehow totally bypass that entire popup box within Domain2 environment.  Thanks again
    Friday, July 24, 2020 12:51 PM
  • Hey Emily,

    Thanks so much for your response, it is not a people picker issue that is going on.  I think it's more of AD/IIS Authentication but im not 100%.  Thanks again

    Friday, July 24, 2020 12:52 PM
  • OK, for that you do need to have a policy pushed to Domain2 users which adds the site to the Trusted Sites list (given a policy has also been pushed for Trusted Sites to enable automatic logon).

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, July 24, 2020 4:48 PM
  • Thanks Trevor, but what if Domain 2 users are totally outside where they actually have no access to Domain1 SharePoint at all.  Only Domain1 users have actual AD accounts that can authenticate.  Domain2 users have no SharePoint account/access at all to Domain1 SharePoint.  Thnx
    Tuesday, July 28, 2020 12:54 PM
  • What *is* Domain 2? It sounded like it was an Active Directory domain from the way you worded your post.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, July 28, 2020 2:41 PM
  • So client was purchased by another company(Domain2).  The new company just wants to be able to access client SharePoint environment without having a AD account to just have read access.  Right now they get pop up box but no actual AD account to input for authentication. 
    • Edited by 41global Tuesday, July 28, 2020 2:50 PM
    Tuesday, July 28, 2020 2:49 PM
  • OK, so you have two options:

    1) Create a new account in Domain1 for that user

    2) Create a forest trust between the environments (this should be done over VPN if you haven't established WAN connectivity). By doing so, you can configure the People Picker and add Domain2 users directly


    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, July 28, 2020 3:08 PM
  • Okay thanks a bunch, could another option be adding new company(Domain2) IP ranges to Domain1 iis server IP Domain Restrictions tool?  Thnx
    Tuesday, July 28, 2020 3:40 PM
  • Without the trust in place, that won't do anything. SharePoint needs to know about the end user and the only way to accomplish that in your scenario is to create that forest trust.

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by 41global Thursday, July 30, 2020 2:02 PM
    Tuesday, July 28, 2020 4:16 PM
  • Hi 41global,

    I'm checking how the things are going on about this issue. Whether the post helps you?

    You can mark the post as answer if it helps.

    This “SharePoint 2013 - Setup, Upgrade, Administration and Operations” Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best regards,

    Emily Du

    "SharePoint" forums will be migrating to a new home on Microsoft Q&A !
    We invite you to post new questions in the "SharePoint" forums' new home on Microsoft Q&A !

    Thursday, July 30, 2020 9:54 AM