Problem

A site collection administrator sends an invitation to an external user's corporate email. The user receives the invitation, and responds to the invitation, and a cloud account is created for her. The site collection administrator then unintentionally deletes the user's cloud account from the site collection, and then sends out a new invitation to the user's same corporate email. The user receives the invitation, but, this time, when the clicks on the invitation URL, she is navigated to an error page:

Sorry, something went wrong

We're sorry, sign-in isn't working right now. But we're on it! Please try again later.

The site collection administrator has removed the user account from every SharePoint user group provisioned for the site collection and doesn't understand why the user is experiencing this error when an invitation sent earlier worked just fine.

Solution

In order to recover from this problem, the user's cloud account must be completely removed from your O365 subscription. Here are the places to check:

  1. Remove user account from all user groups: request the site collection administrator remove the user account from all SharePoint user groups he or she may have added the external user's account to. Follow up on this yourself by using the Check Permissions tool.
  2. Remove the user account from the site collection: request the site collection administrator use this user listing to remove the user completely from the site collection:
    _layouts/15/people.aspx?MembershipGroupId=0
  3. Remove the user profile from SharePoint Online: request the SharePoint Online Admin to remove the user's profile:
    Navigate to: SharePoint Admin Center > user profiles > People > Manage User Profiles
  4. Remove the user's cloud account: as Global Administrator, remove the cloud account:
    Navigate to: Admin Center > Users > Guest users > [click Delete a user button]

References

Notes

  • Cloud Identity: the identity exists in the cloud in Microsoft Azure Active Directory (MS AAD) and not in your organization's on-premises Active Directory. Also referred to as an external user.
  • Federated Identity: the identity exists in your organization's on-premises Active Directory, which is synchronized with AAD. Also referred to as an internal user.
  • Global Administrator: has access to all administrative features in the Office 365 suite of services in your organization's Office 365 subscription. They are the only admins who can assign other admin roles (e.g., SharePoint Admin, Exchange Admin, etc).
  • SharePoint Administrator: effectively the farm administrator, has access to all site collections in the O365 subscription.