Kirk Liemohn

Kirk Liemohn is a Principal Software Engineer at ThreeWill. He has spent nearly a decade helping clients transform and migrate their content from one platform to another (typically to Microsoft 365) with a focus on the more complex scenarios.  Prior to his transformation focus, Kirk led several key SharePoint integrations at ThreeWill including Jive, Polycom, and Confluence.

Introduction

I have seen reports on how the SharePoint Online People Picker works within Microsoft 365 that do not match what I am seeing.  Specifically, I have heard that once an external user is in the tenant, they are discoverable via the people picker on any site collection.  That’s how it appears on the surface, but when I dig deeper, I have come to understand that browser caching may make it appear that way when it isn’t actually the case.  Because of this discrepancy, I wanted to understand the patterns as best as possible.

What is people picker?

First, let me define what I mean by people picker…  The people picker can be accessed in two primary ways in SharePoint Online:

1. Via the “Share” operation when sharing a site or sharing content within the site.

2. When adding a list item and entering a people picker field value (e.g., “Assigned To” for a Tasks list).

Now let me describe how this works.  These are just my observations as of 4/1/2015 (no fooling!) and are subject to change at the whims of the SharePoint Online team.

The “Share” operation resolves any email address but the list item people picker does not

• ​​When using the “Share” operation, you can resolve any email address if external users are allowed for the site collection. Therefore, even if no user is found via type-ahead, any email address will work.
• When using the list item people picker, email addresses do not resolve on their own. They must be found via the rules discussed below.

Type-ahead may find users after entering the first three characters of the first name, last name, or email

• Type-ahead of three characters by an internal user should always find matching internal users based on first name, last name, or email.
  • ​There is a short period (maybe 5 minutes) immediately after a user is added to the directory that the user is not yet available via type-ahead.
• The resulting drop down shows the display name and the title (if available) of internal users. It shows the name and email of external users (if found).

Some users can be “cached” to aid with type-ahead

• These cached users will show up from type-ahead of a single character instead of three characters.
• Users are added to the cache when they are selected in the list item people picker (not the “share” people picker) and the operation is saved/completed.
  • Users are not cached by virtue of being in the user information list.
• ​These cached users are stored in the browser cache (clearing the browser cache removes them). Once in the cache, they can be accessed/found across site collections – they could be added to the cache by adding them to a people picker in one site collection, then found with a single type-ahead character in another site collection.
• Sometimes you can get extraneous results.​ For example, entering “i” may get some cached results that don’t match because the internal ID may start with “i:0#.f|membership|”.

Ext​ernal users have some caveats

• ​External users cannot be found based on the last name. They can only be found based on the first name or email.
• External users typically cannot be found unless they are cached (as discussed above) or if they are in the user information list for the current site collection.
  • Sharing with an internal user or an external user that is already in the tenant immediately adds them to the user information list.
  • Sharing with an external user that is not already in the tenant does not add them to the user information list until they accept the invitation (click on the email link and log in if necessary).
  • Selecting a user via the list item people picker adds them to the user information list (both internal and external users).
• External users generally cannot find anyone unless those users they are looking for are cached or are in the user information list. For those that are in the user information list, they are only found by first name or email (not by last name even if they are internal users).
• External users that have been invited, but have not accepted the invite, cannot be found.
• External users can get even more extraneous results than internal users. For example, entering “i:0” may get many undesirable results.​​ There can be other results that appear to be extraneous because the entire email address is searched (searching for “e@c” may find “john.doe@company.com”).

You cannot pick external users if the site collection does not allow sharing with external users

• ​The following error is shown if you type in the external user’s email address: “Sorry, you are not allowed to share this with external users.”
• The following error is shown if the user suggestion was shown from type-ahead and then selected: “The user does not exist or is not unique.”
  • Selecting an external user this way is only available if the user is in the browser session cache.
• These errors occur on both the “Share” operation as well as when using a list item people picker.

I hope this sheds some light on how people pickers work in SharePoint Online.  If this has helped you, please let me know by leaving a comment. If you are seeing different behavior, please let me know that as well.