Tech Talk Live Blog

Information Architecture Example for SharePoint Online Extranet Sites

Margie Morales

Recently a request came in to create a new extranet site for an internal business unit for the purpose of collaborating with external people. I figured this would be a great opportunity to evaluate using SharePoint Online on Office 365 instead of my usual task of adding a site to an existing on-premises SharePoint. Starting with one site on SharePoint online is what I wanted to do because this allows for troubleshooting and identifying training needs at a smaller scale.

The main objective was to build out a portal-like experience for guests (extranet users) similar to how our on-premises SharePoint is configured by having one site collection with a search core results web part on the home page to roll up extranet site collections using the Content Class STS_Site. Keeping this one point of entry structure is important because some external users may be members of several extranet sites. Additionally, if they are not already on Office 365 through their organization, it would mean that they would not have the ability to pin their site to favorites and would have to remember the links to all of the sites of which they are members.

As for keeping our existing governance structure in place, an additional requirement was to make sure internal staff could still manage permissions for internal and external users within their respective extranet sites as site owners. This was achieved on-premises using Forms-Based Authentication (FBA). I also wanted to make sure only site owners could share the site or any content. To achieve this, I needed to disallow anyone not in the owners group from sharing (shown in the sharing settings image below).

Here were the steps taken that satisfied the above requirements:

  1. Created a new private site collection within the SharePoint Admin Center on Office 365.
  2. Ensured that the sharing was configured with “Allow external users who accept sharing invitations and sign in as authenticated users” and “Turn off sharing for non-owners on all sites in this site collection” (shown in the sharing settings image below).
  3. Shared the portal top level site with “Everyone”. Entering “Everyone” in the sharing box means that the site will be shared with all authenticated users. This meets the security requirement because the portal top level site will simply serve as a way to get to subsites with unique permissions.
  4. Created the new extranet subsite with unique permissions because we do not want “Everyone” to access it.
  5. Because I enabled SharePoint Server Publishing Infrastructure, we were able to use the security trimmed Table of Contents web part on the home page to roll up the sites to which extranet users have access. Another option is the Search Content web part. There are good tutorials online for using the Search Content to roll up subsites.

Now after sharing the subsite with external users, our internal staff site owners can give their collaborators the one portal link to login and they will be able to see the extranet site link on the home page and will not see any other sites for which they do not have permission.

Tech Talk Live Blog Comment Guidelines:

One of our main goals at Tech Talk Live is to build a community. It is our hope that this blog can be a forum for discussion around our content. We see commenting as an integral part of this community. It allows everyone to participate, contribute, connect, and share relevant personal experience that adds value to the conversation. Respect counts. We believe you can disagree without being disagreeable. Please refrain from personal attacks, name calling, libel/defamation, hate speech, discriminatory or obscene/profane language, etc. Comments should keep to the topic at hand, and not be promotional or commercial in nature. Please do not link to personal blog posts, websites, or social media accounts that are irrelevant to the conversation. This is considered self-promotion. We welcome links that help further the conversation and reserve the right to delete those we deem unnecessary. The appearance of external links on this site does not constitute official endorsement on behalf of Tech Talk Live or Lancaster-Lebanon Intermediate Unit 13. You are solely responsible for the content that you post – please use your best judgment. We reserve the right to remove posts that do not follow these guidelines.

Leave a Reply

Your email address will not be published. Required fields are marked *


Tech Talk Live is the only conference of its kind in the region specifically designed for IT pros in education.

1020 New Holland Avenue, Lancaster, PA 17601

(717) 606-1770