Add domain to allow list of a site

This is a note to self kind of article. I found a way of managing the allow list for external sharing of individual SharePoint Online sites via Power Automate. This example shows how you could add domains for a couple of sites at once.

Inspiration

This question from MichelBr:

The second problem I’m facing is to add the domain to the Sharepoint whitelist. I couldn’t find any information how to add a domain to “Limit external sharing by domain”.

Power Users Community thread: Create GuestUser accounts and whitelist domain with approval.

limitsharingbydomain

Sharing Settings

You can manage SharePoint Online sharing settings on a organization level or a site level.

However, for a site it must be at the same or more restrictive setting as the organization. If you want to read more about sharing I would suggest to read Manage sharing settings.

Limit external sharing by domain

In this article we are talking about sharing with external guests. We want to limit the external sharing of the site to only allow sharing with a list of certain domains, which are our trusted partners. A first (preferred) approach would be to set this on organizational level. You could use Microsoft.Online.SharePoint.PowerShell module and the Set-SPOTenant cmdlet for this. Below is an example code snippet of that approach:

It is also possible to manage these settings on a site level. Some requirements might force you to this second approach. In that case you could manage it via the interface, the steps can be found in Restrict sharing of SharePoint and OneDrive content by domain.

Tenant Administration

But I wanted to automate this 😀 After a quick search I discovered you could use a POST Request to interact with the Tenant administration. These requests use the Microsoft.Online.SharePoint.TenantAdministration namespace.

You can use properties like SharingCapability, SharingDomainRestrictionMode & SharingAllowedDomainList to update a individual site.

Flow setup

Before you start: this setup will update the existing SharingAllowedDomainList value of your site. If you already have some existing domains in your list you need to include them in the update as well.

In my example below I will loop through an array of sites and for each site a new allowed domain is added.

updateallowlistdomains_flow

1. Add a Manually trigger a flow trigger action.

2. Add a three Initialize variable actions. Below is a table with the name, type and value for each of the variables.

The list of domains in a HTTP request need a comma delimiter, while in the Set-SPOTenant cmdlet the space character is used as the delimiter for the SharingAllowedDomainList parameter.

NameTypeValue
SitesArray[“SiteUrlA”,”SiteUrlB”]
AdminCentreStringYour Admin Centre Url
DomainsStringdomaina.com,domainb.com

sitesarrayvariable

3. Add an Apply to Each action. Use the Sites variable in the Select an output from previous steps field.
This action will loop through every item of the Site Array variable.

applytoeach_sitesvariable

4. Add a Send an HTTP request to SharePoint action within the Apply to Each loop. Use the item() as an expression for the Site Address field.
This action is to retrieve the specific GUID of the site.

getsiteid

5. Add a second Send an HTTP request to SharePoint action within the Apply to Each loop. Use the Id field of the previous action in the Uri. Also make sure you use the same kind of Body. See the code snippet and screenshot below.

updateallowlistdomains

That should be it for the setup.

Happy testing!

You may also like...

3 Responses

  1. ali says:

    does this work? tried it and it added the domain into the list but still doesnt work when they login says domain is restricted. I can see _api/Microsoft.Online.SharePoint.TenantAdministration.Tenant/Sites/Update exists but dont know how to use it.

    would you know how to amend the org level instead of individual site collections?

  2. Nausheen says:

    Hi Dennis,

    Do we have a power Automate to set the white listing at the Tenant level instead of the individual sites.

    Please advise.

    Kind Regards,
    Nausheen

  3. Chintan Sanghavi says:

    Hi @Dennnis,
    Will this work for OneDrive site. I mean user’s OneDrive site which is ideally a personal SharePoint site. And any UI where we can see external sharing settings for user’s personal SharePoint site(OneDrive)
    https://{tenant}-my.sharepoint.com/personal/{firstname}_{lastname}_{domain}_com.

    I’ve frequent requirement from my organization’s stakeholders to share Teams meeting recordings with external client you know. I want to automate this where I can add that domain of external client when my org stakeholders want to share that so that IT’s dependency can be removed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.