In o365 if you want to ask external users for approval, and use "Approval" action users receive an error message trying to click on Approve or Reject with 403 in the background. You have to use the "Send Email with options" action.
This doesn't track tasks in https://emea.flow.microsoft.com/manage/environments/<tenantGUID>/approvals/received
External users trying to open that link will receive 403.
Side question: Is there a way to somehow track those tasks? (even by adding 5 additional actions)
I am looking for something similar to Workflow History List and Workflow Task List.
I created another Flow environment and can see all of them in the Flow admin center:
External users invited to the non-default flow environment can receive approval emails (not send email with options!) and after clicking on Approve or Reject do not receive error message. They can also navigate to https://emea.flow.microsoft.com/manage/environments/<tenantGUID>/approvals/received.
Seems like a solution?
But nothing happens! After they click on Approve/Reject the users do not receive "Your response has been recorded" confirmation screen and the running Flow does not catch this event. Whenever they click on Sent or History in https://emea.flow.microsoft.com/manage/environments/<tenantGUID>/approvals/received, they are redirected to https://emea.flow.microsoft.com/manage/environments/DEFAULT - <ANOTHERtenantGUID>/approvals/received.
MAIN Question: Is this the expected behaviour? Can a Flow environment be shared between users from different domains? Can I use the environments to somehow see the tasks assigned to all users?
I am afraid that it might be a default behavior of flow. Currently starting an approval from users outside the organization are not supported in Microsoft Flow. Here is the similar request at Flow Ideas Forum, please vote it at here:
A workaround for your scenario, you could consider creating Guest Account from your Organization for the external users, then the external users could access your flow within your flow environment. Please check this doc on adding a guest to a team for more details:
Thank you for posting on the Flow Community Forum! Have you had an opportunity to apply @v-yamao-msft‘s recommendation to adapt your Flow? Or maybe you've visited the idea thread and agreed enough to submit your vote to help get this feature voted into production! If yes, and you found that solution or idea thread to be satisfactory, please go ahead and click “Accept as Solution” on the reply containing the solution or the link to the idea thread so that this thread will be marked for other users to easily identify!
Thank you for being an active member of the Flow Community!
Flow Community Manager
I have to disagree with microsoft here, this is not expected behaviour. We have licenced external users with flow, they have an external account (authenticated) in our Tenancy and this should work. This is actually broken, not a nice to have. It is fundamental to include third parties in the process, how this got released without it working I will never know, this is a bug. It's broken.
What is clear, is the link you show below has the tenant Guid which as long as the person clicking the link is authenticated should return the manage flows page but it is clear it is being ignored, OR its a place holder because it is supposed to be working in the future. several MVP's list this as making flow non viable as a solution because this behaviour does not work. It has the authenticated user in the correct tenant context and chooses to redirect the user to authenticate to their own domain which then uses their tenant gui and ignores the required tenancy. This is a bug not a feature.
In the mean time we are creating an API shim to do the email and request handling properly and fix this ourselves.
Its trivial for microsoft to fix this and I expect it will be on the roadmap but not if the user voice is used!
I have added external users to our tenent as Guest Users in Azure as you suggested above. However, the user still gets an error when trying to reply to an Approval Flow email. The error message says "Your organization doesn't allow access to Microsoft Flow via your work or school email. Please use your personal email to sign up."
Is there another step that I need to take to allow this user to give approval via Flow? Please help!
For external users, I used the Office 365 Outlook - Send email with options.
Then you can select the options to be Approve/Deny and it will return the "Selected Option" which you can use in the conditional.