For the most part, any workflow we build will involve participants that have access to the respective site, and won’t involve external users, or users that don’t have permission to the site. A client pointed out a blurb in a TechNet article that mentioned you can allow non-authenticated users to participate in a workflow, and I had never heard of that, so of course I had to find out what it was all about.
MSDN mentions that by enabling this option, you can allow either or both of the following types of non-authenticated users to participate in workflows: internal users who do not have access to the site and external users who do not have access to any internal network resources. For internal users, an email message is sent that explains how to request access to the site (subject to administrator approval). For external users, an email message is sent with an attached document or list item for the participant to review or sign.
To test this, I first enabled the setting in Central Administration. Navigate to the Application Management tab, Workflow Management, then Workflow settings. Check the Yes radio button to enable external users to participate:
Next, let’s use a document library, and add a simple out-of-the-box approval workflow that is configured to route to an external address. For this example I’m using a document library named External Documents, and have added an instance of the Approval workflow named External Workflow. For the approvers, I’m adding an external email address to test with:
Whenever a new item is added to the library and the workflow gets kicked off, an approval email is sent to the external email address that was specified in the Approvers field that includes the document as an attachment. What I don’t particularly like is the email still includes the link to the actual document, and if you hover over it, you can see the full URL to it. The whole purpose of this is to send a copy of the document because the recipient doesn’t have access. Why include a link if they’re definitely not going to have access to it?
Now, from here the workflow is disconnected. Obviously because the external users don’t have access to the site, they can’t complete tasks, navigate to the document library, etc. It us up to the external user to review the document and contact the initiator.
In addition to the email that is sent to the external email address, a email is sent to the initiator of the workflow indicating that the external user doesn’t have access to the item, and a task has been created for the initiator to be completed whenever the external has responded:
This isn’t limited to document libraries either – the same rules apply to list items. The only difference is instead of the document being sent as an email attachment, you get to see the fields directly in the email:
And that’s it! Even external users and users that do not have permissions can participate in workflows!