Inviting Google (Gmail) Users To Collaborate In Your Teams Channels

This post is not about inviting Google users to your meetings, where you just send them the meeting invite and all is good. This is about adding the Gmail user as a member of a Team, so they can see the Teams channels, chat and collaborate with files and apps along with everyone else in the Team.

You may be able to do all this as an end user, but if not then check some of the below points with your Microsoft 365 Administrator.

To invite Gmail users to Teams is all to do with B2B Collaboration, or Guest Accounts in Entra ID. So first, you need to allow the invitation of external guests to your Entra ID directory (previously known as Azure AD). If you have domain restrictions here, you would need to allow “”. If the user you want to add uses G-Suite (Google Workspace) then you can invite them from their custom domain, but this domain also needs to be allowed if you block external domains.

Domains can be blocked in two places, both need to be checked by the administrator. The first is Entra ID and the second is Teams Admin Center.

Checking Entra ID for External User Restrictions

This is checked in the Entra ID portal at > Identity > External Identities > External Collaboration Settings. From here ensure that the “Guest invite settings” allows guests to be invited (so anything but the last option):

Top three options allow inviting of guests

If the top option is selected, the end users can invite the Gmail contact directly, but if either of the middle two options are selected then anyone with correct permissions can invite the guest user and will need to invite the Gmail user before the end user can add the user to a Team.

The other setting to check in Entra ID is the Collaboration Restrictions. From here you need to add or the Google Workspace domain if you have the bottom option selected. If the middle option, ensure the opposite (that the domain is not denied) and with the top option the invite will just work:

Collaboration Restrictions in Entra ID

Cross-Tenant Access Settings now also take effect (since late 2022), so check this area as well and make sure that there is not an entry for the domain in question that blocks B2B Collaboration or that the Default does not block B2B Collaboration as shown:

Cross-Tenant Access is allowed for B2B Collaboration for the Default Settings

Once Entra ID is confirmed as allowing Gmail guests, check the settings in Teams.

Checking Teams Admin Centre for Guest Restrictions

This is accessible from > Users > Guest Access. This is not “External Access” which is to do with chat cross-company only and not B2B/Guest access to Teams. Ensure that Guest Access is On:

Guest Access in Teams

Conditional Access Restrictions

The Gmail guest user will be subject to any restrictions that your tenant has for Conditional Access for guest users. When writing this blog post I came across one that blocked Gmail users (where login is federated to Google) because the Conditional Access rule required an Authentication Strength rather than direct MFA. Changing it to Multifactor Authentication fixed the login.

Login prompt failing for the Gmail user when Authentication Strength MFA is in use.

This issue presents itself in the Entra ID sign-in logs for the guest user as “Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.”

Changing the Conditional Access rule for the Gmail guest to standard Multifactor Authentication in the Conditional Access policy and away from Authentication Strengths fixed this – this is due to Authentication Strengths not supporting the Email One-Time Pass (Guest) Authentication method (see Entra ID notes).

This change can be seen in the following picture of the same Conditional Access rule setting, but with the change made to Multifactor Authentication so that Email One-Time Code authentication is supported:

Not using “Require Authentication Strength” for MFA, but the older “Require Multifactor Authentication” option

Inviting Gmail Users To Your Teams

The rest of the article looks at the process for the end user inviting the Gmail user to be part of their Team. If the above settings restrict who can invite external guests, then the initial invite step needs to be done before the user can be added to the Team, and if the guest user is already added to another Team, then its easy to add them as a member of more than one Team just by entering their email address. This flow looks at the first time invite and add to Team experience.

  1. In Teams, click the … next to the Team name. You need to be the Owner of the Team to invite new members. Type in the Gmail users address:
Adding a Gmail user to a Team
  1. You get an option now to set the “Display Name” for this user:
Setting the display name for the invited guest user
  1. The recipient in Gmail gets an email inviting them to the Team. The user needs to click the “Open Microsoft Teams” button in the email. The rest of the email tells the Team name and the purpose of the organization doing the invitation:
Invitation to external user for Teams
  1. The Gmail user is asked to sign-in to Teams with their Google account:
Signing Into Teams with Google Account
  1. To sign in for the first time, the M365 tenant prompts for accepting the privacy and permissions consent. The Gmail user needs to accept this. This will be branded with your organization’s information:
Consent for logging into Microsoft 365 and then Teams for the Gmail user
  1. If your tenant requires Multi-Factor Authentication for guest users, they will be prompted to set this up at this point in the authentication process:
Prompt to setup MFA in Microsoft 365 for a new guest user
  1. The setup for MFA continues as is found documented on plenty of websites on the Internet
  2. The user is asked to start the Teams app (if it is installed) or download the app or use the website. I’m using the website in this example, as my Teams app is already signed in with a seperate account – but the process is identical be it the browser or the application
Choosing to use the web browser or opening the Teams app as the Gmail guest user
  1. Depending upon your MFA choices, you might be prompted at this point to “upgrade your MFA to Microsoft Authenticator” as shown (I had set MFA up using Google Authenticator in this example and had entered my six digit code to login to Teams)
Upgrading MFA to Microsoft Authenticator
  1. Success, I am now using Teams as a guest user. For this I do not need a Teams licence, as I am making use of the free 1:5 (one licenced user to 5 guest users) or the free 50000 MAU (monthly active users) for guests that can be configured in Entra ID
Teams as the Gmail guest user, with working Chat and file access via the Files tab

Photo by Pixabay:



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.