SharePoint Online delegated

You may have noticed, in our SPOMS example, a couple of lines of commented code. These are to provide an additional query string parameter to the connection URL, specifically ?DelegatedOrg=, which is similar to connecting via Exchange Online. Likewise, this parameter accepts a tenant name (usually in the form *.onmicrosoft.com) that will allow you to connect to the client administration site using delegated access.

Unfortunately, there's no way to connect directly to SharePoint sites using delegated access. Instead, you share the site with your external account and then, after confirming you can connect from the website, you'll need to get the full name of the SharePoint user for the external account.

Although this user may look like someone_gmail.com#EXT#@my365tenant.onmicrosoft.com in Azure AD, it typically looks something like i:0#.f|membership|someone@gmail.com in SharePoint Online. How will you confirm this obscure value? Well, that's where CSOM or one of the other tools described previously will come in very handy.

Once you know your sign-in credentials, and how to communicate them in SharePoint's weird esoteric language, you should be able to connect via CSOM or REST with your external (delegated) account just as you would with a native account in the customer's tenant.

You can also just create a global administrator account in the customer's domain and use that. It would probably be far easier.