Guest Access not supported if SharePoint Online Website Name differs from Tenant Name
Problem
This article mainly applies to older SharePoint Connector for Confluence Data Center versions (1.12.x and 2.x) that use SharePoint REST API. Starting with version 3.x, and in our Cloud version (SharePoint guest access with Atlassian Forge is currently not permitted anyway), we use SharePoint Online and the Microsoft Graph API, so the described steps are no longer applicable.
This problem only occurs when the SharePoint Online public website name does not match the Microsoft 365 tenant name.
This is a very rare scenario since creating an alias has been disabled since March 2015 (see SharePoint Online Public Websites to be discontinued).
Although your organization's SharePoint is configured to allow External sharing, your registered guests will not be able to see the content of the configured lists or documents in the Confluence macros. This problem occurs even if they should have access to these lists or documents in SharePoint itself.
Cause
To provide guest access, the app must be able to resolve tenants by name. Unfortunately, the current implementation requires the SharePoint domain to match the default Azure AD domain provided by Microsoft when creating a new tenant (that’s the default behavior when not using aliases).
The default case should look like this:
Azure AD Domain: contoso.onmicrosoft.com
SharePoint Domain: contoso.sharepoint.com
If you are using a SharePoint alias, the domains will no longer match. The app will then revert to using the home tenant of the current user. Therefore, guest access will not work if you are using an alias.
For a bit more background, see also our guide on how SharePoint Online user and tenant selection work in Confluence Cloud.