Architecting Secure External Collaboration

Swiss Communications Company

Challenge

Before the project, external collaboration at the customer's company relied on manual processes and fragmented access management practices. External users and partners were onboarded to the SharePoint environment through email requests and manual provisioning, which made the process slow and difficult to control. Permissions were often assigned individually, creating risks related to inconsistent governance and limited visibility into access rights.

At the same time, internal and partner communications were based on static email distribution. Newsletters required manual compilation of content from SharePoint and were distributed uniformly to all recipients, regardless of their interests. This approach limited engagement and created additional operational workload for internal teams.

The goals were the following:

• Replace manual, email-driven access provisioning with a structured, automated IAM framework capable of handling partner organizations, external users, role-based access provisioning, and full lifecycle governance.
• Transform static communication into a dynamic, preference-driven content delivery system.

Solution

The solution architecture was built on SharePoint Online and the Microsoft Power Platform, using Power Apps and Power Automate to enable automation and low-code extensibility.

The first stage focused on designing an identity and access management framework based on Partner Profiles. Business owners could submit external user onboarding requests through a Power Apps interface. The request data was stored in structured SharePoint lists, where metadata defined partner organization details, user roles, and access parameters. Power Automate workflows then triggered role-based logic that handled external user invitations, permission assignments through security groups, and automated notifications confirming successful provisioning.

The second stage introduced an intelligent newsletter architecture designed to automate internal and partner communication. Users were able to select topics of interest and define how frequently they wanted to receive updates. Automation workflows dynamically collected relevant SharePoint content using metadata tags, filtered information according to user preferences, generated personalized summaries, and distributed formatted newsletters on a daily or weekly schedule without requiring manual editorial work.

The final stage focused on governance and scalability. The platform was built around a role-based access model aligned with the least-privilege principle and relied on group-based permission management instead of individual user assignments.

Structured metadata taxonomy ensured consistent content classification, while modular Power Automate flows enabled future expansion and integration. This architectural approach made it possible to scale the solution across additional partner types, regions, or business units without redesigning the system.

Results

• The new platform significantly improved both access governance and operational efficiency. External user onboarding became faster and more structured, while manual provisioning effort was significantly reduced. The system eliminated uncontrolled permission assignments by introducing a centralized role-based model and group-driven access management.

• The automated newsletter engine replaced static communication with personalized content delivery, increasing relevance for users while removing the need for manual newsletter preparation.
• The company gained improved transparency into user access and lifecycle events, strengthening governance and compliance readiness.
• The company now operates a secure and scalable collaboration framework built on SharePoint Online and the Power Platform. The solution supports automated access lifecycle management, enables controlled external collaboration, reduces operational overhead, and provides a flexible foundation for future digital workplace development.