Single Sign-on service for Office Add-ins rolls out in Office on the web 

Office Add-ins team

A new Single Sign-on (SSO) service is replacing the existing one that Office on the web uses for Office Add-ins. This new service provides better reliability and supports additional environments where Office on the web is used. This only applies to add-ins for Word, Excel, and PowerPoint. Therefore, this new service roll out does not impact Outlook add-ins.

How to register an add-in to use Single Sign-on

Because this is a new service, add the following ID to the list of authorized client applications in the Azure Portal for the service registration that is linked to SSO enabled add-ins: 


This ID is also updated in our documentation that outlines the process for registering an add-in to use SSO in the Azure portal. Please refer to that documentation for assistance in completing this update. 

During the rollout period, we’re enabling an opt-in with a new option for the AuthOptions object that enables your add-in to utilize the new SSO service before the current one is retired. The new option is as follows.


The following is an example call with this option.

result = Office.auth.getAccessToken({enableNewHosts:1});  

In the future, this option will be used for any new features or hosts for the Single Sign-on flow. We are currently updating the documentation for this in the AuthOptions object.  

If you’ve authorized ea5a67f6-b6f3-4338-b240-c655ddc3cc8e already, good news! This is a group authorization that references multiple Office hosts, including the new SSO service. So, you don’t have to do anything to take advantage of the new service after the rollout period. But, if you check in your applications back-end for specific application IDs, be sure to update it appropriately.  

The new service is the only service available starting February 7, 2022. If you don’t update your application pre-authorization for SSO enabled add-ins, they’ll cease to use the SSO flow in Office on the web. Instead, they’ll utilize the implemented fallback method, if available. You’ll also see error 13005 as the response if you have not updated your authorizations. Additional information on SSO and fall-back authorization methods can be found in the SSO documentation.   

Happy coding!



Discussion is closed.

Feedback usabilla icon