New Single Sign-on service for Office Add-ins rolling out in Office on the web 

Microsoft Office team

A new Single Sign-on (SSO) service will replace the existing one for Office Add-ins that are used in Office on the web. This new service is aimed at providing better reliability and supporting additional environments where Office on the web is used. This only applies to add-ins for Word, Excel, and PowerPoint. Outlook Add-ins are not impacted by this new service roll out.  

Because this is a new service, the following ID needs to be added to the list of authorized client applications in the Azure Portal for the service registration that is linked to SSO enabled add-ins: 


This ID is also updated in our documentation that outlines the process for registering an add-in to use SSO in the Azure portal (see step 12). Please refer to that documentation for assistance in completing this update. 

During the rollout period, we are enabling an opt-in with a new option for the AuthOptions object that enables your add-in to utilize the new SSO service before the current one is retired. The new option is  


The following is an example call with this option: 

result = Office.auth.getAccessToken({enableNewHosts:1});  

This option will be used in the future for any new features or hosts for the SSO flow. We are currently updating the documentation for this in the AuthOptions object.  

If you have authorized ea5a67f6-b6f3-4338-b240-c655ddc3cc8e already, good news – this is a group authorization that references multiple Office hosts, including the new SSO service. You don’t have to do anything to take advantage of the new service after the rollout period, but if you check in your applications back-end for specific application IDs, be sure to update it appropriately.  

The new service will be the only service available starting February 7, 2022. If you do not update your application pre-authorization for SSO enabled add-ins, they will cease to use the SSO flow as of this date in Office on the web and will instead utilize the implemented fallback method, if available. You will also see error 13005 as the response if you have not updated your preauthorizations. Additional information on SSO and fall-back authorization methods can be found in the SSO documentation.   

Happy coding!



Comments are closed. Login to edit/delete your existing comments