{"id":9312,"date":"2022-01-12T07:36:20","date_gmt":"2022-01-12T15:36:20","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/?p=9312"},"modified":"2022-05-25T17:28:03","modified_gmt":"2022-05-26T00:28:03","slug":"new-single-sign-on-service-for-office-add-ins-rolling-out-in-office-on-the-web","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/new-single-sign-on-service-for-office-add-ins-rolling-out-in-office-on-the-web\/","title":{"rendered":"Single Sign-on service for Office Add-ins rolls out in Office on the web\u00a0"},"content":{"rendered":"<p><span data-contrast=\"auto\">A new Single Sign-on (SSO) service is replacing the existing one that Office on the web uses for Office Add-ins. This new service provides better reliability and supports additional environments where Office on the web is used. This only applies to add-ins for Word, Excel, and PowerPoint. Therefore, this new service roll out does not impact Outlook add-ins.<\/span><\/p>\n<h2>How to register an add-in to use Single Sign-on<\/h2>\n<p><span data-contrast=\"auto\">Because this is a new service, add the following ID to the list of authorized client applications in the Azure Portal for the service registration that is linked to SSO enabled add-ins:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><b><i><span data-contrast=\"auto\">93d53678-613d-4013-afc1-62e9e444a0a5<\/span><\/i><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">This ID is also updated in our documentation that outlines the process for <\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/office\/dev\/add-ins\/develop\/register-sso-add-in-aad-v2\"><span data-contrast=\"none\">registering an add-in to use SSO in the Azure portal<\/span><\/a><span data-contrast=\"auto\">. Please refer to that documentation for assistance in completing this update.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">During the rollout period, we&#8217;re enabling an opt-in with a new option for the <\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/javascript\/api\/office\/office.authoptions?view=common-js-preview\"><span data-contrast=\"none\">AuthOptions object<\/span><\/a><span data-contrast=\"auto\"> that enables your add-in to utilize the new SSO service before the current one is retired. The new option is as follows.<\/span><\/p>\n<p><code><i><span data-contrast=\"auto\">{enableNewHosts:1}<\/span><\/i><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/code><\/p>\n<p><span data-contrast=\"auto\">The following is an example call with this option.<\/span><\/p>\n<p><code><i><span data-contrast=\"auto\">result = Office.auth.getAccessToken({enableNewHosts:1});\u00a0<\/span><\/i><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/code><\/p>\n<p><span data-contrast=\"auto\">In the future, this option will be used for any new features or hosts for the Single Sign-on flow. We are currently updating the documentation for this in the AuthOptions object. <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">If you&#8217;ve authorized <\/span><b><span data-contrast=\"auto\">ea5a67f6-b6f3-4338-b240-c655ddc3cc8e <\/span><\/b><span data-contrast=\"auto\">already, good news! This is a group authorization that references multiple Office hosts, including the new SSO service. So, you don\u2019t have to do anything to take advantage of the new service after the rollout period. But, if you check in your applications back-end for specific application IDs, be sure to update it appropriately. <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The new service is the only service available starting February 7, 2022. If you don&#8217;t update your application pre-authorization for SSO enabled add-ins, they&#8217;ll cease to use the SSO flow in Office on the web. Instead, they&#8217;ll utilize the implemented fallback method, if available. You&#8217;ll also see error 13005 as the response if you have not updated your authorizations. Additional information on SSO and fall-back authorization methods can be found in the SSO <\/span><a href=\"https:\/\/docs.microsoft.com\/office\/dev\/add-ins\/develop\/sso-in-office-add-ins\"><span data-contrast=\"none\">documentation<\/span><\/a><span data-contrast=\"auto\">.\u00a0\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p>Happy coding!<\/p>\n<p><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new Single Sign-on (SSO) service will replace the existing one for Office Add-ins that are used in Office on the web. This new service is aimed at providing better reliability and supporting additional environments.<\/p>\n","protected":false},"author":69076,"featured_media":7754,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[11],"tags":[18,12,46,47],"class_list":["post-9312","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-office-add-ins","tag-excel","tag-outlook","tag-powerpoint","tag-word"],"acf":[],"blog_post_summary":"<p>A new Single Sign-on (SSO) service will replace the existing one for Office Add-ins that are used in Office on the web. This new service is aimed at providing better reliability and supporting additional environments.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/9312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/users\/69076"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/comments?post=9312"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/9312\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media\/7754"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media?parent=9312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/categories?post=9312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/tags?post=9312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}