Microsoft rolls out new Single Sign-On service for Office Add-ins

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • A new Single Sign-on service is rolling out, replacing the existing one for Office Add-ins that are used in Office on the web.
  • Currently, add-in integration with Office on the web is done through the existing SSO service. 
  • This new service is aimed at providing improved reliability and supporting additional environments where Office on the web is used.

Changes are coming soon to Office with the latest service for add-ins that will allow a Sign-on service.

This only applies to add-ins for Word, Excel, and PowerPoint. Outlook Add-ins and other types of Office Add-ins are not impacted by this new service rollout.

The new service provides a mechanism to register add-ins, which are registered in the directory, and linked to Azure AD. When a user tries to open an add-in from their local client applications, the service redirects the request back to the registered add-in where it is loaded and executed.

ID required for sign-on

Microsoft announced the availability of Single Sign-on (SSO) for Office Add-ins. SSO is a new service in Azure Active Directory (Azure AD) that provides a mechanism to register add-ins, which are registered in the directory and linked to Azure AD. 

You need to add 93d53678-613d-4013-afc1-62e9e444a0a5 to the list of authorized client applications in Azure portal.

“During the rollout period, we are enabling an opt-in with a new option for the AuthOptions object that enables your add-in to utilize the new SSO service before the current one is retired. 

The new option required is {enableNewHosts:1}. 

Transition to begin soon

Great news! If you had previously authorized ea5a67f6-b6f3-4338-b240-c655ddc3cc8e, you don’t have to do anything to take advantage of the new services after their rollout period, but if you check in your application’s back-end for specific application IDs, be sure to update it appropriately.

The new SSO service will be the only service available starting February 7, 2022, so Microsoft encourages its users to begin transition planning as soon as possible. 

Failure to update your application pre-authorization for SSO enabled add-ins by this date, they will cease to use the SSO flow as of this date in Office on the web and will instead utilize a fallback method if available. 

You will also encounter an error 13005 as the response if you have not updated your preauthorizations.

For more detailed information, you can refer to the SSO document.

Share your thoughts down below on what you think of the SSO service that is to roll out soon.