Use the Yeoman generator to create an Office Add-in that uses single sign-on (preview)
In this article, you'll walk through the process of using the Yeoman generator to create an Office Add-in for Excel, Word, or PowerPoint that uses single sign-on (SSO) when possible, and uses an alternate method of user authentication when SSO is not supported.
Before you attempt to complete this quick start, review Enable single sign-on for Office Add-ins to learn basic concepts about SSO in Office Add-ins.
The Yeoman generator simplifies the process of creating an SSO add-in, by automating the steps required to configure SSO within Azure and generating the code that's necessary for an add-in to use SSO. For a detailed walkthrough that describes how to manually complete the steps that the Yeoman generator automates, see the Create a Node.js Office Add-in that uses single sign-on tutorial.
Node.js (version 10.15.0 or later)
npm install -g yo generator-office
Even if you've previously installed the Yeoman generator, we recommend you update your package to the latest version from npm.
An Office 365 (the subscription version of Office) account. If you don't already have an Office 365 account, you can get a free, 90-day renewable Office 365 subscription by joining the Office 365 Developer Program.
An Insider's build of Office 365. You should use the latest monthly version and build from the Insiders channel but you need to be an Office Insider to get this version.
When a build graduates to the production semi-annual channel, support for preview features, including SSO, is disabled for that build.
Create the add-in project
Excel, but you should choose the script type and Office client application that best suits your scenario.
Run the following command to create an add-in project using the Yeoman generator:
When you run the
yo office command, you may receive prompts about the data collection policies of Yeoman and the Office Add-in CLI tools. Use the information that's provided to respond to the prompts as you see fit.
When prompted, provide the following information to create your add-in project:
- Choose a project type:
Office Add-in Task Pane project supporting single sign-on
- Choose a script type:
- What do you want to name your add-in?
My SSO Office Add-in
- Which Office client application would you like to support?
After you complete the wizard, the generator creates the project and installs supporting Node components.
You can ignore the next steps guidance that the Yeoman generator provides after the add-in project's been created. The step-by-step instructions within this article provide all of the guidance you'll need to complete this tutorial.
Explore the project
The add-in project that you've created with the Yeoman generator contains code for an SSO-enabled task pane add-in.
The ./manifest.xml file in the root directory of the project defines the settings and capabilities of the add-in.
The ./src/taskpane/taskpane.html file contains the HTML markup for the task pane.
The ./src/taskpane/taskpane.css file contains the CSS that's applied to content in the task pane.
getAccessToken, receives the bootstrap token, initiates the swap of the bootstrap token for an access token to Microsoft Graph, and calls to Microsoft Graph for the data.
The ./ENV file in the root directory of the project defines constants that are used by the add-in project.
Some of the constants defined in this file are used to facilitate the SSO process. You may want to update values in this file to match your specific scenario. For example, you can update this file to specify a different scope, if your add-in requires something other than
At this point, your add-in project has been created and contains the code that's necessary to facilitate the SSO process. Next, complete the following steps to configure SSO for your add-in.
Navigate to the root folder of the project.
cd "My SSO Office Add-in"
Run the following command to configure SSO for the add-in.
npm run configure-sso
This command will fail if your tenant is configured to require two-factor authentication. In this scenario, you'll need to manually complete the Azure app registration and SSO configuration steps, as described in the Create a Node.js Office Add-in that uses single sign-on tutorial.
A web browser window will open and prompt you to sign in to Azure. Sign in to Azure using your Office 365 administrator credentials. These credentials will be used to register a new application in Azure and configure the settings required by SSO.
If you sign in to Azure using non-administrator credentials during this step, the
configure-ssoscript won't be able to provide administrator consent for the add-in to users within your organization. SSO will therefore not be available to users of the add-in and they'll be prompted to sign-in.
After you enter your credentials, close the browser window and return to the command prompt. As the SSO configuration process continues, you'll see status messages being written to the console. As described in the console messages, files within the add-in project that the Yeoman generator created are automatically updated with data that's required by the SSO process.
Try it out
When the SSO configuration process completes, run the following command to build the project, start the local web server, and sideload your add-in in the previously selected Office client application.
Office Add-ins should use HTTPS, not HTTP, even when you are developing. If you are prompted to install a certificate after you run the following command, accept the prompt to install the certificate that the Yeoman generator provides.
In the Office client application that opens when you run the previous command (i.e., Excel, Word or PowerPoint), make sure that you're signed in with a user that's a member of the same Office 365 organization as the Office 365 administrator account that you used to connect to Azure while configuring SSO in step 3 of the previous section. Doing so establishes the appropriate conditions for SSO to succeed.
In the Office client application, choose the Home tab, and then choose the Show Taskpane button in the ribbon to open the add-in task pane. The following image shows this button in Excel.
At the bottom of the task pane, choose the Get My User Profile Information button to initiate the SSO process.
If you're not already signed in to Office at this point, you'll be prompted to sign in. As described previously, you should sign in with a user that's a member of the same Office 365 organization as the Office 365 administrator account that you used to connect to Azure while configuring SSO in step 3 of the previous section, if you want SSO to succeed.
If a dialog window appears to request permissions on behalf of the add-in, this means that SSO is not supported for your scenario and the add-in has instead fallen back to an alternate method of user authentication. This may occur when the tenant administrator hasn't granted consent for the add-in to access Microsoft Graph, or when the user isn't signed into Office with a valid Microsoft Account or Office 365 ("Work or School") account. Choose the Accept button in the dialog window to continue.
After a user accepts this permissions request, they won't be prompted again in the future.
The add-in retrieves profile information for the signed-in user and writes it to the document. The following image shows an example of profile information written to an Excel worksheet.
Congratulations, you've successfully created a task pane add-in that uses SSO when possible, and uses an alternate method of user authentication when SSO is not supported. To learn more about SSO configuration steps that the Yeoman generator completed automatically, and the code that facilitates the SSO process, see the Create a Node.js Office Add-in that uses single sign-on tutorial.