Skip to content

Commit 33e51ce

Browse files
AlexJerabekdavidchesnut
AlexJerabek
and
davidchesnut
authored
[all hosts] (SSO) Add another cause for the 13007 SSO error code (#5031)
* Add another cause for the 13007 SSO error code * Update docs/develop/troubleshoot-sso-in-office-add-ins.md Co-authored-by: David Chesnut <[email protected]> * Update docs/develop/troubleshoot-sso-in-office-add-ins.md Co-authored-by: David Chesnut <[email protected]> --------- Co-authored-by: David Chesnut <[email protected]>
1 parent e6aab78 commit 33e51ce

File tree

3 files changed

+9
-2
lines changed

3 files changed

+9
-2
lines changed

docs/develop/troubleshoot-sso-in-office-add-ins.md

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: Troubleshoot error messages for single sign-on (SSO)
33
description: Guidance about how to troubleshoot problems with single sign-on (SSO) in Office Add-ins, and handle special conditions or errors.
4-
ms.date: 10/24/2024
4+
ms.date: 02/07/2024
55
ms.localizationpriority: medium
66
---
77

@@ -77,7 +77,14 @@ Client Error. This error is only seen in **Office on the web**. Your code should
7777
The Office application was unable to get an access token to the add-in's web service.
7878

7979
- If this error occurs during development, be sure that your add-in registration and add-in manifest specify the `profile` permission (and the `openid` permission, if you are using MSAL.NET). For more information, see [Register an Office Add-in that uses single sign-on (SSO) with the Microsoft identity platform](register-sso-add-in-aad-v2.md).
80-
- In production, an account mismatch could cause this error. For example, if the user attempts to sign in with a personal Microsoft account (MSA) when a Work or school account was expected. For these cases, your code should fall back to an alternate system of user authentication. For more information on account types, see [Identity and account types for single- and multi-tenant apps](/security/zero-trust/develop/identity-supported-account-types)
80+
- In production, an account mismatch could cause this error. For example, if the user attempts to sign in with a personal Microsoft account (MSA) when a Work or school account was expected. For these cases, your code should fall back to an alternate system of user authentication. For more information on account types, see [Identity and account types for single- and multi-tenant apps](/security/zero-trust/develop/identity-supported-account-types).
81+
- Make sure your application is enabled for users to sign-in for your organization.
82+
1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/).
83+
2. Go to your add-in's app registration.
84+
3. On the **Overview** page, select **Managed application in local directory**.
85+
:::image type="content" source="../images/azure-portal-managed-application.png" alt-text="The Managed application in local directory option in the App Registration Overview window.":::
86+
1. Select **Manage** > **Properties**, and ensure that the value of **Enabled for users to sign-in?** is **Yes**.
87+
:::image type="content" source="../images/azure-portal-enable-sign-in.png" alt-text="The option to allow users in the organization to sign-in to an application in the Properties window.":::
8188

8289
### 13008
8390

docs/images/azure-portal-enable-sign-in.png

109 KB
Loading

docs/images/azure-portal-managed-application.png

74.8 KB
Loading

0 commit comments

Comments
 (0)