1

We have an office add-in manifest which we published to our organization app catalog. We have external users who can use these apps and our SharePoint is configured to authenticate these users (No Single Sign On). We also don't want to publish these manifests to Microsoft store also.

On the Excel, if the user tries to access the app catalog manifests from the Trusted Catalog location configured it shows access denied and there are no login page being displayed. The same behavior can be observed if the user is signed out of Excel and tries to access a manifest from office 365.

As we work with multiple organization, how can we support login to our catalog from different users?

enter image description here

renil
  • 409
  • 5
  • 14
  • To clarify, is this the scenario: User from Org-A wants to access an add-in hosted in Org-B's SharePoint app catalog. User has an account with Org-B's SharePoint site? Ideally, what should the experience be? Do you want to show sign-in page in the Org-B's add-in when user tries to access it? – Sudhi Ramamurthy Apr 10 '17 at 17:16
  • Yes, that scenario is correct. We were expecting the users will be presented with login mechanism (Forms, STS based) configured in SharePoint in this case. – renil Apr 10 '17 at 17:22
  • Thanks. I'm not sure if this cross org access scenario is supported without the store front. Will confirm... – Sudhi Ramamurthy Apr 10 '17 at 17:24

1 Answers1

0

The cross organization add-in/catalog access doesn't seem to be supported. Office store is meant to address this exact scenario where add-ins need to be distributed across organizations with the right level of authorization. So, that may be something you want to consider.

Sudhi Ramamurthy
  • 2,358
  • 1
  • 10
  • 14
  • What is the idea behind this limitation? Why would I stop users from using a 3rd party app if they trust the catalog? Can you also clarify the wording "seem to". – Miro J. May 24 '17 at 21:20
  • 1
    I can confirm that non-store cross-org manifest isn't supported. The store is specifically meant to support such scenarios. I do understand that your add-in may not be specifically meant for public consumption and intended for specific B-B scenarios. The SharePoint catalog permission model doesn't allow us to create allow-list to enable trusted partners to use their single sign-on at the moment. – Sudhi Ramamurthy May 26 '17 at 19:34