0

I want to develop an Outlook Addin that can work on web and mobile application following the instruction to use OfficeJs, the addin can:

  • work with my server to get information,
  • then read, send email with attachment and move email.

I known that I have to use Outlook Rest API or Microsoft Graph for the mail sending/moving feature. I have stuck when thinking about publishing this addin to users even they are not in my organization.

  • I tried Outlook Rest API, this approach as I observed doesnt need to register an app in Azure, the token generated from getCallbackTokenAsync can be used to call Outlook Rest Api right away. I wonder if a user from diferent organization can use the addin. One more thing is in case I need to communicate to my own Backend server, I found no instruction to validate the outlook rest token generated (but there is a tutorial to validate a token that use for graph from getAccessTokenAsync) or I have to provide users a login form to my backend server so I can be sure that the addin is authorized to perform request to my server.
  • I tried MS Graph API, this approach is recommended from MS but they do not recommend to use Single Sign On in production. Even so, I want users to have a good experience using the addin, when following this approach, I have some concerns:
    1. Can users from different organization can use the addin as the addin is developed and using the app registration and website from a diferent tenant (my tenant)? With or without SSO?
    2. In case it cannot be used by the different organization, what is the best way to develop the add in and provide the addin for those users to use? Via central deployment in their ơwn organization (it means their addmin need to register different app in Azure and hosted a diferent website and manifest, I believed our clients dont want to do many things like that just to use an addin)? Via Appsource? (I am not into Appsource because the addin is planned to be used only by our clients, but if it is the best way, I would like to know your recommendation)

Thank you.

ninjjshd
  • 128
  • 1
  • 7
  • To clarify: Do you want to use Graph APIs to install addins in different organization? This workflow is currently not supported – Outlook Add-ins Team - MSFT Jul 18 '19 at 03:24
  • @OutlookAdd-insTeam-MSFT, Thank you for answering, ah no, I want my addin to be used by many organizations and personal accounts, and this addin will use Graph API to send email. I found a way to use office-js-helper to prompt user for login and set the app registration in Azure to accept allowing any organizations and personal account. I currently disable SSO. So is that the right approach? – ninjjshd Jul 19 '19 at 04:19
  • Thanks for clarification. Outlook addins work on email/appointment items on your current organization or personal mailbox. I am not able to understand how "other" organization mailbox is coming into this scenario. Could you please explain from a user point of view - what does user want to do and why? – Outlook Add-ins Team - MSFT Jul 19 '19 at 09:59
  • Ah yes, sorry for confusing you. The story is in the very beginning when I created app registration in Azure, I thought that any users belong my organization (tenant, for example, mytenant.onmicrosoft.com) can install and use the ádd in to operate action on their own mailbox. Because the API permission for Graph I request in app registration is for that app registration and the app registration is created from my tenant, so i wondered if a personal account or an account from others organization (for ex, yourtenant.onmicrosoft.com) can also use the addin to operate action their own mailbox too? – ninjjshd Jul 20 '19 at 03:02
  • Summary, I develop an add in that has an app registration in my Azure for my tenant (mytenant.onmicrosoft.com), the add in use Graph API to operate action on the user (who use the addin) mail box. (i use office js helper to authenticate ủser). My testing ran well for users belong to my tenant. Then the client wants to sell the add in to others tenant and personal accounts (yourtenant.onmicrosoft.com), do I have to create an app registration on their azure tenant (yourtenant.onmicrosoft) and host another website for the addin or they can also use the one I have? – ninjjshd Jul 20 '19 at 03:22
  • The sell here is something like a license. – ninjjshd Jul 20 '19 at 18:48
  • Same add-in can work for any organization(example myworkaccount@mytenant.onmicrosoft.com) account or personal(mypersonal@outlook.com) account, provided add-in page is accessible and can authenticate that account. We will need details about Azure Registration of add-in you are referring to. Is add-in hosted in Azure infrastructure of specific tenant? What type of Auth are you using between add-in page and backend service? How is user authenticating with the add-in? – Outlook Add-ins Team - MSFT Jul 22 '19 at 03:38
  • Yeah, Thank you for your response. I don't know much about Azure. I was given an account that can access Azure portal and Office 365, this account is global admin, I follow the step in the document to create app registration for SSO flow at the beginning, the app registration info has its info about the tenant it was created on. I choose the option "Allow any organization..." when creating app registration. About the authentication to MS Graph, I used the tutorial in office-js-helper: authenticator.endpoints.registerMicrosoftAuth to get the access token to work with MS Graph. – ninjjshd Jul 22 '19 at 11:11
  • The addin web page is hosted in Azure also and can access from anywhere as I tested. For our backend, we has a hard code token that is passed through the manifest to taskpane page (https://../taskpane.html?token=...) and we use this token to detect our clients, call our backend API. Each client will have his own manifest so he can deploy to users in their own org (different tenant) (we planned to do this way to distribute our addin but I am not sure if the same app registration, the same addin can work for many tenant like this, but as you replied, the answer is yes, thank you very much) – ninjjshd Jul 22 '19 at 11:14
  • what made me confuse the most is when I reading, I cannot find many info about multi tenants scenarios, like my case, and spending a hard time asking here and experiment myself to see if it works :) – ninjjshd Jul 22 '19 at 11:24
  • one more point I forgot to mentioned, that why I set it up follow the SSO tutorial but still use the office-js-helper authentication. The reason is I find that MS does not recomend using SSO in production, so I have changed my mind in the middle of the way coding this, to use office-js-helper :) – ninjjshd Jul 22 '19 at 11:30
  • My understanding is, You want to build an add-in which needs to work for any user in any organization that need to work on Outlook in Web and Mobile. This add-in, when launched by user, should have capability to read mail content, respond with attachment and move mail to different folder. Is my understanding correct? Most of above cases are feasible with Outlook add-in. It is good i understand complete scenario, before recommendation. Please provide complete use case. https://docs.microsoft.com/en-us/office/dev/add-ins/outlook/ is a good starting point for Outlook add-ins development. – Outlook Add-ins Team - MSFT Jul 23 '19 at 14:26
  • Hi, thank you. Yes, you understand it completely. – ninjjshd Jul 24 '19 at 07:21

2 Answers2

0

learn.microsoft.com/en-us/office/dev/add-ins/outlook is a good starting point for Outlook add-ins development.

Outlook Add-ins Team - MSFT
  • 8,906
  • 1
  • 9
  • 21
0

from Outlook Add-ins Team - MSFT: My understanding is, You want to build an add-in which needs to work for any user in any organization that need to work on Outlook in Web and Mobile. This add-in, when launched by user, should have capability to read mail content, respond with attachment and move mail to different folder. Is my understanding correct? Most of above cases are feasible with Outlook add-in. It is good i understand complete scenario, before recommendation. Please provide complete use case. learn.microsoft.com/en-us/office/dev/add-ins/outlook is a good starting point for Outlook add-ins development

ninjjshd
  • 128
  • 1
  • 7