Working with Office Add-Ins and External Users

Office add-ins are a great way to extend the experience of the Office Clients and help users achieve their tasks. By helping users in their existing context it is easier to achieve their tasks. With the latest revision of the validation policies for the Office Store you can see that it is possible to add add-ins to Word Online and Excel Online. Something that requires some changes in the add-in manifest, so we took it to hearth to get the Mavention Post To Yammer working with that.

Before submitting the updated add-in we did do some testing ourselves and one thing stood out. It is not just related to the Word and Excel Online clients, yet we just didn’t test it in this scenario before.

External Sharing

With Office 365 it is easy to share any document or library with external parties. When something is shared you have the option to give those users the option to edit a document. When editing a document that contains an Office Add-In any employee can add a add-in from the corporate catalog. These add-ins are available for your employees and can be added as soon as you have read access to your app catalog. Besides the read access you will need to have contribute permissions on the file.

Now if you share a document you can hand out those contribute permissions, however if you open a document as an external user without access to the App Catalog you will be prompted with an error.

App Catalog Access Denied Error

Depending on your Office 365 tenant configuration any user can share documents. Yet without access to the app catalog the add-ins will throw an error. As by default the documents will show the add-in the error is prompted each time you open a document. Luckily once you have added the external user to the App Catalog all problems are solved. Out of the box when you create a new App Catalog site you will see that the everyone group does not have any permissions. And in a real world you would probably would never add a single user. So it would be a best practice to add the Everyone group to the visitors group. This should give them enough permissions to view the add-ins and work with them.

Obviously there is a downside on this as well, it means that all add-ins that are available through the corporate catalog can be used by external users in documents that they have contribute permissions for as well. Yet without those permissions users are presented with an error and that would break their flow.