Summary
This article explains why Salesforce login cannot complete inside the Insight side panel in new Outlook and OWA, and what to do so the authentication flow can be completed properly.
Symptoms / Issue
- User attempts to sign in to Salesforce from the Outlook web add-in
- Salesforce login opens, login succeeds, but the session stays in the browser instead of returning back inside the Outlook side panel
- In OWA and new Outlook, Insight cannot go directly to Salesforce login page within the side panel.
Environment: Outlook on the web (OWA) and new Outlook
Resolution / Steps
- Do not attempt to load the Salesforce login page inside the Insight side panel in OWA/new Outlook
- Insight add-in cannot go directly to the Salesforce login page within the side panel due to Microsoft Office and Salesforce restriction.
- Open a separate login dialog and use it for Salesforce to sign in.
- After logging in, the user will generally remain authenticated, so the login page usually will not appear again.
Related Troubleshooting: OAuth Errors After the Login Dialog Opens
If the login dialog opens but authentication still fails with an OAuth error, verify that the Salesforce Connected App is correctly configured. The Connected App's definition must include the following Selected OAuth Scopes:
- Access the identity URL service (id, profile, email, address, phone)
- Manage user data via APIs (api)
- Perform requests at any time (refresh_token, offline_access)
If users see an OAuth_Approval_Error_Generic error, this typically indicates that API access control is not enabled, or that the user has not been granted access to the Connected App. In that case:
- In Salesforce Setup, go to Connected App OAuth Usage and confirm the Riva Insight Connected App is installed.
- Go to Manage Connected Apps and confirm the Permitted Users policy is set appropriately.
- If the app is set to Admin approved users are pre-authorized, confirm the affected user's profile or permission set has been assigned access to the Connected App.