Karim Elatov

RSA SecurID Access O365 ADAL Basic Rich Client Setup

Blog Post created by Karim Elatov Employee on Sep 15, 2015

ADAL

I decided to try out the new ADAL authentication method that Microsoft now provides. Some of the specifics of ADAL can be found at Office 2013 updated authentication enabling Multi-Factor Authentication and SAML identity providers. Here is a pretty good overview of what ADAL provides from that page:

adal-auth-pic.png

 

More information and specific use cases that this method covers is laid out in Azure AD Authentication Library for .NET. Prior to running this you need to enable ADAL support for your O365 tenant. The Office 2013 modern authentication public preview announced  page covers the instructions on how to apply for that. After you apply for the program, you will see the following:

o365-adal-program.png

You will receive an email when it's enabled for your O365 Tenant.

Desktop Office Suite

So let's install the O365 Rich client (A.K.A. Office 2013) on our Desktop. This is done by going to Office 365 settings from the O365 Web Portal:

o365-settings.png

Then click on Software:

o365-software.png

And then you can click Install at the bottom of the page to start the install:

install-software-o365.png

Then the install will start:

o365-installer-2.png

The installer will run through the installation process and after it's done you will see this:

o365-installer-done.png

You can also check out the installed apps on windows and you will see the following:

o365-installed.png

Updating Office

Looking over the Office 2013 modern authentication public preview announced page it mentions that we have to be at a specific version:

The public preview update for Office 2013 clients includes Office 2013 and Office 365 ProPlus. Office 2013 requires the March 2015 update patch that is described here.

From the bottom of the page:

Please note that the Office client updates can be found in the following versions of Office Click-to-Run:

14.0.7145.5001

15.0.4701.1002

Looking over my version, I saw the following:

o36-version-rich-client.png

So I was already at the latest version: 15.0.4745.1001. If you are below the above version, click Update Now to update the client:

update-o365-button.png

and the update process should start:

o-2013-update-going.png

After it's done, if you restart the Office Application you will see the new version:

o2013-new-version.png

Enable ADAL for Office

We also have to enable a registry modification to enable ADAL support for Office 2013. From Enable Modern Authentication for Office 2013 on Windows devices

To enable modern authentication for any devices running Windows (for example on laptops and tablets), that have Microsoft Office 2013 installed, you need to set the following registry keys. The keys have to be set on each device that you want to enable for modern authentication:

REGISTRY KEYTYPEVALUE
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL REG_DWORD1
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\VersionREG_DWORD1

 

So I went ahead and made that change:

adal-regedit.png

Using Office with ADAL and with SAML IdP

If you were previous using Office 2013 for something else, then relaunch Office 2013 and logout:

o-2013-logout.png

Then re-login and upon specifying the email it will figure out that you have an external IDP enabled and show you a window where you can login:

o-2013-idp-shown.png

After you login you will see that you are fully logged into the Rich client:

rich-client-logged-in-adal.png

I created a new document and I was able to successfully upload it to OneDrive using the ADAL enabled Office 2013 Rich client:

office-upload-to-cloud.png

Outcomes