Karim Elatov

RSA SecurID Access O365 ADAL Basic Rich Client Setup

Blog Post created by Karim Elatov Employee on Sep 15, 2015


I decided to try out the new ADAL authentication method that Microsoft now provides. Some of the specifics of ADAL can be found at Office 2013 updated authentication enabling Multi-Factor Authentication and SAML identity providers. Here is a pretty good overview of what ADAL provides from that page:



More information and specific use cases that this method covers is laid out in Azure AD Authentication Library for .NET. Prior to running this you need to enable ADAL support for your O365 tenant. The Office 2013 modern authentication public preview announced  page covers the instructions on how to apply for that. After you apply for the program, you will see the following:


You will receive an email when it's enabled for your O365 Tenant.

Desktop Office Suite

So let's install the O365 Rich client (A.K.A. Office 2013) on our Desktop. This is done by going to Office 365 settings from the O365 Web Portal:


Then click on Software:


And then you can click Install at the bottom of the page to start the install:


Then the install will start:


The installer will run through the installation process and after it's done you will see this:


You can also check out the installed apps on windows and you will see the following:


Updating Office

Looking over the Office 2013 modern authentication public preview announced page it mentions that we have to be at a specific version:

The public preview update for Office 2013 clients includes Office 2013 and Office 365 ProPlus. Office 2013 requires the March 2015 update patch that is described here.

From the bottom of the page:

Please note that the Office client updates can be found in the following versions of Office Click-to-Run:



Looking over my version, I saw the following:


So I was already at the latest version: 15.0.4745.1001. If you are below the above version, click Update Now to update the client:


and the update process should start:


After it's done, if you restart the Office Application you will see the new version:


Enable ADAL for Office

We also have to enable a registry modification to enable ADAL support for Office 2013. From Enable Modern Authentication for Office 2013 on Windows devices

To enable modern authentication for any devices running Windows (for example on laptops and tablets), that have Microsoft Office 2013 installed, you need to set the following registry keys. The keys have to be set on each device that you want to enable for modern authentication:

HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL REG_DWORD1


So I went ahead and made that change:


Using Office with ADAL and with SAML IdP

If you were previous using Office 2013 for something else, then relaunch Office 2013 and logout:


Then re-login and upon specifying the email it will figure out that you have an external IDP enabled and show you a window where you can login:


After you login you will see that you are fully logged into the Rich client:


I created a new document and I was able to successfully upload it to OneDrive using the ADAL enabled Office 2013 Rich client: