Businesses running Office 2013 can now test out the new, security-enhancing Active Directory Authentication Library (ADAL) sign-in features, announced Microsoft.
“Office 2013 client modern authentication features have moved from private preview to public preview,” Paul Andrew, technical product manager for Identity Management on the Office 365 team, said in a statement. “This means the program is easier to join and production support is included for participants.” The program is open to any customer who has patched Office 2013 with the March 2015 update (or later).
ADAL uses Microsoft’s cloud-based Azure Active Directory (AD) to help enforce an organization’s user log-in policies. When linked to Azure AD or another federated identity provider, Azure AD redirects users to a sign-in Web page. “The identity provider returns a token to Azure AD when the user is successfully signed in. Azure AD returns a JWT token [JavaScript Object Notation Web Token] to the Office client application and the client application can use this JWT token with Office 365 services on behalf of the user,” states this Microsoft-supplied explainer on ADAL.
Security and customization are the technology’s main draws, according to the company. “There are several benefits of this approach, including that the Office client applications never handles the user password, the identity provider can show multiple pages and custom user interface to the user, and customized sign-in can be enabled through integration with the identity provider,” Microsoft said.
With ADAL support, security-conscious organizations can use multifactor authentication with their Office 2013 client applications. Multifactor authentication is gaining ground among businesses and cloud providers as a way to combat account hackings and the data breaches that often follow. In addition to a username and password, services and systems protected by multifactor authentication generally require users to input a code delivered via email or text message.
Last month, Apple added two-step verification to iMessage and FaceTime. The company, itself a target of high-profile hacks involving Hollywood celebrities, locked down its iCloud service with multifactor authentication in September 2014.
ADAL support also enables application sign-ins via an SAML-based (Security Assertion Markup Language) third-party identity provider, along with smart card and certificate-based authentication scenarios. However, since it’s a preview, users may have to contend with some issues, Andrew said.
Microsoft’s Office 2013 and Office 365 ProPlus Modern Authentication wiki warns that Outlook 2013 users may encounter syncing errors if they attempt to fetch messages from Office 365 accounts that are not set up with modern authentication. “Users enabled for ADAL-based authentication will not be able to access secured content hosted in another tenant’s SharePoint Online sites using the ‘External Sharing’ feature,” the company also advised.
Customers using older versions of Office should not expect ADAL to make an appearance, according to a road map published by Microsoft. The company has “no plans” to release ADAL-based authentication for Office 2007 or 2010 on Windows or Office for Mac 2011.