March 14th, 2023

Update your applications from ADAL to MSAL

Den Delimarsky
Principal Product Manager

Since the release of Azure Active Directory Authentication Library (ADAL) we have made considerable progress in evolving the Microsoft identity platform developer tools, consistently bringing new features and capabilities that enable developers to build secure applications with minimal friction.

As we grew the platform, we also learned that our customers wanted a consistent API, OAuth 2.0 and OpenID Connect (OIDC) support, as well as the ability to work with Microsoft accounts (MSA), external identities, and Azure Active Directory Business to Consumer accounts. This led us to the creation of the Microsoft Authentication Library (MSAL).

MSAL makes it easy for you to add identity capabilities to your application in minutes. With a few lines of code, you will be able to authenticate users and applications as well as acquire tokens to access resources such as Microsoft Graph, Azure, or even your own APIs and services. Out-of-the-box, MSAL enables integration with the latest capabilities in the Microsoft Identity Platform.

Sunsetting ADAL

As our team makes substantial investments in evolving MSAL, we have decided to sunset ADAL by June 30, 2023. Once the library is sunset, we will not be providing any support or updates beyond those for critical security issues such as serious vulnerabilities or exploitation vectors. ADAL has not received new features since 2020 and will not support any of the modern platform capabilities such as different account types, graceful token revocation handling, throttling, proactive token renewal, and more. All documentation and samples will also be exclusively written for MSAL.

Applications using ADAL after the deadline are expected to continue to work as the underlying endpoints will remain active; however, we strongly advise against using the library as applications depending on it will be at increased risk due to lack of support for the latest security improvements in our platform.

Migrating your applications

If you have applications that still depend on ADAL, we recommend migrating to the latest version of MSAL. Our team maintains an up-to-date migration guide that can help you identify the best approaches to update your code, regardless of the platform you are on.

For administrators, we also published instructions on how to identify ADAL applications running in their tenant, with more capabilities coming soon.  

Into the future with MSAL

MSAL will be the only library you need to reliably acquire and manage tokens for Azure Active Directory and Microsoft accounts. It comes with extensive documentation and tutorials, code samples, and continuous updates. It is also built around core scenarios that our customers have helped us find:

  • If you are building a line of business app for your enterprise, employees can sign into your application quickly with the help of MSAL, as it provides the best “single sign on” experiences for web, mobile, and desktop. Your administrator will be able to easily manage user identities and seamlessly apply conditional access policies such as requiring MFA for all user accounts. 

  • If you are a software vendor building a SaaS application, MSAL allows you to build the best experience for your customers on Microsoft Entra and Azure Active Directory. While Azure AD is standards-based and can connect any SaaS application built on open standards such as OpenID Connect and SAML, building your app with MSAL can save you considerable time and light up innovative security and reliability without any extra work. 

  • If you are building a business-to-business application to collaborate with your partners, MSAL allows you to sign-up and sign in with external identities into your application. Business partners can sign-up and get approved for access all while using their existing corporate credentials. 

  • If you are building a customer-facing application for web or mobile, MSAL supports our Azure AD B2C service offering, allowing you to build a fully-branded sign in experience.  Users can sign-up for a new account to use with your application starting with their social account or email. 

To get started, choose the MSAL that is right for your application and platform and follow our documentation. You can also jump right into code with one of our MSAL samples.

Questions?

You can post any questions you have on Microsoft Q&A as well as Stack Overflow.

Category
News
Topics
EntraMSAL

Author

Den Delimarsky
Principal Product Manager

I am an engineer and product manager on the Microsoft Identity SDK team, spending inordinate amounts of time tinkering with code, discovering new APIs, and waiting for matches to start in Halo Team Slayer lobbies. Learn more on https://den.dev

0 comments

Discussion are closed.