Excel MFA · Excel 2FA · VBA sign-in · Office automation

Excel MFA and SSO for VBA automation.

Excel is often the most important unofficial application in the business. When a workbook or VBA macro starts calling APIs, JDE Orchestrations or other business services, sign-in can no longer be a hidden password, a typed username or a shared assumption. Beanstalk gives Excel automation a modern identity path.

Excel MFA Excel SSO VBA / Access Microsoft Entra ID Verified token context

Excel is not just a spreadsheet when it can trigger business actions.

In many organisations, Excel is where users reconcile, upload, validate, report, correct and automate. In JD Edwards environments, it is also a natural front end for Orchestrations.

That makes authentication more than a convenience. If Excel can call a real business service, the receiving system needs to know who signed in, whether MFA was enforced, and whether the identity context can be trusted.

Beanstalk lets Excel, VBA and Access call a local COM automation broker. The broker opens the browser, uses the organisation’s identity provider, completes the OIDC/PKCE flow, and returns a verified identity result — and where configured, token material — to the workbook.

What Excel gets

  • A browser-based sign-in flow through Microsoft Entra ID, Okta, Google, Auth0, ADFS, Keycloak or another supported provider.
  • Verified user identity details such as principal name, display name, domain, groups or claims.
  • Where the provider, scopes and audience allow it, token material that other approved systems can validate.

What Excel avoids

  • No passwords stored in hidden worksheets, VBA modules, INI files or registry keys.
  • No custom MFA prompt inside the workbook.
  • No need for every spreadsheet macro to implement OIDC, PKCE, token exchange and validation logic.

Where it fits

  • Excel workbooks calling JDE Orchestrations, AIS services or internal APIs.
  • Access or VBA tools that need enterprise sign-in before reading or writing business data.
  • Desktop Office automation that must satisfy MFA, SSO, audit or cyber-insurance requirements.
Practical next step

Find out whether Beanstalk can secure your workflow.

Tell us whether the caller is Excel, Access, VBA, Delphi, PowerBuilder, a desktop Office tool or another Windows application; which identity provider you use; and what system the tool needs to call. We can usually tell quickly whether Beanstalk is a practical fit.

Common questions

Beanstalk does not change Excel itself. The workbook or VBA code calls Beanstalk through COM when it needs authentication. Beanstalk performs the browser-based identity flow and returns the verified result to the workbook.

No. Entra ID is a common target, but Beanstalk is designed for multiple OIDC-capable identity providers including Okta, Google, Auth0, ADFS, Keycloak and others.

No. A username alone is only a label. Beanstalk can return verified identity details and, in suitable configurations, token material with issuer, audience, scope and expiry rules that receiving systems can validate.

Need something specific?

Tell us which application and which identity provider, or which JDE pain point you're trying to close. We'll tell you quickly whether one of our tools is a fit and what integration looks like for your environment.