All of this is from my real world experience with Office 365 deployments/setups.
We are looking at deploying the latest version of Office but are
having difficulty deciding between Office 365 or Office 2013 volume
license. I understand the cost benefits of 365 (and I actually like
the user based approach) however I'm having a hard time finding all
the info in one place regarding authentication.
The first thing I'd want to know is how many users you have. That helps greatly with which version of Office 365 to go with should you choose it over just the standalone Office 2013. There is a sweet spot for each version of Office 365 that is dependent upon number of users. Also, you'll want to look at other factors when making this decision such as cost of on-premise Exchange and the CALs/licensing that goes along with it as well as the server that would run an on-premise Exchange environment and the CALs/licenses associated with it. If you already have your own Exchange environment then I'd look at the cost of upgrading to 2010 or 2013 vs. going with Office 365. Let me give you a real world example that I recently was involved with setting up and configuring: We had a client that had 20 users and their own Exchange server. The Exchange version was 2003 and the Server was also 2003. This client didn't want to spend a huge chunk of money (as they didn't have it to spend in the first place) on an upgrade but knew that they needed to do something. To upgrade to the newest (at that time Exchange 2013 had just come out and we were going to recommend that) Exchange version as well as the newest Windows Server (2012) version to support this combined with the CALs they would need for the new server version, the CALs they would need for the new Exchange version, and the purchase cost of buying Server 2012 and Exchange 2013 the price was way more than going with an Office 365 Small Business Plan. The plan we choose for this client was the Office 365 plan that allowed them the newest versions of Office; which you speak of. They choose this (the regular Office 365 Small Business was around $4-$5) option which made their per user price $12; per month, so per user per year total was $144. Take $144 times 20 users, and you have a grand total $2880. Now, this may seem like a lot but when you compare it to the cost of getting the CALs for both Exchange and Windows Server as well as purchasing each product, and updating Microsoft Office (as 2003 isn't compatible with Exchange 2013) you are talking a grand total of roughly $9000 ($1200 for Exchange CALs, $1200 for Server 2012 CALs, $600-1200 for Exchange 2013, $600-1200 for Server 2012, $6000 for 20 copies of Office 2013 Professional) to $10,000. People would argue that you'd pay for that in 3 years if you are using Office 365 Small Business at $12 per user per month, but they have to factor in the cost of upgrading Exchange during the next version which is coming, along with a potential Server OS and Office Suite upgrade all over again in three years. Also remember that our client was able to get the newest version of Office each time it came out at no additional cost and the fact that you don't have to have an IT guy there to manage it is a huge plus. If I've way over done this part of the answer forgive me, but I'd rather over inform you then under inform you. On to the next section.
I've found an article that describes 3 different auth methods (Office
365 account, DirSync, and ADFS). Ideally I would like to provide as
seamless integration as possible so SSO using ADFS is my choice but I
don't know much about any of the gotchas that would prevent users from
being able to open Office.
The three auth methods are correct, however you need an Active Directory domain for two of the three, one of which isn't probably viable unless you're a large enterprise. The Office 365 auth is pretty self explanatory, it's handled on MS' side and you don't have to worry about much other than resetting the occasional password. The AD directory sync method requires a piece of software to be setup on your domain controllers and literally sync's passwords to Office 365. It requires a little more configuration and ultimately provides a way of SSO; albeit not as good as ADFS. ADFS basically makes a connection from a server running Active Directory Federation Services on your domain to an MS Azure server on the other side. Your password is truly SSO, but let me warn you, if your ADFS server(s), or your WAN connection goes down, there is no way to log on to your Office 365 account until these resources come back up. It is also more secure as it only passes the password response from your AD servers rather than your actual password to the Office 365 side of things. Keep in mind again, that if you only have 1 ADFS server and it goes down, your Internet might be perfectly fine, but you will not be able to log in or access anything as Office 365 queries your ADFS server for a response and if it can't get it then you are screwed until you can fix it. We've been in that boat, and it's not fun. ADFS is traditionally for large enterprises that can create ADFS Farms.
but what about each time Word or Outlook or whatever is opened. Do
users creds need to be verified each time?
No, only when they want to access the online portion will they need to verify their credentials.
I hope I've helped here as I truly enjoy Office 365 and see how it can be a big benefit if thought out correctly from my own experience working with it. Let me know if you need more info.