Skip navigation
Menu
OAuth Authentication in Lync Server 2013
Collaboration>Conferencing

OAuth Authentication in Lync Server 2013

Microsoft Lync Server 2013 has many new server and client features that will get a lot of attention, but there are also some under-the-hood items that shouldn't go unnoticed. One that comes to mind is OAuth, the new authorization method used when an organization wants Lync 2013 integration with Microsoft Exchange Server 2013 or SharePoint 2013. In this article, I'll take a look at some key areas around OAuth, including the benefits of using OAuth for Lync integration and deployment tips for smoother implementation.

Benefits of OAuth

OAuth is an industry standard communication protocol for server-to-server authentication and authorization. Lync Server 2013 leverages OAuth for its server-to-server communication process to better handle security between Lync 2013, Exchange 2013, and SharePoint 2013.

OAuth authentication involves three parties in the communication process: an authorization server, and two parties that need to communicate with each other. The authorization server issues security tokens to the two parties that are trying to communicate. These tokens verify that communication from one party should be trusted by the other party during the communication process.

Related: The Lync Server 2013 Planning Tool

By using OAuth authentication with Exchange 2013 and SharePoint 2013, organizations can take advantage of some of the rich new features of Lync 2013, such as:

  • Unified contact store -- The unified contact store lets you store all Lync contact data in the user's Exchange 2013 mailbox. This feature presents a unified view of the data as well as a single storage location. Lync retrieves data associated with a user's contact list by using Exchange Web Services (EWS), as opposed to the Session Initiation Protocol (SIP) request used in Lync 2010.
  • Archiving -- Lync has always had robust archiving capabilities, but its discovery capabilities have been limited. By integrating Lync and Exchange 2013, both archiving and discovery take a major step forward.
  • HD photos -- When Lync 2013 and Exchange 2013 are integrated, Lync supports HD photos. Storing photos in Active Directory (AD) in the thumbnailPhoto attribute limits the flexibility for manipulation of the photos and also puts the burden on AD to replicate extra traffic to all the domain controllers (DCs). By having Exchange as the storage point for Lync 2013 photos, users can leverage high-resolution photos for their Lync profiles.

OAuth Deployment Tips

Lync Server 2013 supports three server-to-server authentication scenarios with the OAuth authentication process:

  • On-premisesdeployment -- an on-premises deployment of Lync Server 2013 integrated with an on-premises deployment of either Exchange 2013 or SharePoint 2013
  • Onlinedeployment -- an online cloud deployment of Lync Online integrating with Exchange Online or SharePoint Online
  • Hybrid deployment -- a deployment where part of your infrastructure (Lync, Exchange, SharePoint) is on-premises and part in the cloud

Although you have choices about which scenario best fits your needs, implementing OAuth for your Lync 2013 environment isn't difficult. Here are some tidbits that should help make your deployment even easier:

  • Be sure that you have a valid certificate to use for OAuth; try to leverage the same certificates across the Lync and Exchange environments, which makes for a more seamless integration with free/busy data and Exchange Unified Messaging.
  • Take advantage of the Lync 2013 Deployment Wizard for certificate installation and configuration in your Lync environment. The Lync deployment wizard provides a step-by-step walkthrough for importing/exporting certificates to Lync 2013 servers. Note that the Lync 2013 Deployment Wizard is launched when you run setup.exe for Lync.
  • Be sure to create the partner association for Lync 2013 and Exchange 2013. The partner association allows Lync and Exchange to exchange security tokens during the OAuth process so that they don't rely on a third-party mechanism. For more information about creating this connection, see the Microsoft article "Configuring an On-Premises Partner Application for Microsoft Lync Server 2013."
  • Make sure to configure the Exchange Autodiscover service, or that it's already set up and working. You can find out more about this service in the Microsoft article "Configure Exchange Services for the Autodiscover Service."
  • Be sure to download and install the Unified Communications Managed API (UCMA) 4.0 Runtime in your Exchange environment. UCMA 4.0 is available from the Microsoft Download Center.

OAuth for Tighter Integration

The benefits of the OAuth authorization method outweigh the few extra steps an administrator will need to take to reap the rewards of Lync Server 2013. Microsoft came through by addressing key areas for tighter integration with SharePoint 2013 and Exchange 2013, whether you’re in an on-premises, cloud, or hybrid deployment. At the end of the day, the OAuth authorization process is Microsoft conforming to an industry standardized framework that already existed within the web industry for token authentication -- which should be good for everybody.

Learn More: Lync Server 2013 Deployment Scenarios

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Business people video conferencing in a conference room meeting
Intelligent Meeting Rooms: How AI Is Reshaping Meeting Room Experiences – and Raising New Issues
Apr 11, 2024
zoom logo
Zoom Releases New AI-Powered Collaboration Platform—Zoom Workspace—Plus Other Updates
Mar 26, 2024
interactive display
Omdia Research Shows Slowdown in Global Shipments of Public Displays
Mar 07, 2024
Employee wears wireless headset video calling on laptop
10 Microsoft Teams Alternatives, From the Free to the Pricey
Jan 26, 2024