AD FS server passes back a Lync server trusted authentication token that is used by the mobile client for signing in. ), taps sign in and then gets redirected to ADFS for authentication. User signs in by typing sign in address only ( Passive auth is handled using AD FS 2.0 that does the initial authentication. This type of authentication offers the customers to have their users authenticate passively and hence customize the authentication experience as desired. When this in-band policy is enabled or in general when credentials aren’t stored on the device, Lync mobile client cannot authenticate against Exchange Web Services (EWS).įor more details about Lync Server Certificate Authentication in general, please visitĬertificate Authentication in Lync Server 2010 and Enterprise PKI MICROSOFT LYNC 2013 SIGN UP PASSWORDIf password is already set, it gets cleared from device storage when policy is downloaded without any user interaction. In combination with AllowSaveCredentials inband policy for mobile clients, the “save my password” option can be disabled. This limits exposure in the case where device is compromised (stolen/hacked). The Lync certificate is scoped to Lync resources only (limits risk).įurthermore, a certificate is revocable by a Lync Admin using Lync PowerShell cmdlet. The Lync Certificate is stored in a location that does not allow access from other applications. The AD credentials are only stored as a long as the current Lync application session is running, and that once either Lync or the device is restarted, only the certificate is stored locally.ĪD password is no longer needed for Lync server access (while signed in)Ĭertificate can be renewed without AD credentials. In this method, the Lync user signs in using AD Credentials (same as before) but in the background we also get a Lync Certificate which is used for ongoing authentication. This is a proven solution since Lync Server 2010 release and Lync desktop clients already support this authentication method.įigure 1: Lync 2013 Mobile Client Certificate Authentication flow diagram Notably, we are addressing these concerns in a way that minimizes the impact for end users. MICROSOFT LYNC 2013 SIGN UP WINDOWSWith the updated Lync 2013 mobile clients (version 5.2, now available for iOS and Windows Phone), customers can now take advantage of the support for Lync Server Certificate Authentication or Passive Authentication and configure their environment for enabling mobility scenarios. It has been challenging for these customers to take advantage of Lync mobile clients which have until now relied on AD credentials for authentication. Some customers prefer to limit the use of Active Directory (AD) username and password credentials in order to address a range of security concerns, including those associated with the use of smartphones and tablets. Today about new features available with updated Lync 2013 Mobile clients, we are excited to share more details about Lync 2013 Mobile client’s support for certificate authentication and passive authentication. In the Lync main window, click the arrow next to the Options button, click File, and then click Exit.First published on TECHNET on Oct 08, 2013 After exiting, to restart Lync, use the Windows Start menu. Return to the Lync main window at any time by clicking the Lync icon at the bottom of your screen.Ĭlick the arrow next to the Options button, click File, and then click Close.Ĭlick the X in the upper-right corner of the main window.Ĭloses you out of your Lync session and stops the Lync program on your computer. In the Lync main window, click the arrow next to the Options button, click File, and then click Sign Out.Ĭloses the Lync main window, but keeps your session running so you still receive alerts and can quickly interact with others who can see your presence status. Doing so also can make it easier for technical support to troubleshoot any sign-in issues. Important: If you share the computer you’re working on with other users or just want to make it more difficult for an unauthorized users to log in with your credentials, when you sign out, click Delete my sign-in information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |