Impersonation vs Delegation

Last update:
Created :
Written by Support InfoBridge


When having to choose how you wish to set up your rights for the Synchronizer user (often called the SyncUser), you have two options:

  • Impersonation
  • Delegation



Impersonation is where you set the Syncuser with access to all the mailboxes, this is an easy and fast setup. But can also give security issues, depending what this account is being used for.


Delegation is the second option, where you need to give the Syncuser rights on individual mailboxes. This takes a bit more time but you are sure that the Syncuser only has access to those mailboxes which it needs to have access to.

How the Synchronizer works regarding Impersonation/Delegation:

When starting the synchronizer, a check will be done to see if Impersonation or Delegation is being used. If impersonation is used then the Sync knows that it has full rights over the different mailboxes, and the synchronizer will start syncing rapidly.

If the delegation option is selected, it will go through each users's mailbox to verify if the Syncuser has full rights. This will make the synchronizer slower during startup but also during normal operation, as the mailboxes will be checked in succession. If you have a lot of users in the same pool, it might take some time before a user will notice that his/her appointments/tasks/contacts have been synced.