OAuth Authentication in the Synchronizer

Last update:
Created :
Written by Support InfoBridge

Overview

Currently, we have two ways of authenticating users with the Exchange Online Synchronizer. We support Basic Authentication and OAuth

Basic Authentication

This is basically the way the Synchronizer has been running for many years. Meaning, there is a dedicated domain user, the SyncUser, who is given Impersonation or Delegation rights. 

For all the preparation and installation articles please see the sections Prepare and Install

Microsoft will decommission Basic Authentication for EWS. These plans apply only to the cloud-based Microsoft 365/Exchange Online products; there are no changes to EWS capabilities of on-premises Exchange products , more info

The latest information from Microsoft learns that, effective October 1, 2022, Basic Authentication will be permanently disabled in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that). More info

The Synchronizer uses EWS and now supports the latest OAuth authentication and authorization techniques.

In fact, the current version can be used (until October 1, 2022) in two different authentication modes. Both in the Basic authentication mode and the new OAuth mode. Let's explain:

  • For On-Premise Exchange customers nothing will change, you can still use the Synchronizer the way you are used to. Install the latest version to get the latest features and fixes.
  • For M365/Exchange Online customers the new OAuth will eventually need to be used. This means that the linked users will need to be re-linked with the new Microsoft 365 Token Authentication Manager. See this article
  • For M365/Exchange Online customers who use the Synchronizer in ranked mode the new OAuth will eventually need to be used. This means that the linked users will need to be re-linked with the new Office 365 Token Authentication Manager. See this article
  • For M365/Exchange Online customers who want to start using the new Synchronizer with OAuth but do not want to move all users in 1 go, the Synchronizer can be used in a mixed mode. Using the Sync in mixed mode, both in Basic Authentication and OAuth gives you the change to move the users in smaller parts. More information

OAuth and the Microsoft 365 Token Authentication Manager

In the new version of the Synchronizer we use the Microsoft 365 Token Authentication Manager to let the users themselves authorize the Synchronizer to their Calendar.

How the Microsoft 365 Token Authentication Manager works is described in this article.