OAuth Authentication in the Synchronizer

Last update:
Created :
Written by Support InfoBridge

Overview

Currently we have two ways of authenticating users with the Exchange Online Synchronizer, as of Synchronizer version 3.2.314

We support Basic Authentication and OAuth

Basic Authentication

This is basically the way the Synchronizer has been running for the last years. Meaning, there is a dedicated domain user, the SyncUser, who is given Impersonation or Delegation rights. 

For all the preparation and installation articles please see the sections Prepare and Install

Microsoft will decommission Basic Authentication for EWS. These plans apply only to the cloud-based Office 365/Exchange Online products; there are no changes to EWS capabilities of on-premises Exchange products , more info

The latest information from Microsoft learns that, effective October 1, 2022, they will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that). More info

Because the Synchronizer uses EWS we have now created a new version which supports the latest OAuth authentication and authorization techniques.

In fact, the new Synchronizer can be used (untill further notice) in two different authentication modes. Both in the Basic authentication mode and the new Oauth mode. Let's explain:

  • For On-Premise Exchange customers nothing will change, you can still use the Synchronizer the way you are used to. Install the latest version to get the latest features and fixes.
  • For O365/Exchange Online customers the new OAuth will eventually need to be used. This means that the linked users will need to be re-linked with the new Office 365 Token Authentication Manager. See this article
  • For O365/Exchange Online customers who use the Synchronizer in ranked mode the new OAuth will eventually need to be used. This means that the linked users will need to be re-linked with the new Office 365 Token Authentication Manager. See this article
  • For O365/Exchange Online customers who want to start using the new Synchronizer with OAuth but do not want to move all users in 1 go, the Synchronizer can be used in a mixed mode. Using the Sync in mixed mode, both in Basic Authentication and OAuth gives you the change to move the users in smaller parts. More information

Oauth and the Office 365 Token Authentication Manager

Over the last few years, Microsoft have been investing in services that help developers access information in Office 365 in a simple and intuitive way, specifically through Microsoft Graph.  Microsoft Graph and the use of OAuth 2.0 provide increased security and seamless integration with other Microsoft cloud services and is rapidly expanding developer access to the rich data sets behind Microsoft applications.

In the new version of the Synchronizer we use the Office 365 Token Authentication Manager to let the users themselves authorize the Synchronizer to their Calendar.

How the Office 365 Token Authentication Manager works is described in this article.