Applies to: Exchange Server 2013
Topic Last Modified: 2012-10-25
Exchange Server 2013 allows other applications to use OAuth to authenticate to Exchange. The applications must be configured as partner applications in Exchange 2013.
In Exchange 2013, OAuth configuration with partner applications
such as SharePoint 2013 and Lync Server 2013 is supported only by
By automating the task, the script makes it easier to configure
authentication with partner applications and reduces configuration
errors. The script performs the following tasks:
- Configures an Enterprise partner application that self-issues
OAuth tokens to successfully authenticate to Exchange.
- Assigns Role Based Access Control (RBAC) roles to the partner
application to authorize it for calling specific Exchange Web
What do you need to know before you begin?
- Estimated time to complete: 5 minutes.
- The partner application must publish an auth metadata document
for Exchange 2013 to establish a direct trust to this application
and accept authentication requests.
- Examples in this topic use the following default location of
C:\Program Files\Microsoft\Exchange Server\V15\Scripts.
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
“Partner applications - configure" entry in the Sharing and
Collaboration Permissions topic.
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
Configure OAuth authentication with a partner application
This procedure uses the
Configure-EntepririseApplication.ps1 script to
configure OAuth authentication with partner applications. Access to
resources depends on the permissions assigned to the partner
application and/or the user it impersonates by using RBAC.
After configuring OAuth authentication from Exchange, the partner application can use Exchange 2013 resources. If Exchange 2013 also needs to access resources offered by the partner application, you must also configure OAuth authentication in the partner application.
This example configures OAuth authentication for SharePoint 2013.
Cd C:\Program Files\Microsoft\Exchange Server\V15\Scripts Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl https://sharepoint.contoso.com/_layouts/15/metadata/json/1 -ApplicationType SharePoint
This example configures OAuth authentication for Lync Server 2013.
Cd C:\Program Files\Microsoft\Exchange Server\V15\Scripts Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl https://lync.contoso.com/metadata/json/1 -ApplicationType Lync
How do you know this worked?
To verify that you have successfully configured an enterprise partner application to authenticate to Exchange 2013 , run the Get-PartnerApplication cmdlet in the Shell to retrieve the configuration. You can also run the Test-OAuthConnectivity cmdlet to test OAuth connectivity with a partner application for a user.