Export (0) Print
Expand All

Configure policies to control federated user access in Lync Server 2013

 

Topic Last Modified: 2014-02-05

When you configure policies to support communications with federated partners, the policies apply to users of federated domains. You can configure one or more external user access policies to control whether users of federated domains can collaborate with your Lync Server 2013 users. To control federated user access, you can configure policies at the global, site, and user level. Lync Server policy settings that are applied at one policy level can override settings that are applied at another policy level. Lync Server policy precedence is: User policy (most influence) overrides a Site policy, and then a Site policy overrides a Global policy (least influence). This means that the closer the policy setting is to the object that the policy is affecting, the more influence it has on the object.

noteNote:
You can configure policies to control federated user access, even if you have not enabled federation for your organization. However, the policies that you configure are in effect only when you have federation enabled for your organization. For details about enabling federation, see Enable or disable remote user access in Lync Server 2013 in the Deployment documentation or the Operations documentation. Additionally, if you specify a user policy to control federated user access, the policy applies only to users that are enabled for Lync Server 2013 and configured to use the policy.

  1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.

  2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server 2013 administrative tools.

  3. In the left navigation bar, click External User Access, and then click External Access Policy.

  4. On the External Access Policy page, do one of the following:

    • To configure the global policy to support federated user access, click the global policy, click Edit, and then click Show details.

    • To create a new site policy, click New, and then click Site policy. In Select a Site, click the appropriate site from the list and then click OK.

    • To create a new user policy, click New, and then click User policy. In New External Access Policy, create a unique name in the Name field that indicates what the user policy covers (for example, EnableFederatedUsers for a user policy that enables communications for federated domain users).

    • To change an existing policy, click the appropriate policy listed in the table, click Edit, and then click Show details.

  5. (Optional) If you want to add or edit a description, specify the information for the policy in Description.

  6. Do one of the following:

    • To enable federated user access for the policy, select the Enable communications with federated users check box.

    • To disable federated user access for the policy, clear the Enable communications with federated users check box.

  7. Click Commit.

To enable federated user access, you must also enable support for federation in your organization. For details, see Enable or disable federation and public IM connectivity in Lync Server 2013.

If this is a user policy, you must also apply the policy to users that you want to be able to collaborate with federated users. For details, see Assign an external user access policy to a Lync enabled user in Lync Server 2013.

  1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.

  2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2013, and then click Lync Server Management Shell.

  3. Type the following in the Lync Server Management Shell:

    Set-CsExternalAccessPolicy -Identity <name of global, site or user policy - policy must exist when using Set-CsExternalAccessPolicy > -Description <descriptive name for policy> -EnableFederationAccess <$true, $false> -EnableXmppAccess <$true, $false> -EnablePublicCloudAcess <$true, $false> -EnablePublicCloudAudioVideoAcess <$true, $false> -EnableOutsideAcess <$true, $false>
    

    An example command that will set the global policy for Federated user access to enabled, XMPP domain access to enabled, Remote user access to enabled, Public provider access to enabled, and grant the ability to use audio and video for public providers that support it:

    Set-CsExternalAccessPolicy -Identity global -EnableFederationAccess $true -EnableXmppAccess $true -EnableOutsideAccess $true -EnablePublicCloudAccess $true -EnablePublicCloudAudioVideoAccess $true
    
    tipTip:
    The parameter “EnablePublicCloudAudioVideoAccess” does not have a corresponding selection in the Lync Server Control Panel

  1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.

  2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2013, and then click Lync Server Management Shell.

  3. Type the following in the Lync Server Management Shell:

    New-CsExtenalAccessPolicy -Identity <name of site or user policy - you cannot create a new global policy using New-CsExternalAccessPolicy > -Description <descriptive name for policy> -EnableFederationAccess <$true, $false> -EnableXmppAccess <$true, $false> -EnablePublicCloudAccess <$true, $false> -EnablePublicCloudAudioVideoAccess <$true, $false> -EnableOutsideAccess <$true, $false>
    

    An example of creating a new site policy:

    New-CsExternalAccessPolicy -Identity site:Redmond -EnableFederationAccess $true -EnableXmppAccess $true -EnableOutsideAccess $true -EnablePublicCloudAccess $true -EnablePublicCloudAudioVideoAccess $true
    

  1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.

  2. Type the following in the Lync Server Management Shell

    Remove-CsExternalAccessPolicy -Identity <name of global, site or user policy> 
    

    An example of resetting the global policy (The global policy can only have its setting removed. The policy cannot be deleted):

    Remove-CsExternalAccessPolicy -Identity global 
    

    To remove a site policy, type:

    Remove-CsExternalAccessPolicy -Identity site:Redmond 
    

    Deletes the site policy Redmond. To delete a user policy named UserEAPPolicy, type:

    Remove-CsExternalAccessPolicy -Identity UserEAPPolicy
    
 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft