Set-CsOAuthConfiguration

Modifies the Open Authorization (OAuth) configuration settings currently in use in the organization. OAuth is a standard protocol used for server-to-server authentication and authorization. This cmdlet was introduced in Lync Server 2013.

Syntax

Set-CsOAuthConfiguration
   [[-Identity] <XdsIdentity>]
   [-AdditionalAudienceUrls <String>]
   [-AlternateAudienceUrl <String>]
   [-ClientAdalAuthOverride <ClientAdalAuthOverride>]
   [-ClientAuthorizationOAuthServerIdentity <String>]
   [-Confirm]
   [-ExchangeAutodiscoverAllowedDomains <String>]
   [-ExchangeAutodiscoverUrl <String>]
   [-Force]
   [-Instance <PSObject>]
   [-Realm <String>]
   [-ServiceName <String>]
   [-Tenant <Guid>]
   [-WhatIf]
   [-AsJob]
   [<CommonParameters>]
Set-CsOAuthConfiguration
   [-Confirm]
   [-Force]
   [-Instance <PSObject>]
   [-Tenant <Guid>]
   [-WhatIf]
   [<CommonParameters>]

Description

In Skype for Business Server, server-to-server authentication (for example, the authentication that enables Skype for Business Server and Exchange to share information) is carried out using the OAuth security protocol. OAuth is always on in Skype for Business Server; there is no need (or even any way) to enable or disable the protocol. However, if Skype for Business Server needs to communicate with other server products you might need to modify your OAuth configuration settings; for example, you might need to specify the autodiscover URL for the Office 365 version of Exchange, and you might need to specify your Realm name. These settings can only be managed by using the CsOAuthConfiguration cmdlets; options for managing OAuth settings are not available in the Skype for Business Server Control Panel.

Note that, for the on-premises version of Skype for Business Server, you can have only a single, global collection of OAuth settings: you cannot not create additional collections of OAuth settings nor can you delete the global collection. Each Skype for Business Online tenant is also limited to a single collection of OAuth configuration settings.

Skype for Business Server Control Panel: The functions carried out by the Set-CsOAuthConfiguration cmdlet are not available in the Skype for Business Server Control Panel.

The following parameters are not applicable to Skype for Business Online: AdditionalAudienceUrls, AlternateAudienceUrl, AsJob, ClientAuthorizationOAuthServerIdentity, ExchangeAutodiscoverAllowedDomains, ExchangeAutodiscoverUrl, Force, Identity, Instance, PipelineVariable, Realm, ServiceName, and Tenant

Examples

-------------------------- Example 1 --------------------------

Set-CsOAuthConfiguration -Identity global -Realm "contoso.com"

The command shown in Example 1 modifies the global collection of OAuth configuration settings. In this example, the Realm property is set to "contoso.com".

Optional Parameters

-AdditionalAudienceUrls

An OAuth token includes an audience ("aud") claim that identifies the intended recipient of the token, in this case your Skype for Business Server. The audience is typically expressed as a URL, such as https://skypeforbusiness.contoso.com, and is validated by the Skype for Business authentication module. In some cases, depending on your authentication providers and/or other applications used in your organization, it may be necessary to allow multiple audience values to be used and recognized as valid by your Skype for Business server.

The AlternateAudienceUrl and AdditionalAudienceUrls parameters allow you to specify one or more additional audience values that will be recognized as valid by your Skype for Business server.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Skype for Business Online
-AlternateAudienceUrl

An OAuth token includes an audience ("aud") claim that identifies the intended recipient of the token, in this case your Skype for Business Server. The audience is typically expressed as a URL, such as https://skypeforbusiness.contoso.com, and is validated by the Skype for Business authentication module. In some cases, depending on your authentication providers and/or other applications used in your organization, it may be necessary to allow multiple audience values to be used and recognized as valid by your Skype for Business server.

The AlternateAudienceUrl and AdditionalAudienceUrls parameters allow you to specify one or more additional audience values that will be recognized as valid by your Skype for Business server.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Skype for Business Online
-AsJob

Indicates that this cmdlet runs as a background job.

When you specify the AsJob parameter, the command immediately returns an object that represents the background job. You can continue to work in the session while the job finishes. The job is created on the local computer and the results from the Skype for Business Online session are automatically returned to the local computer. To get the job results, use the Receive-Job cmdlet.

For more information about Windows PowerShell background jobs, see about_Jobs and about_Remote_Jobs.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Skype for Business Online
-ClientAdalAuthOverride

Modern authentication using Azure ADAL (Active Directory Authentication Library) is enabled by default for Skype for Business Online. For authentication based on ADFS/MEX (metadata exchange), ADAL can be disabled by setting ClientAdalAuthOverride to Disallowed.

Type:ClientAdalAuthOverride
Parameter Sets:NoOverride, Allowed, Disallowed
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Skype for Business Online
-ClientAuthorizationOAuthServerIdentity

URI of the OAuth server used for client authentication.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019
-Confirm

Prompts you for confirmation before executing the command.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Lync Server 2013, Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019
-ExchangeAutodiscoverAllowedDomains

Collection of domains that autodiscover requests can be redirected to. For example:

-ExchangeAutodiscoverAllowedDomains "*.contoso.com;*.fabrikam.com"

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Lync Server 2013, Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019
-ExchangeAutodiscoverUrl

URL for the autodiscovery service used by the Office 365 version of Microsoft Exchange Server.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Lync Server 2013, Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019
-Force

Suppresses the display of any non-fatal error message that might occur when running the command.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Lync Server 2013, Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019
-Identity

Unique Identity of the OAuth configuration settings. Because you can only have a single, global instance of these settings, you do not need to specify an Identity when calling the Set-CsOAuthConfiguration cmdlet. You can, however, use the following syntax to reference the global settings:

-Identity global

Type:XdsIdentity
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Lync Server 2013, Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019
-Instance

Allows you to pass a reference to an object to the cmdlet rather than set individual parameter values.

Type:PSObject
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
Applies to:Lync Server 2013, Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019
-Realm

Server-to-server security container. By default, Skype for Business Server uses your default SIP domain as its OAuth realm.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Lync Server 2013, Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019
-ServiceName

Globally unique identifier (GUID) assigned to the OAuth service.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Lync Server 2013, Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019
-Tenant

Globally unique identifier (GUID) of the Skype for Business Online tenant account for which the OAuth configuration settings are being modified. For example:

-Tenant "38aad667-af54-4397-aaa7-e94c79ec2308"

You can return the tenant ID for each of your tenants by running this command:

Get-CsTenant | Select-Object DisplayName, TenantID

Type:Guid
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Skype for Business Online
-WhatIf

Describes what would happen if you executed the command without actually executing the command.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Lync Server 2013, Skype for Business Online, Skype for Business Server 2015, Skype for Business Server 2019

Inputs

The Set-CsOAuthConfiguration cmdlet accepts pipelined instances of the Microsoft.Rtc.Management.WritableConfig.Settings.SSAuth.OAuthSettings object.

Outputs

None. Instead, the Set-CsOAuthConfiguration cmdlet modifies existing instances of the Microsoft.Rtc.Management.WritableConfig.Settings.SSAuth.OAuthSettings object.