Configure Policies to Control Federated User Access
Topic Last Modified: 2011-03-16
When you configure policies to support for federated partners, the policies apply to users of federated domains, but not for users of instant messaging (IM) service providers (for example, Windows Live), unless you also enable support for service provider users in the policy. You can configure one or more external user access policies to control whether users of federated domains can collaborate with internal Lync Server users. To control federated user access, you can configure policies at the global, site, and user level. Site policies override the global policy, and user policies override site and global policies. For details about the types of policies that you can configure, see Manage Communications with External Users in the Deployment documentation or the Planning documentation.
You can configure policies to control federated user access, even if you have not enabled federation for your organization. However, the policies that you configure are in effect only when you have federation enabled for your organization. For details about enabling federation, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation. Additionally, if you specify a user policy to control federated user access, the policy applies only to users that are enabled for Lync Server 2010 and configured to use the policy. For details about specifying federated users that can sign in to Lync Server 2010, see Apply External User Access Policies to Users in the Deployment documentation or the Operations documentation.
To configure a policy to support access by users of federated domains
From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.
Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel, see Open Lync Server Administrative Tools.
In the left navigation bar, click External User Access, and then click External Access Policy.
On the External Access Policy page, do one of the following:
To configure the global policy to support federated user access, click the global policy, click Edit, and then click Show details.
To create a new site policy, click New, and then click Site policy. In Select a Site, click the appropriate site from the list and then click OK.
To create a new user policy, click New, and then click User policy. In New External Access Policy, create a unique name in the Name field that indicates what the user policy covers (for example, EnableFederatedUsers for a user policy that enables communications for federated domain users).
To change an existing policy, click the appropriate policy listed in the table, click Edit, and then click Show details.
(Optional) If you want to add or edit a description, specify the information for the policy in Description.
Do one of the following:
To enable federated user access for the policy, select the Enable communications with federated users check box.
To disable federated user access for the policy, clear the Enable communications with federated users check box.
To enable federated user access, you must also enable support for federation in your organization. For details, see Enable or Disable Federation for Your Organization in the Deployment documentation or the Operations documentation.
If this is a user policy, you must also apply the policy to users that you want to be able to collaborate with federated users. For details, see Apply External User Access Policies to Users in the Deployment documentation or the Operations documentation.