With the updated Lync 2013 mobile clients (version 5.2, now available for iOS and Windows Phone), customers can now take advantage of the support for Lync Server Certificate Authentication or Passive Authentication and configure their environment for enabling mobility scenarios. Notably, we are addressing these concerns in a way that minimizes the impact for end users.
1.Certificate Authentication
This is a proven solution since Lync Server 2010 release and Lync desktop clients already support this authentication method.
Figure 1: Lync 2013 Mobile Client Certificate Authentication flow diagram
In this method, the Lync user signs in using AD Credentials (same as before) but in the background we also get a Lync Certificate which is used for ongoing authentication. The AD credentials are only stored as a long as the current Lync application session is running, and that once either Lync or the device is restarted, only the certificate is stored locally.
1.Passive Authentication
This type of authentication offers the customers to have their users authenticate passively and hence customize the authentication experience as desired. Passive auth is handled using AD FS 2.0 that does the initial authentication. User signs in by typing sign in address only (no password), taps sign in and then gets redirected to ADFS for authentication. AD FS server passes back a Lync server trusted authentication token that is used by the mobile client for signing in. As we can see, there are no user credentials stored in the devices’ encrypted memory or other mobile storage location. The subsequent authentication between the Lync mobile client and Lync server is handled using the certificate retrieved during the initial sign-in.
Figure 2: Lync 2013 Mobile Client Passive Authentication flow diagram
Lync 2013 Mobile client support for Certificate and Passive authentication will help address key Enterprise IT security concerns and, more importantly, without having the users worry about security policies. The following table that demonstrates this.
More Information
Lync Server 2013 Certificate Authentication and Passive Authentication support for Lync 2013 Mobile applications
http://blogs.technet.com/b/nexthop/archive/2013/10/08/lync-server-2013-certificate-authentication-and-passive-authentication-support-for-lync-2013-mobile-applications.aspx