Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Sales Productivity
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Service Account Connection for Microsoft Users

            You are here:

            1. Salesforce Help
            2. Docs
            3. Seller Productivity

            Service Account Connection for Microsoft Users

            The service account connection method is available for Lightning Sync users working on Microsoft® Exchange 2019, 2016, and 2013 and on Microsoft Office 365® (Exchange Online). For Exchange Online customers, the service account connection method is no longer available starting October 1, 2022.

            Important
            Important Where possible, we changed noninclusive terms to align with our company value of Equality. We maintained certain terms to avoid any effect on customer implementations.
            Important
            Important Microsoft is retiring Basic Authentication for Exchange Online. When Microsoft blocks Basic Authentication in your Microsoft tenant, Lightning Sync can’t sync contacts and events for customers who have selected service account as their Lightning Sync connection method. See Lightning Sync Service Account Connection Method Availability for Customers on Microsoft Office 365.
            Requirement Why it’s required Benefit to you
            Exchange admins must enable Exchange Web Services (EWS) over a connection using TLS 1.2 or higher.

            EWS enabled over a TLS connection provides secure certificate authentication between Exchange and Salesforce. While EWS provides access to more objects in your email service, Lightning Sync can only read, write, and update contacts and events from users’ email services. Lightning Sync isn’t designed to discover or access other objects.

            Learn More

            Lightning Sync was designed following the Microsoft-established best practices for the application of EWS.

            Lightning Sync uses the Exchange server’s certificate to authenticate over a TLS connection, confirming that Exchange isn’t interacting with a Salesforce impostor. You can control the scope by which Lightning Sync has access to your email service. To do so, limit which users are impersonated with your service account.

            Learn More
            Exchange admins must enable Auto Discovery.

            Auto Discover lets Lightning Sync navigate to the Exchange service endpoint and identify individual users to sync.

            Learn More

            Lightning Sync can identify all users set to sync from the scope of your service account and your sync configuration in Salesforce. Auto Discovery lets Lightning Sync identify even addresses that are part of a different domain.

            We limit Lightning Sync access to your email service by exploring only your primary email domain with Auto Discovery, which minimizes opportunities for data interception. You can include more domains to sync by adding them manually on the Lightning Sync Setup page in Salesforce. You can also control access by limiting which email service users are impersonated with your service account.

            Learn More
            Exchange admins must enable Basic Authentication or NTLM on your email server and on your autodiscover server.

            Lightning Sync identifies itself to your email services using the authentication protocol you chose to enable on your Exchange server. Lightning Sync authenticates on every connection request Salesforce makes to Exchange. If Basic and NTLM are enabled, Lightning Sync gives connection preference to Basic. If you must run other authentication methods on your server, those methods don’t conflict with the Lightning Sync connection.

            Learn More

            		 Authentication is encrypted over a TLS 1.2 or higher connection to provide security between endpoints on every request to Exchange. You can control the scope by which Lightning Sync has access to your email service. To do so, limit which email service users are impersonated with your service account.
            Exchange admins must create a service account on your Exchange server to impersonate all syncing users.

            Lightning Sync uses the service account to query for users’ Salesforce_Sync folders and their primary calendars. The service account also queries create, update, and read server content that users already have access to.

            Learn More

            This design lets contacts and events sync without requiring users to log in to their individual Microsoft accounts. Such a design avoids time-outs to users’ login sessions, offering a more reliable connection between systems.

            You can control the scope by which Lightning Sync has access to your email service. To do so, limit which email service users are impersonated with your service account.

            Learn More
            Service Account credentials must be provided on the Outlook Integration and Sync page in Salesforce Setup. Salesforce encrypts the service account password field using 128-bit master keys, using the Advanced Encryption Standard (AES) algorithm.

            Only Salesforce admins with the permissions to access the Outlook Integration and Sync page in Setup can see or change the service account address.

            As the password is typed, it’s masked to prevent others from seeing it. The contents can’t be copied and pasted elsewhere. You can’t learn what the service account password is by revisiting the page later.

            See Also

             
            Loading
            Salesforce Help | Article