Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-8310: IWA fails on Skype for Business 2016 if Modern Authentication (OAuth) feature is not enabled

App Access Service ,   App Gateway Service ,  

13 March,17 at 12:48 PM

Applies to: All versions of Centrify Identity Service


IWA fails on Skype for Business 2016 when Modern Authentication (ADAL) feature is not enabled for Skype for Business Online.


Modern Authentication (ADAL) for Skype for Business Online has to be enabled for IWA or ZSO to work on Skype for Business 2016. If not enabled, the following can be seen in the network traffic:

x-ms-diagnostics: 4000000;reason="Flighting is not enabled for domain ''.";error_category="oauth_not_available"


Enabling Modern Authentication for your Skype for Business Online tenant and your Exchange Online tenant is a prerequisite. Modern Authentication is turned off by default in Skype for Business in Office 365. Tenant admins must first enable their tenant for Modern Authentication.
Notice that Lync Server 2013 does not support Modern Authentication.

Following the steps below to enable 
Modern Authentication (ADAL) for Skype for Business Online:


Once performed the steps above, please make sure to shutdown Skype for Business client completely and restart. User should be able to IWA/ZSO afterwards.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.