# Configure Exchange Outlook Web Application and Exchange Admin Center {% hint style="info" %} This integration is designed to enable authentication for the Exchange Outlook Web Application (OWA) and Exchange Admin Center acting as a Service Providers (SP) via the Hideez Server as the Identity Provider (IdP). {% endhint %}

## **Step 1: Configure integration for Exchange OWA in Hideez Server** 1. **Login to Hideez Server as Administrator.** 2. **Navigate to WS Federation Settings**: * Go to **Settings → Parameters → WS Federation section**. 3. **Add Exchange OWA as a Service Provider**: * Click **Add Service Provider**. * Fill in the following details: * **Name**: OWA * **WT-Realm**: `https://{owa-url}` (e.g., `https://mail.example.com/owa/`) * **Reply URL**: `https://{owa-url}` (e.g., `https://mail.example.com/owa/`) * In our case `https://exch.lab.hideez.com/owa/` * Click **Add**.

4. **Obtain IdP Details**: * Click on **Details** for the newly added service provider. * Download the **IdP signing certificate**. * Copy the **IdP WS Federation URL**.

{% hint style="info" %} Keep the tab **WS Federation** with values IdP WS Federation URL and the certificate ready for the next step. {% endhint %} ## **Step 2: Configure integration for** Exchange admin center (EAC) in **Hideez Server** 1. **Add an Exchange admin center (EAC) as a Service Provider:** * Click **Add Service Provider**. * Fill in the following details: * **Name**: ECP * **WT-Realm**: `https://{ecp-url}` (e.g., `https://mail.example.com/ecp/`) * **Reply URL**: `https://{ecp-url}` (e.g., `https://mail.example.com/ecp/`) * In our case `https://exch.lab.hideez.com/ecp/` * Click **Add**.

2. **Obtain IdP Details**: * Click on **Details** for the newly added service provider. * Download the **IdP signing certificate**. * Copy the **IdP WS Federation URL**.

{% hint style="info" %} Keep the tab **WS Federation** with values IdP WS Federation URL and the certificate ready for the next step. {% endhint %} ## **Step 3: Configure Exchange Server** Sign-On via Hideez Server ### **1. Install the Certificate on the Exchange Server for Exchange OWA**: * **Open the MMC Console on the Exchange Server:** 1. Press **Win + R**, type `mmc`, and press **Enter**. 2. In the MMC console, go to **File** → **Add/Remove Snap-in**. 3. Select **Certificates** from the list, then click **Add**. 4. Choose **Computer account** and click **Next** → Select **Local Computer** → Click **Finish** → **OK**.

* **Import the Certificate** 1. In the MMC console, navigate to: * **Certificates (Local Computer)** → **Trusted Root Certification Authorities** → **Certificates**. 2. Right-click on **Certificates** → **All Tasks** → **Import**. 3. Follow the **Certificate Import Wizard**: * Click **Next** and browse to the location of the `ws-fed-signing-owa.cer` * Select the certificate and click **Next**. * Ensure the certificate is placed in the **Trusted Root Certification Authorities** store. * Click **Next** → **Finish**.

### **2. Execute Commands in Exchange Management Shell for** Exchange OWA: * Open the **Exchange Management Shell** and execute the following commands: {% code overflow="wrap" %} ``` Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{OWA Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint} ``` {% endcode %} **In the above command:** * `{OWA Base URL}` is the Exchange OWA host, * `{Hideez WS Fed URL}` is the Idp WS Federation URL. * `{Hideez Cert Thumbprint}` is the thumbprint of the certificate you downloaded and installed. **Example**: {% code overflow="wrap" %} ```powershell Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/owa/" -AdfsSignCertificateThumbprint d80e7aa3d27ac800fb2d5fa7c08748a73d924cd2 ``` {% endcode %} ## **Step 4: Configure** Sign-On to Exchange admin center (EAC) via Hideez Server ### **1. Install the Certificate on the Exchange Server for Exchange OWA**: * **Open the MMC Console on the Exchange Server:** 1. Press **Win + R**, type `mmc`, and press **Enter**. 2. In the MMC console, go to **File** → **Add/Remove Snap-in**. 3. Select **Certificates** from the list, then click **Add**. 4. Choose **Computer account** and click **Next** → Select **Local Computer** → Click **Finish** → **OK**.

* **Import the Certificate** 1. In the MMC console, navigate to: * **Certificates (Local Computer)** → **Trusted Root Certification Authorities** → **Certificates**. 2. Right-click on **Certificates** → **All Tasks** → **Import**. 3. Follow the **Certificate Import Wizard**: * Click **Next** and browse to the location of the `ws-fed-signing-ecp.cer` * Select the certificate and click **Next**. * Ensure the certificate is placed in the **Trusted Root Certification Authorities** store. * Click **Next** → **Finish**.

### **2. Execute Commands in Exchange Management Shell for** Exchange admin center (EAC): * Open the **Exchange Management Shell** and execute the following commands: {% code overflow="wrap" %} ```powershell Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{ECP Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint} ``` {% endcode %} **In the above command:** * `{ECP Base URL}` is the Exchange Admin Center (EAC) host, * `{Hideez WS Fed URL}` is the Idp WS Federation URL. * `{Hideez Cert Thumbprint}` is the thumbprint of the certificate you downloaded and installed. **Example**: {% code overflow="wrap" %} ```powershell Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/ecp/" -AdfsSignCertificateThumbprint 3e04c68e71a591de637d0d21dcfd8e6f4b843684 ``` {% endcode %} {% hint style="info" %} If you need to configure both **Outlook Web Application (OWA)** and **Exchange Admin Center (EAC)** simultaneously, you can use the following command: {% code overflow="wrap" %} ```powershell Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{OWA Base URL}","{ECP Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint} ``` {% endcode %} #### Command Parameters Explained: * **`{Hideez WS Fed URL}`**: The URL of the Hideez WS Federation endpoint, acting as the Identity Provider (IdP) for authentication. * **`{OWA Base URL}`**: The base URL of the Outlook Web Application Service Provider (SP), such as `https://mail.example.com/owa/`. * **`{ECP Base URL}`**: The base URL of the Exchange Admin Center (EAC) Service Provider (SP), such as `https://mail.example.com/ecp/`. * **`{Hideez Cert Thumbprint}`**: The thumbprint of the Hideez signing certificate installed on the Exchange server, used to establish a trust relationship. **Example:** {% code overflow="wrap" %} ``` Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/owa/","https://exch.lab.hideez.com/ecp/" -AdfsSignCertificateThumbprint d80e7aa3d27ac800fb2d5fa7c08748a73d924cd2, 3e04c68e71a591de637d0d21dcfd8e6f4b843684 ``` {% endcode %} {% endhint %} ## **Step 5: Configure Virtual Directories**: ### 1. Configure virtual directories for AD FS authentication for OWA: {% code overflow="wrap" %} ```powershell Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false ``` {% endcode %} ### 2. Configure virtual directories for AD FS authentication for Exchange admin center (EAC): {% code overflow="wrap" %} ```powershell Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false ``` {% endcode %} ## **Step 6: Restart Internet Information Services (IIS)** Restart IIS to apply the changes: ```powershell net stop was /y net start w3svc ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://enterprise.hideez.com/hideez-server-integration/ws-federation-integration/configure-exchange-outlook-web-application-and-exchange-admin-center.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.