Configure Exchange Outlook Web Application and Exchange Admin Center

Hideez Enterprise Server – Integration of Hideez Server with Exchange OWA and Exchange AC via WS Federation

This integration is designed to enable authentication for the Exchange Outlook Web Application (OWA) and Exchange Admin Center acting as a Service Providers (SP) via the Hideez Server as the Identity Provider (IdP).

Step 1: Configure integration for Exchange OWA in Hideez Server

  1. Login to Hideez Server as Administrator.

  2. Navigate to WS Federation Settings:

    • Go to Settings → Parameters → WS Federation section.

  3. Add Exchange OWA as a Service Provider:

  • Click Add Service Provider.

  • Fill in the following details:

    • Name: OWA

    • WT-Realm: https://{owa-url} (e.g., https://mail.example.com/owa/)

    • Reply URL: https://{owa-url} (e.g., https://mail.example.com/owa/)

      • In our case https://exch.lab.hideez.com/owa/

  • Click Add.

  1. Obtain IdP Details:

  • Click on Details for the newly added service provider.

  • Download the IdP signing certificate.

  • Copy the IdP WS Federation URL.

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

Step 2: Configure integration for Exchange admin center (EAC) in Hideez Server

  1. Add an Exchange admin center (EAC) as a Service Provider:

  • Click Add Service Provider.

  • Fill in the following details:

    • Name: ECP

    • WT-Realm: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

    • Reply URL: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

      • In our case https://exch.lab.hideez.com/ecp/

  • Click Add.

  1. Obtain IdP Details:

  • Click on Details for the newly added service provider.

  • Download the IdP signing certificate.

  • Copy the IdP WS Federation URL.

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

Step 3: Configure Exchange Server Sign-On via Hideez Server

1. Install the Certificate on the Exchange Server for Exchange OWA:

  • Open the MMC Console on the Exchange Server:

  1. Press Win + R, type mmc, and press Enter.

  2. In the MMC console, go to File → Add/Remove Snap-in.

  3. Select Certificates from the list, then click Add.

  4. Choose Computer account and click Next → Select Local Computer → Click Finish → OK.

  • Import the Certificate

  1. In the MMC console, navigate to:

    • Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.

  2. Right-click on Certificates → All Tasks → Import.

  3. Follow the Certificate Import Wizard:

    • Click Next and browse to the location of the ws-fed-signing-owa.cer

    • Select the certificate and click Next.

    • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

    • Click Next → Finish.

2. Execute Commands in Exchange Management Shell for Exchange OWA:

  • Open the Exchange Management Shell and execute the following commands:

Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{OWA Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint}

In the above command:

  • {OWA Base URL} is the Exchange OWA host,

  • {Hideez WS Fed URL} is the Idp WS Federation URL.

  • {Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/owa/" -AdfsSignCertificateThumbprint d80e7aa3d27ac800fb2d5fa7c08748a73d924cd2

Step 4: Configure Sign-On to Exchange admin center (EAC) via Hideez Server

1. Install the Certificate on the Exchange Server for Exchange OWA:

  • Open the MMC Console on the Exchange Server:

  1. Press Win + R, type mmc, and press Enter.

  2. In the MMC console, go to File → Add/Remove Snap-in.

  3. Select Certificates from the list, then click Add.

  4. Choose Computer account and click Next → Select Local Computer → Click Finish → OK.

  • Import the Certificate

  1. In the MMC console, navigate to:

    • Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.

  2. Right-click on Certificates → All Tasks → Import.

  3. Follow the Certificate Import Wizard:

    • Click Next and browse to the location of the ws-fed-signing-ecp.cer

    • Select the certificate and click Next.

    • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

    • Click Next → Finish.

2. Execute Commands in Exchange Management Shell for Exchange admin center (EAC):

  • Open the Exchange Management Shell and execute the following commands:

Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{ECP Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint}

In the above command:

  • {ECP Base URL} is the Exchange Admin Center (EAC) host,

  • {Hideez WS Fed URL} is the Idp WS Federation URL.

  • {Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/ecp/" -AdfsSignCertificateThumbprint 3e04c68e71a591de637d0d21dcfd8e6f4b843684

If you need to configure both Outlook Web Application (OWA) and Exchange Admin Center (EAC) simultaneously, you can use the following command:

Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{OWA Base URL}","{ECP Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint}

Command Parameters Explained:

  • {Hideez WS Fed URL}: The URL of the Hideez WS Federation endpoint, acting as the Identity Provider (IdP) for authentication.

  • {OWA Base URL}: The base URL of the Outlook Web Application Service Provider (SP), such as https://mail.example.com/owa/.

  • {ECP Base URL}: The base URL of the Exchange Admin Center (EAC) Service Provider (SP), such as https://mail.example.com/ecp/.

  • {Hideez Cert Thumbprint}: The thumbprint of the Hideez signing certificate installed on the Exchange server, used to establish a trust relationship.

Example:

Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/owa/","https://exch.lab.hideez.com/ecp/" -AdfsSignCertificateThumbprint d80e7aa3d27ac800fb2d5fa7c08748a73d924cd2, 3e04c68e71a591de637d0d21dcfd8e6f4b843684

Step 5: Configure Virtual Directories:

1. Configure virtual directories for AD FS authentication for OWA:

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false

2. Configure virtual directories for AD FS authentication for Exchange admin center (EAC):

Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false

Step 6: Restart Internet Information Services (IIS)

Restart IIS to apply the changes:

net stop was /y
net start w3svc

Last updated

Was this helpful?