Configure Exchange Outlook Web Application and Exchange Admin Center
Hideez Enterprise Server – Integration of Hideez Server with Exchange OWA and Exchange AC via WS Federation
Last updated
Was this helpful?
Hideez Enterprise Server – Integration of Hideez Server with Exchange OWA and Exchange AC via WS Federation
Last updated
Was this helpful?
This integration is designed to enable authentication for the Exchange Outlook Web Application (OWA) and Exchange Admin Center acting as a Service Providers (SP) via the Hideez Server as the Identity Provider (IdP).
Login to Hideez Server as Administrator.
Navigate to WS Federation Settings:
Go to Settings → Parameters → WS Federation section.
Add Exchange OWA as a Service Provider:
Click Add Service Provider.
Fill in the following details:
Name: OWA
WT-Realm: https://{owa-url} (e.g., https://mail.example.com/owa/)
Reply URL: https://{owa-url} (e.g., https://mail.example.com/owa/)
In our case https://exch.lab.hideez.com/owa/
Click Add.
Obtain IdP Details:
Click on Details for the newly added service provider.
Download the IdP signing certificate.
Copy the IdP WS Federation URL.
Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.
Add an Exchange admin center (EAC) as a Service Provider:
Click Add Service Provider.
Fill in the following details:
Name: ECP
WT-Realm: https://{ecp-url} (e.g., https://mail.example.com/ecp/)
Reply URL: https://{ecp-url} (e.g., https://mail.example.com/ecp/)
In our case https://exch.lab.hideez.com/ecp/
Click Add.
Obtain IdP Details:
Click on Details for the newly added service provider.
Download the IdP signing certificate.
Copy the IdP WS Federation URL.
Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.
Open the MMC Console on the Exchange Server:
Press Win + R, type mmc, and press Enter.
In the MMC console, go to File → Add/Remove Snap-in.
Select Certificates from the list, then click Add.
Choose Computer account and click Next → Select Local Computer → Click Finish → OK.
Import the Certificate
In the MMC console, navigate to:
Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.
Right-click on Certificates → All Tasks → Import.
Follow the Certificate Import Wizard:
Click Next and browse to the location of the ws-fed-signing-owa.cer
Select the certificate and click Next.
Ensure the certificate is placed in the Trusted Root Certification Authorities store.
Click Next → Finish.
Open the Exchange Management Shell and execute the following commands:
In the above command:
{OWA Base URL} is the Exchange OWA host,
{Hideez WS Fed URL} is the Idp WS Federation URL.
{Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.
Example:
Open the MMC Console on the Exchange Server:
Press Win + R, type mmc, and press Enter.
In the MMC console, go to File → Add/Remove Snap-in.
Select Certificates from the list, then click Add.
Choose Computer account and click Next → Select Local Computer → Click Finish → OK.
Import the Certificate
In the MMC console, navigate to:
Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.
Right-click on Certificates → All Tasks → Import.
Follow the Certificate Import Wizard:
Click Next and browse to the location of the ws-fed-signing-ecp.cer
Select the certificate and click Next.
Ensure the certificate is placed in the Trusted Root Certification Authorities store.
Click Next → Finish.
Open the Exchange Management Shell and execute the following commands:
In the above command:
{ECP Base URL} is the Exchange Admin Center (EAC) host,
{Hideez WS Fed URL} is the Idp WS Federation URL.
{Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.
Example:
If you need to configure both Outlook Web Application (OWA) and Exchange Admin Center (EAC) simultaneously, you can use the following command:
{Hideez WS Fed URL}: The URL of the Hideez WS Federation endpoint, acting as the Identity Provider (IdP) for authentication.
{OWA Base URL}: The base URL of the Outlook Web Application Service Provider (SP), such as https://mail.example.com/owa/.
{ECP Base URL}: The base URL of the Exchange Admin Center (EAC) Service Provider (SP), such as https://mail.example.com/ecp/.
{Hideez Cert Thumbprint}: The thumbprint of the Hideez signing certificate installed on the Exchange server, used to establish a trust relationship.
Example:
Restart IIS to apply the changes:
