Login to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud

This integration is designed to enable authentication for the Exchange Outlook Web Application (OWA) and Exchange Admin Center acting as a Service Providers (SP) via the Hideez Identity Cloud as the Identity Provider (IdP).

Step 1: Configure integration for Exchange OWA in Hideez Identity Cloud

1. Login to Hideez Cloud.

2. Navigate to WS Federation Settings:

   • Go to Settings → Parameters → WS Federation section.

3. Add Exchange OWA as a Service Provider:

• Click Add Service Provider.

• Fill in the following details:

  • Name: OWA

  • WT-Realm: https://{owa-url} (e.g., https://mail.example.com/owa/)

  • Reply URL: https://{owa-url} (e.g., https://mail.example.com/owa/)

    • In our case https://exch.lab.hideez.com/owa/

• Click Add.

1. Obtain IDP Details:

• Click on Details for the newly added service provider.

• Download the IDP signing certificate.

• Copy the IDP WS Federation URL.

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

Step 2: Configure integration for the Exchange admin center (EAC) in Hideez Identity Cloud

1. Add an Exchange admin center (EAC) as a Service Provider:

• Click Add Service Provider.

• Fill in the following details:

  • Name: ECP

  • WT-Realm: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

  • Reply URL: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

    • In our case https://exch.lab.hideez.com/ecp/

• Click Add.

1. Obtain IDP Details:

• Click on Details for the newly added service provider.

• Download the IDP signing certificate.

• Copy the IDP WS Federation URL.

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

Step 3: Configure Exchange Server Sign-On via Hideez Identity Cloud

1. Install the Certificate on the Exchange Server for Exchange OWA:

• Open the MMC Console on the Exchange Server:

1. Press Win + R, type mmc, and press Enter.

2. In the MMC console, go to File → Add/Remove Snap-in.

3. Select Certificates from the list, then click Add.

4. Choose Computer account and click Next → Select Local Computer → Click Finish → OK.

• Import the Certificate

1. In the MMC console, navigate to:

   • Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.

2. Right-click on Certificates → All Tasks → Import.

3. Follow the Certificate Import Wizard:

   • Click Next and browse to the location of the ws-fed-signing-owa.cer

   • Select the certificate and click Next.

   • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

   • Click Next → Finish.

2. Execute Commands in Exchange Management Shell for Exchange OWA:

• Open the Exchange Management Shell and execute the following commands:

In the above command:

• {OWA Base URL} is the Exchange OWA host,

• {Hideez WS Fed URL} is the IDP WS Federation URL.

• {Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

Step 4: Configure Sign-On to Exchange admin center (EAC) via Hideez Identity Cloud

1. Install the Certificate on the Exchange Server for Exchange OWA:

• Open the MMC Console on the Exchange Server:

1. Press Win + R, type mmc, and press Enter.

2. In the MMC console, go to File → Add/Remove Snap-in.

3. Select Certificates from the list, then click Add.

4. Choose Computer account and click Next → Select Local Computer → Click Finish → OK.

• Import the Certificate

1. In the MMC console, navigate to:

   • Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.

2. Right-click on Certificates → All Tasks → Import.

3. Follow the Certificate Import Wizard:

   • Click Next and browse to the location of the ws-fed-signing-ecp.cer

   • Select the certificate and click Next.

   • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

   • Click Next → Finish.

2. Execute Commands in Exchange Management Shell for Exchange admin center (EAC):

• Open the Exchange Management Shell and execute the following commands:

In the above command:

• {ECP Base URL} is the Exchange Admin Center (EAC) host,

• {Hideez WS Fed URL} is the Idp WS Federation URL.

• {Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

If you need to configure both Outlook Web Application (OWA) and Exchange Admin Center (EAC) simultaneously, you can use the following command:

Command Parameters Explained:

• {Hideez WS Fed URL}: The URL of the Hideez WS Federation endpoint, acting as the Identity Provider (IDP) for authentication.

• {OWA Base URL}: The base URL of the Outlook Web Application Service Provider (SP), such as https://mail.example.com/owa/.

• {ECP Base URL}: The base URL of the Exchange Admin Center (EAC) Service Provider (SP), such as https://mail.example.com/ecp/.

• {Hideez Cert Thumbprint}: The thumbprint of the Hideez signing certificate installed on the Exchange server, used to establish a trust relationship.

Example:

Step 5: Configure Virtual Directories:

1. Configure virtual directories for AD FS authentication for OWA:

2. Configure virtual directories for AD FS authentication for Exchange admin center (EAC):

Step 6: Restart Internet Information Services (IIS)

Restart IIS to apply the changes: