Hideez Identity Cloud
  • Getting Started Guide
    • Key features of Hideez Identity Cloud
    • Quick Start Guide
      • The Hideez Desktop Client
      • Hideez Authenticator App
    • Tennant manegement
      • User Management
        • Passkey
        • Hideez Authenticator App
        • FIDO Security Key
        • Platform Authentication via Windows Hello
        • Password+OTP
      • Workstation management
  • PC Authorization
    • Passwordless Authorization
      • Active Directory
        • Setting Up the Active Directory Certification Authority
        • Setting Up Workstation Passwordless Logon Settings on Hideez Identity Cloud
      • Microsoft Entra ID
    • Password-based Authorization
  • INTEGRATIONS
    • SAML 2.0
      • GitHub Enterprise
      • Google Workspace
      • Okta
    • OIDC (OpenID Connect)
      • Services that support OIDC and their configuration as Client
    • WS-Federation
      • Login to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud
    • Active Directory On-Premises
      • Connect Active Directory to Hideez Identity Cloud
      • ADFS integration
        • Login to Microsoft Exchange OWA Using AD FS and Hideez Identity Cloud as a Third-Party IdP
    • Microsoft Entra ID
      • Synchronization and import employees from Microsoft Entra ID to Hideez Identity Cloud
      • Configuration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDC
    • Chrome OS
  • USE CASES
    • Passkey Login
    • Hideez Authenticator App login
    • FIDO Security Key login
    • Platform login via Windows Hello
    • Password+TOTP login
  • SUPPORT
    • Get Support
    • FAQ
      • What to do if a user loses their key/device and cannot access the site?
      • Can a custom domain name be created for the tenant instead of the default one?
      • Why am I already logged in Hideez, and no authorization occurs when I access my web application?
      • How long does an open authorization session last?
      • How to log out of the web application?
      • Can I administer multiple tenants simultaneously?
      • Can there be multiple administrators for the Hideez Identity Cloud?
    • Glossary
  • Hideez Documentation Portal
Powered by GitBook
On this page
  • Step 1: Configure integration for Exchange OWA in Hideez Identity Cloud
  • Step 2: Configure integration for the Exchange admin center (EAC) in Hideez Identity Cloud
  • Step 3: Configure Exchange Server Sign-On via Hideez Identity Cloud
  • Step 4: Configure Sign-On to Exchange admin center (EAC) via Hideez Identity Cloud
  • Step 5: Configure Virtual Directories:
  • Step 6: Restart Internet Information Services (IIS)
  1. INTEGRATIONS
  2. WS-Federation

Login to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud

PreviousWS-FederationNextActive Directory On-Premises

Last updated 1 month ago

This integration is designed to enable authentication for the Exchange Outlook Web Application (OWA) and Exchange Admin Center acting as a Service Providers (SP) via the Hideez Identity Cloud as the Identity Provider (IdP).

Step 1: Configure integration for Exchange OWA in Hideez Identity Cloud

  1. Login to .

  2. Navigate to WS Federation Settings:

    • Go to Settings → Parameters → WS Federation section.

  3. Add Exchange OWA as a Service Provider:

  • Click Add Service Provider.

  • Fill in the following details:

    • Name: OWA

    • WT-Realm: https://{owa-url} (e.g., https://mail.example.com/owa/)

    • Reply URL: https://{owa-url} (e.g., https://mail.example.com/owa/)

      • In our case https://exch.lab.hideez.com/owa/

  • Click Add.

  1. Obtain IdP Details:

  • Click on Details for the newly added service provider.

  • Download the IdP signing certificate.

  • Copy the IdP WS Federation URL.

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

Step 2: Configure integration for the Exchange admin center (EAC) in Hideez Identity Cloud

  1. Add an Exchange admin center (EAC) as a Service Provider:

  • Click Add Service Provider.

  • Fill in the following details:

    • Name: ECP

    • WT-Realm: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

    • Reply URL: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

      • In our case https://exch.lab.hideez.com/ecp/

  • Click Add.

  1. Obtain IdP Details:

  • Click on Details for the newly added service provider.

  • Download the IdP signing certificate.

  • Copy the IdP WS Federation URL.

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

Step 3: Configure Exchange Server Sign-On via Hideez Identity Cloud

1. Install the Certificate on the Exchange Server for Exchange OWA:

  • Open the MMC Console on the Exchange Server:

  1. Press Win + R, type mmc, and press Enter.

  2. In the MMC console, go to File → Add/Remove Snap-in.

  3. Select Certificates from the list, then click Add.

  4. Choose Computer account and click Next → Select Local Computer → Click Finish → OK.

  • Import the Certificate

  1. In the MMC console, navigate to:

    • Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.

  2. Right-click on Certificates → All Tasks → Import.

  3. Follow the Certificate Import Wizard:

    • Click Next and browse to the location of the ws-fed-signing-owa.cer

    • Select the certificate and click Next.

    • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

    • Click Next → Finish.

2. Execute Commands in Exchange Management Shell for Exchange OWA:

  • Open the Exchange Management Shell and execute the following commands:

Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{OWA Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint}

In the above command:

  • {OWA Base URL} is the Exchange OWA host,

  • {Hideez WS Fed URL} is the Idp WS Federation URL.

  • {Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/owa/" -AdfsSignCertificateThumbprint d80e7aa3d27ac800fb2d5fa7c08748a73d924cd2

Step 4: Configure Sign-On to Exchange admin center (EAC) via Hideez Identity Cloud

1. Install the Certificate on the Exchange Server for Exchange OWA:

  • Open the MMC Console on the Exchange Server:

  1. Press Win + R, type mmc, and press Enter.

  2. In the MMC console, go to File → Add/Remove Snap-in.

  3. Select Certificates from the list, then click Add.

  4. Choose Computer account and click Next → Select Local Computer → Click Finish → OK.

  • Import the Certificate

  1. In the MMC console, navigate to:

    • Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.

  2. Right-click on Certificates → All Tasks → Import.

  3. Follow the Certificate Import Wizard:

    • Click Next and browse to the location of the ws-fed-signing-ecp.cer

    • Select the certificate and click Next.

    • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

    • Click Next → Finish.

2. Execute Commands in Exchange Management Shell for Exchange admin center (EAC):

  • Open the Exchange Management Shell and execute the following commands:

Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{ECP Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint}

In the above command:

  • {ECP Base URL} is the Exchange Admin Center (EAC) host,

  • {Hideez WS Fed URL} is the Idp WS Federation URL.

  • {Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/ecp/" -AdfsSignCertificateThumbprint 3e04c68e71a591de637d0d21dcfd8e6f4b843684

If you need to configure both Outlook Web Application (OWA) and Exchange Admin Center (EAC) simultaneously, you can use the following command:

Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{OWA Base URL}","{ECP Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint}

Command Parameters Explained:

  • {Hideez WS Fed URL}: The URL of the Hideez WS Federation endpoint, acting as the Identity Provider (IdP) for authentication.

  • {OWA Base URL}: The base URL of the Outlook Web Application Service Provider (SP), such as https://mail.example.com/owa/.

  • {ECP Base URL}: The base URL of the Exchange Admin Center (EAC) Service Provider (SP), such as https://mail.example.com/ecp/.

  • {Hideez Cert Thumbprint}: The thumbprint of the Hideez signing certificate installed on the Exchange server, used to establish a trust relationship.

Example:

Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/owa/","https://exch.lab.hideez.com/ecp/" -AdfsSignCertificateThumbprint d80e7aa3d27ac800fb2d5fa7c08748a73d924cd2, 3e04c68e71a591de637d0d21dcfd8e6f4b843684

Step 5: Configure Virtual Directories:

1. Configure virtual directories for AD FS authentication for OWA:

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false

2. Configure virtual directories for AD FS authentication for Exchange admin center (EAC):

Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false

Step 6: Restart Internet Information Services (IIS)

Restart IIS to apply the changes:

net stop was /y
net start w3svc

If you need assistance with server setup or configuring SAML/OIDC, our support team is also available to help. We’ll be happy to assist you!

Hideez Cloud
[email protected]