search

Configure Exchange Outlook Web Application and Exchange Admin Center

IPI Enterprise Server – Integration of IPI Server with Exchange OWA and Exchange AC via WS Federation

circle-info

This integration is designed to enable authentication for the Exchange Outlook Web Application (OWA) and Exchange Admin Center acting as a Service Providers (SP) via the IPI Server as the Identity Provider (IdP).

hashtag
Step 1: Configure integration for Exchange OWA in IPI Server

  1. Login to IPI Server as Administrator.

  2. Navigate to WS Federation Settings:

    • Go to Settings → Parameters → WS Federation section.

  3. Add Exchange OWA as a Service Provider:

  • Click Add Service Provider.

  • Fill in the following details:

    • Name: OWA

    • WT-Realm: https://{owa-url} (e.g., https://mail.example.com/owa/)

    • Reply URL: https://{owa-url} (e.g., https://mail.example.com/owa/)

      • In our case https://exch.lab.ipi.com/owa/

  • Click Add.

  1. Obtain IdP Details:

  • Click on Details for the newly added service provider.

  • Download the IdP signing certificate.

  • Copy the IdP WS Federation URL.

circle-info

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

hashtag
Step 2: Configure integration for Exchange admin center (EAC) in IPI Server

  1. Add an Exchange admin center (EAC) as a Service Provider:

  • Click Add Service Provider.

  • Fill in the following details:

    • Name: ECP

    • WT-Realm: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

    • Reply URL: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

      • In our case https://exch.lab.ipi.com/ecp/

  • Click Add.

  1. Obtain IdP Details:

  • Click on Details for the newly added service provider.

  • Download the IdP signing certificate.

  • Copy the IdP WS Federation URL.

circle-info

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

hashtag
Step 3: Configure Exchange Server Sign-On via IPI Server

hashtag
1. Install the Certificate on the Exchange Server for Exchange OWA:

  • Open the MMC Console on the Exchange Server:

  1. Press Win + R, type mmc, and press Enter.

  2. In the MMC console, go to FileAdd/Remove Snap-in.

  3. Select Certificates from the list, then click Add.

  4. Choose Computer account and click Next → Select Local Computer → Click FinishOK.

  • Import the Certificate

  1. In the MMC console, navigate to:

    • Certificates (Local Computer)Trusted Root Certification AuthoritiesCertificates.

  2. Right-click on CertificatesAll TasksImport.

  3. Follow the Certificate Import Wizard:

    • Click Next and browse to the location of the ws-fed-signing-owa.cer

    • Select the certificate and click Next.

    • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

    • Click NextFinish.

hashtag
2. Execute Commands in Exchange Management Shell for Exchange OWA:

  • Open the Exchange Management Shell and execute the following commands:

In the above command:

  • {OWA Base URL} is the Exchange OWA host,

  • {IPI WS Fed URL} is the Idp WS Federation URL.

  • {IPI Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

hashtag
Step 4: Configure Sign-On to Exchange admin center (EAC) via IPI Server

hashtag
1. Install the Certificate on the Exchange Server for Exchange OWA:

  • Open the MMC Console on the Exchange Server:

  1. Press Win + R, type mmc, and press Enter.

  2. In the MMC console, go to FileAdd/Remove Snap-in.

  3. Select Certificates from the list, then click Add.

  4. Choose Computer account and click Next → Select Local Computer → Click FinishOK.

  • Import the Certificate

  1. In the MMC console, navigate to:

    • Certificates (Local Computer)Trusted Root Certification AuthoritiesCertificates.

  2. Right-click on CertificatesAll TasksImport.

  3. Follow the Certificate Import Wizard:

    • Click Next and browse to the location of the ws-fed-signing-ecp.cer

    • Select the certificate and click Next.

    • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

    • Click NextFinish.

hashtag
2. Execute Commands in Exchange Management Shell for Exchange admin center (EAC):

  • Open the Exchange Management Shell and execute the following commands:

In the above command:

  • {ECP Base URL} is the Exchange Admin Center (EAC) host,

  • {IPI WS Fed URL} is the Idp WS Federation URL.

  • {IPI Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

circle-info

If you need to configure both Outlook Web Application (OWA) and Exchange Admin Center (EAC) simultaneously, you can use the following command:

Command Parameters Explained:

  • {IPI WS Fed URL}: The URL of the IPI WS Federation endpoint, acting as the Identity Provider (IdP) for authentication.

  • {OWA Base URL}: The base URL of the Outlook Web Application Service Provider (SP), such as https://mail.example.com/owa/.

  • {ECP Base URL}: The base URL of the Exchange Admin Center (EAC) Service Provider (SP), such as https://mail.example.com/ecp/.

  • {IPI Cert Thumbprint}: The thumbprint of the IPI signing certificate installed on the Exchange server, used to establish a trust relationship.

Example:

hashtag
Step 5: Configure Virtual Directories:

hashtag
1. Configure virtual directories for AD FS authentication for OWA:

hashtag
2. Configure virtual directories for AD FS authentication for Exchange admin center (EAC):

hashtag
Step 6: Restart Internet Information Services (IIS)

Restart IIS to apply the changes:

PreviousWS-Federation integrationNextIPI Client deployment

Last updated