Configure Exchange Outlook Web Application and Exchange Admin Center

IPI Enterprise Server – Integration of IPI Server with Exchange OWA and Exchange AC via WS Federation

This integration is designed to enable authentication for the Exchange Outlook Web Application (OWA) and Exchange Admin Center acting as a Service Providers (SP) via the IPI Server as the Identity Provider (IdP).

Step 1: Configure integration for Exchange OWA in IPI Server

  1. Login to IPI Server as Administrator.

  2. Navigate to WS Federation Settings:

    • Go to Settings → Parameters → WS Federation section.

  3. Add Exchange OWA as a Service Provider:

  • Click Add Service Provider.

  • Fill in the following details:

    • Name: OWA

    • WT-Realm: https://{owa-url} (e.g., https://mail.example.com/owa/)

    • Reply URL: https://{owa-url} (e.g., https://mail.example.com/owa/)

      • In our case https://exch.lab.ipi.com/owa/

  • Click Add.

  1. Obtain IdP Details:

  • Click on Details for the newly added service provider.

  • Download the IdP signing certificate.

  • Copy the IdP WS Federation URL.

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

Step 2: Configure integration for Exchange admin center (EAC) in IPI Server

  1. Add an Exchange admin center (EAC) as a Service Provider:

  • Click Add Service Provider.

  • Fill in the following details:

    • Name: ECP

    • WT-Realm: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

    • Reply URL: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

      • In our case https://exch.lab.ipi.com/ecp/

  • Click Add.

  1. Obtain IdP Details:

  • Click on Details for the newly added service provider.

  • Download the IdP signing certificate.

  • Copy the IdP WS Federation URL.

Keep the tab WS Federation with values IdP WS Federation URL and the certificate ready for the next step.

Step 3: Configure Exchange Server Sign-On via IPI Server

1. Install the Certificate on the Exchange Server for Exchange OWA:

  • Open the MMC Console on the Exchange Server:

  1. Press Win + R, type mmc, and press Enter.

  2. In the MMC console, go to FileAdd/Remove Snap-in.

  3. Select Certificates from the list, then click Add.

  4. Choose Computer account and click Next → Select Local Computer → Click FinishOK.

  • Import the Certificate

  1. In the MMC console, navigate to:

    • Certificates (Local Computer)Trusted Root Certification AuthoritiesCertificates.

  2. Right-click on CertificatesAll TasksImport.

  3. Follow the Certificate Import Wizard:

    • Click Next and browse to the location of the ws-fed-signing-owa.cer

    • Select the certificate and click Next.

    • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

    • Click NextFinish.

2. Execute Commands in Exchange Management Shell for Exchange OWA:

  • Open the Exchange Management Shell and execute the following commands:

In the above command:

  • {OWA Base URL} is the Exchange OWA host,

  • {IPI WS Fed URL} is the Idp WS Federation URL.

  • {IPI Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

Step 4: Configure Sign-On to Exchange admin center (EAC) via IPI Server

1. Install the Certificate on the Exchange Server for Exchange OWA:

  • Open the MMC Console on the Exchange Server:

  1. Press Win + R, type mmc, and press Enter.

  2. In the MMC console, go to FileAdd/Remove Snap-in.

  3. Select Certificates from the list, then click Add.

  4. Choose Computer account and click Next → Select Local Computer → Click FinishOK.

  • Import the Certificate

  1. In the MMC console, navigate to:

    • Certificates (Local Computer)Trusted Root Certification AuthoritiesCertificates.

  2. Right-click on CertificatesAll TasksImport.

  3. Follow the Certificate Import Wizard:

    • Click Next and browse to the location of the ws-fed-signing-ecp.cer

    • Select the certificate and click Next.

    • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

    • Click NextFinish.

2. Execute Commands in Exchange Management Shell for Exchange admin center (EAC):

  • Open the Exchange Management Shell and execute the following commands:

In the above command:

  • {ECP Base URL} is the Exchange Admin Center (EAC) host,

  • {IPI WS Fed URL} is the Idp WS Federation URL.

  • {IPI Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

If you need to configure both Outlook Web Application (OWA) and Exchange Admin Center (EAC) simultaneously, you can use the following command:

Command Parameters Explained:

  • {IPI WS Fed URL}: The URL of the IPI WS Federation endpoint, acting as the Identity Provider (IdP) for authentication.

  • {OWA Base URL}: The base URL of the Outlook Web Application Service Provider (SP), such as https://mail.example.com/owa/.

  • {ECP Base URL}: The base URL of the Exchange Admin Center (EAC) Service Provider (SP), such as https://mail.example.com/ecp/.

  • {IPI Cert Thumbprint}: The thumbprint of the IPI signing certificate installed on the Exchange server, used to establish a trust relationship.

Example:

Step 5: Configure Virtual Directories:

1. Configure virtual directories for AD FS authentication for OWA:

2. Configure virtual directories for AD FS authentication for Exchange admin center (EAC):

Step 6: Restart Internet Information Services (IIS)

Restart IIS to apply the changes:

PreviousWS-Federation integrationNextIPI Client deployment

Last updated