This site uses cookies to serve our services. By using our site, you acknowledge that you have read and understood our Cookie Policy and Privacy Policy.
This implementation involves ADFS, Exchange and IBM Security Verify. I am assuming you already have ADFS deployed. If you do not yet have an ADFS server setup, I have included links to Microsoft’s ADFS setup guide further down in the article.
The best way to be alerted about our new news articles is to follow us on Twitter or LinkedIn. If you’d rather be notified by email, fill out the form below.
Scan the barcode below to open this article up on your mobile device and continue reading this on the go.
IBM Security Verify using SAML. Outlook Web Access uses WS-Fed. WS-Fed uses a different protocol than SAML, and the information that it needs in the response token is different. I use ADFS to translate the SAML response from IBM Security Verify into a WS-Fed response that Outlook Web Access understands.
That said, there is a bit of an advantage of using ADFS because it is non-invasive. If you look at other popular IDaaS, you’ll see they involve installing an agent onto your Exchange server. Each agent you install creates another piece of software you need to patch. And, if you ever want to use a different IDaaS, you need to hope the agent uninstall experience is excellent and without issues. Each time you update Exchange, the same applies. And, you need to remember to install the latest agent and patch from the IDaaS.
We’re using Microsoft’s supported integration between ADFS and OWA in this implementation. If you want to roll back, you run a couple of PowerShell commands that reverts Outlook Web Access to forms-based authentication, without impacting your mail server’s uptime. All of this is Microsoft supported. All of this is well-documented by Microsoft.
Besides, you’ll likely already have ADFS deployed in your environment. Why? I will deep-dive into this in a later article, but it allows your on-premise users a passwordless experience when accessing IBM Security Verify.
The process is seamless, and an easy workflow that all employees can understand.
If your users have not yet installed the IBM Verify app on their iOS or Android device (therefore have not yet registered an authentication factor), you can configure IBM Security Verify to request that they register an authentication factor upon sign-in. Below is how that process looks.
Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.
