owa 2019 single sine on "SSO"

Hammoudeh 346 Reputation points
2021-12-16T11:02:02.863+00:00

Hello all,

We have in-house application portal and we need to add email "owa" to that portal and users will be able to logon to OWA as single sing on. I did select windows authentication thought OWA virtual decretory and restart IIS but it did not work "still asking for user's credential". I revert to previous configurations now. Is there another way configure SSO for OWA.

158232-image.png

158060-image.png

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,045 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,214 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Joyce Shen - MSFT 16,631 Reputation points
    2021-12-17T01:47:44.147+00:00

    Hi @HamoudaAlbakri-3924,

    Do you mean you run the below commands to enable 'SSO' for your OWA and ECP?

    Set-OwaVirtualDirectory -Identity "EXCH\owa (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true  
    Set-EcpVirtualDirectory -Identity "EXCH\ECP (Default Web Site)" -FormsAuthentication $false -WindowsAuthentication $true  
    

    If we want to have single sign on Exchange Server by owa. We could enable Window Integrated Authentication. Integrated Authentication allows domain users who are logged on to domain computers to automatically logon to OWA.
    However, Integrated Authentication is not suitable for remote access by people using non-domain member computers, or people who are connecting via proxy servers.

    This is a similar thread discussed the similar question: How to configure Exchange 2013 OWA with Single Sign On

    And another choice to meet this requirement: Enable SSO (Single Sign On) to On-Premises Exchange OWA (Outlook Web Access) via Azure AD Application Proxy
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    1. Enable Kerberos Authentication for Outlook Web Access On-Premises
    2. Enable Exchange On-Premises to use Integrated Windows Authentication
    3. Login to the Azure Portal to add your own on-premise application, Once your application is created, you should be redirected to Azure Active Directory -> Enterprise Applications -> Outlook Web Access. On this blade, select Single sign-on and then select the Windows Integrated Authentication button.

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Hammoudeh 346 Reputation points
    2021-12-19T09:58:03.467+00:00

    i got the following message when i enabled windows authentication:

    158685-image.png

    I added https://mail.contoso.kw in trusted website, but still same thing