Can we integrate AuhtPoint with Outlook Web Access on premises without Firebox

Hello,

As in title, is there any chance to integrate AuthPoint with OWA on prem without Firebox ? All integration guides includes Firebox in that integration.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited June 2021

    Replied to the wrong post -- editing this -- one moment.

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Doing some research, it looks like On-Prem exchange doesn't support SAML natively. It does appear to be possible to enable SAML 2.0 with Azure AD via some hackery:

    example external link:
    https://jackstromberg.com/2016/06/enable-sso-single-sign-on-to-on-premises-exchange-owa-outlook-web-access-via-azure-ad-application-proxy/
    But if you're using Azure AD, you're probably using Office 365 and exchange online too.

    In order to officially support this, Microsoft would need to support the on-prem OWA being able to support SAML 2.0 natively for AuthPoint and any other SAML 2.0 service to hook into it and provide this.

    Our workaround for this is to use the firebox's access portal feature to block access to, and proxy traffic to once you've authenticated to that service. Since Access Portal supports SAML, you get AuthPoint (or whatever SAML based auth service you want to use.)

    TL;DR:
    No, this isn't supported. It seems like it could be possible via linked hacky way, but it's not somehting I would suggest deploying. If you'd like to use SAML based auth services like AuthPoint, let Microsoft know you want that feature in a future Exchange on-prem update.

    If you'd like to demo/use Access Portal, we do offer a pay as you go version of Firebox Cloud in Azure. If you'd prefer to use your current firewall solution, using this in the cloud as a trial to see if you like it might be a good option
    https://azuremarketplace.microsoft.com/en-us/marketplace/apps/watchguard-technologies.firebox?tab=overview

    -James Carson
    WatchGuard Customer Support

  • Ok, what about OWA in the Cloud, which is part of Office365 ? This way as i assume we can integrate AuthPoint using Azure AD with SAML. Can we also integrate OWA on premise using Radius authentication ?

  • @KrzysztofPazdziora said:
    Ok, what about OWA in the Cloud, which is part of Office365 ? This way as i assume we can integrate AuthPoint using Azure AD with SAML. Can we also integrate OWA on premise using Radius authentication ?

    If by OWA you mean mail.office365.com then that is supported by AuthPoint's SAML integration with 365. You can find the process for this here:
    https://watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/Office365-AuthPoint.html

  • I know this post is a little old, however I have the same issue and cant get solid answers. I have Hybrid Exch 2019 with most all mailboxes on-premise.
    Wanted to look at Authpoint solution, however how do we cover exchange services on-prem. I was told we needed ADFS, but does this actually help us, if so how?

    If I was to use access portal, what happens with activesync connections and Outlook Anywhere connections, I assume these are proxied also as all use port 443? In practice how does this work with the Access portal, how many times and when would MFA authentication be required? A mobile device for example, only one MFA when you initially set it up? I can see how it would work for OWA, but unsure for other services on the same port.
    I know this puts some overhead also on the Watchguard so what happens if you have 100 activesync users, what effect would this have on an M370?

    Thanks in advance

Sign In to comment.