Difference between revisions of "Template:Directory Services Authentication"
[unchecked revision] | [unchecked revision] |
Ltalaschus (talk | contribs) |
Ltalaschus (talk | contribs) |
||
Line 1: | Line 1: | ||
=== Authentication === | === Authentication === | ||
− | *'''Method'''<br/>Here you can choose how users that have been synchronized from {{{1|directory service}}} will be authenticated.<br /> When choosing the option ''{{#ifeq: {{{1|Active Directory}}}|Active Directory|Kerberos / NTLM|LDAP}}'', users log in using the MailStore Client, respectively the Outlook Add-In or Web Access, and the credentials are passed to MailStore Server that verifies them against the configured directory service. When choosing the option ''AD FS (Open ID Connect)'' the users will be redirected to the AD FS login page and authenticate themselves there. The policies configured in AD FS are taking affect for the MailStore login as well. | + | *'''Method'''<br/>Here you can choose how users that have been synchronized from {{{1|directory service}}} will be authenticated.<br /> When choosing the option ''{{#ifeq: {{{1|Active Directory}}}|Active Directory|Kerberos / NTLM|LDAP}}'', users log in using the MailStore Client, respectively the Outlook Add-In or Web Access, and the credentials are passed to MailStore Server that verifies them against the configured directory service. When choosing the option ''AD FS (Open ID Connect)'' the users will be redirected to the AD FS login page and authenticate themselves there. The policies configured in AD FS are taking affect for the MailStore Server login as well.<br /> When using Open ID Connect to authenticate users, accessing the archive via IMAP is not possible for technical reasons. |
::When selecting ''AD FS (Open ID Connect)'', you have to configure your AD FS [[Setup_Active_Directory_Federation_Services|according to our setup guide]]. Afterwards you have to configure the following settings in MailStore Server: | ::When selecting ''AD FS (Open ID Connect)'', you have to configure your AD FS [[Setup_Active_Directory_Federation_Services|according to our setup guide]]. Afterwards you have to configure the following settings in MailStore Server: | ||
:*'''Discovery URI:''' The Discovery URI is the URI where the AD FS are reachable. Typically this is the host name of the AD FS server followed by the path ''/adfs'', e.g. ''<nowiki>https://adfs.example.com/adfs</nowiki>''. The certificate used by the AD FS must be trusted. | :*'''Discovery URI:''' The Discovery URI is the URI where the AD FS are reachable. Typically this is the host name of the AD FS server followed by the path ''/adfs'', e.g. ''<nowiki>https://adfs.example.com/adfs</nowiki>''. The certificate used by the AD FS must be trusted. |
Revision as of 07:09, 23 April 2021
Authentication
- Method
Here you can choose how users that have been synchronized from directory service will be authenticated.
When choosing the option Kerberos / NTLM, users log in using the MailStore Client, respectively the Outlook Add-In or Web Access, and the credentials are passed to MailStore Server that verifies them against the configured directory service. When choosing the option AD FS (Open ID Connect) the users will be redirected to the AD FS login page and authenticate themselves there. The policies configured in AD FS are taking affect for the MailStore Server login as well.
When using Open ID Connect to authenticate users, accessing the archive via IMAP is not possible for technical reasons.
- When selecting AD FS (Open ID Connect), you have to configure your AD FS according to our setup guide. Afterwards you have to configure the following settings in MailStore Server:
- Discovery URI: The Discovery URI is the URI where the AD FS are reachable. Typically this is the host name of the AD FS server followed by the path /adfs, e.g. https://adfs.example.com/adfs. The certificate used by the AD FS must be trusted.
- Client ID: The Client Identifier of the Application Group that has been created for MailStore Server in AD FS.
- Redirect-URI: The Redirect-URI must match the Redirect-URI that has been configured in the Application Group.