Difference between revisions of "Template:Directory Services Authentication"
| [checked revision] | [checked revision] |
Ltalaschus (talk | contribs) |
m |
||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
=== Authentication === | === Authentication === | ||
| − | *'''Method'''<br/>Here you can choose how users that have been synchronized from {{{1|directory service}}} will be authenticated. | + | *'''Method'''<br/>Here you can choose how users that have been synchronized from {{{1|directory service}}} will be authenticated. |
| − | + | ** ''{{#ifeq: {{{1|Active Directory}}}|Active Directory|Kerberos / NTLM|LDAP}}''<br/>With this option, users can log on directly to MailStore Server with their {{{1|directory service}}} credentials. The provided credentials are relayed by MailStore Server to {{{1|the directory service}}} for verification. | |
| − | + | ** ''AD FS (OpenID Connect)''<br/>If your company employs Active Directory Federation Services (AD FS), users can also log on to MailStore Server using OpenID Connect through AD FS. For this, you have to configure your AD FS [[Setup_Active_Directory_Federation_Services|according to our setup guide]] and enter the following parameters in MailStore Server afterwards. | |
| − | + | *** '''Discovery URI'''<br/>The URI by which the AD FS are reachable. Typically, this is the fully qualified domain name of the AD FS server followed by the path ''/adfs'', e.g. ''<nowiki>https://adfs.example.com/adfs</nowiki>''. The certificate used by the AD FS must be trusted. | |
| − | + | *** '''Client ID'''<br/>The ''Client Identifier'' of the ''Application Group'' that has been created for MailStore Server in AD FS. | |
| + | *** '''Redirect-URI'''<br/>The ''Redirect-URI'' that has been configured in the ''Application Group''. | ||
| + | *** '''Always require credentials for login'''<br/>If this option is enabled, users must authenticate against AD FS everytime they log on to MailStore Server. | ||
| + | *; <div class="msnote">'''Please note:''' When using OpenID Connect to authenticate users, [[Accessing_the_Archive_via_Integrated_IMAP_Server|accessing the archive via IMAP]] is not possible for technical reasons.</div> | ||
<noinclude> | <noinclude> | ||
[[de:Vorlage:Verzeichnisdienste_Authentifizierung]] | [[de:Vorlage:Verzeichnisdienste_Authentifizierung]] | ||
[[en:Template:Directory_Services_Authentication]] | [[en:Template:Directory_Services_Authentication]] | ||
</noinclude> | </noinclude> | ||
Latest revision as of 13:37, 23 April 2021
Authentication
- Method
Here you can choose how users that have been synchronized from directory service will be authenticated.- Kerberos / NTLM
With this option, users can log on directly to MailStore Server with their directory service credentials. The provided credentials are relayed by MailStore Server to the directory service for verification. - AD FS (OpenID Connect)
If your company employs Active Directory Federation Services (AD FS), users can also log on to MailStore Server using OpenID Connect through AD FS. For this, you have to configure your AD FS according to our setup guide and enter the following parameters in MailStore Server afterwards.- Discovery URI
The URI by which the AD FS are reachable. Typically, this is the fully qualified domain name of the AD FS server followed by the path /adfs, e.g. https://adfs.example.com/adfs. The certificate used by the AD FS must be trusted. - Client ID
The Client Identifier of the Application Group that has been created for MailStore Server in AD FS. - Redirect-URI
The Redirect-URI that has been configured in the Application Group. - Always require credentials for login
If this option is enabled, users must authenticate against AD FS everytime they log on to MailStore Server.
- Discovery URI
- Please note: When using OpenID Connect to authenticate users, accessing the archive via IMAP is not possible for technical reasons.
- Kerberos / NTLM
