Template:Directory Services Authentication

Revision as of 13:37, 23 April 2021 by Bmeyn (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


  • Method
    Here you can choose how users that have been synchronized from directory service will be authenticated.
    • Kerberos / NTLM
      With this option, users can log on directly to MailStore Server with their directory service credentials. The provided credentials are relayed by MailStore Server to the directory service for verification.
    • AD FS (OpenID Connect)
      If your company employs Active Directory Federation Services (AD FS), users can also log on to MailStore Server using OpenID Connect through AD FS. For this, you have to configure your AD FS according to our setup guide and enter the following parameters in MailStore Server afterwards.
      • Discovery URI
        The URI by which the AD FS are reachable. Typically, this is the fully qualified domain name of the AD FS server followed by the path /adfs, e.g. https://adfs.example.com/adfs. The certificate used by the AD FS must be trusted.
      • Client ID
        The Client Identifier of the Application Group that has been created for MailStore Server in AD FS.
      • Redirect-URI
        The Redirect-URI that has been configured in the Application Group.
      • Always require credentials for login
        If this option is enabled, users must authenticate against AD FS everytime they log on to MailStore Server.
    Please note: When using OpenID Connect to authenticate users, accessing the archive via IMAP is not possible for technical reasons.