Posts Tagged Outlook web access

Outlook Web App (OWA) Claims-Based Authentication Type

Outlook Web App (OWA) is the web interface to Exchange Server 2010 email. OWA allows users to access their email from a web browser and not be dependent on having the Outlook application installed on the computer they are using. As with any application that allows users to access sensitive data, users must first authenticate before gaining access to their email. OWA can be configured to perform Integrated, Basic, Digest , Forms-Based and Claims-Based authentication. This article discusses Claims-Based Authentication.

Claims-Based Authentication:
Claims-based authentication is an industry standard that uses a SAML token for authentication. On its own, OWA does not support claims based authentication, however, Windows Identity Foundation (WIF) comes with a service that can convert a claims token into a Windows Token that OWA can use to authenticate the user.

Claims-Based authentication allows applications to have a common way to authenticate and get information about users. Claims-Based authentication abstracts authorization and identity into two parts, i.e. Authority and Claims. Claims are information that tell something about an entity.
Examples of claim information are name, ethnicity, email, and mailing address. The entity providing the claim is considered the Identity Provider (IdP) or authority and also provides the authentication or proving of the user’s identity. Claims are packaged into a token and delivered to the requesting party by the IdP. Before providing the claims, the IdP also authenticates the user.

Applications that use Claims-Based authentication are freed from having to perform account management such as creating the account and password and maintaining them. The claims coming into the application let the application know what they need to know about the user without having to request the information from the user.

Users can login once to an IdP or authority and then have the IdP send requested claims to other applications the user may want to access. This eliminates the user having to log in more than once and keep track of multiple credentials.

, , , , , , , ,

No Comments

Outlook Web App – Email Attachment Security

Outlook Web App (OWA) is the web interface to Exchange Server 2010 email. OWA allows users to access their email from a web browser and not be dependent on having the Outlook application installed on the computer they are using. This article discusses options available for minimizing the risks associated with opening email attachments within OWA.

Attachments in OWA are treated differently than in Outlook. Because OWA is run through a browser, users have the option to open the attachment which may cause damage to the local computer and possibly infect the network.

OWA has a number of options for controlling how attachments are handled. A list of attachment file types that should be controlled by OWA can be generated. Additional lists can be generated for different files types, depending on the security needed. Each list can have a 1 or 2 levels set on them.

1. Level 1 file types won’t be available to the user at all
2. Level 2 file types can be saved to disk and then opened from the operating system.

OWA also has the ability to set these attachment security level settings at the MIME files level.

Finally, OWA can also prevent users from sending specified attachment types.

With the efficiency and convenience that OWA brings, also comes the potential for risk and it is a good idea to consider securing your OWA email attachments.

_______________________________________________________

To learn more about this topic and solutions…

Google Keywords: owa security risks

 

, , , , , ,

No Comments

Outlook Web App Authentication Types

Outlook Web App (OWA), formerly Outlook Web Access, is the web interface to Exchange Server 2010 email. OWA allows users to access their email from a web browser and not be dependent on having the Outlook application installed on the computer they are using. As with any application that allows users to access sensitive data, users must first authenticate before gaining access to their email.

OWA has four built-in authentication methods:

Integrated Authentication: Domain users that are already logged into the internal Domain through the initial Windows login get automatic access to OWA without being prompted.

Basic Authentication: Username and password are collected via the standard Windows Security dialog and sent over HTTP to the server.

Digest Authentication: This method is similar to Basic Authentication except that the password is hashed before transmission.

Forms-Based Authentication: Login credentials are collected from a Sign-in web page branded as the OWA login page.

In addition, OWA can also be configured to use Claims-Based Authentication. Claims-based authentication is an industry standard that uses a SAML token for authentication. On its own, OWA does not support claims-based authentication, however, Windows Identity Foundation (WIF) comes with a service that can convert a claims token into a Windows Token that OWA can use to authenticate the user.

Check back shortly to see more articles that describe each authentication method in more detail.

___________________________________________________________________

To learn more about this topic and solutions…

Google Keywords: owa authentication platform

 

, , , ,

No Comments

© 2013-2014 PortalGuard All Rights Reserved