Configure Forms-Based Authentication for Outlook Web App

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

You can configure forms-based authentication and the sign-in prompt that's used by forms-based authentication on an Outlook Web App virtual directory on a Client Access server.

Forms-based authentication gives you three options for the default sign-in format. These options change only the text on the Outlook Web App sign-in page. They don't cause a particular format to be required. The user can use any of the standard sign-in formats regardless of the text on the page.

FullDomain This is the domain and user name of the user in the format domain\user name. For example, for a user named Kweku in the domain Contoso, the sign-in would be contoso\kweku.
PrincipalName If user principal name (UPN) sign-in format is specified, the User Name field on the Outlook Web App sign-in page guides the user to enter their e-mail address. For example, kweku@contoso.com. Users can access Outlook Web App by entering their primary e-mail address or by entering their UPN.
UserName This is the user name only and doesn't include the domain name. For example, Kweku. If you use the UserName sign-in prompt for forms-based authentication, you must also specify the DefaultDomain property. The DefaultDomain property determines the default domain to use when a user tries to access Outlook Web App. For example, if the default domain is Contoso, and a domain user named Kweku signs in to Outlook Web App, only Kweku must be entered as the user name. The server will use the default domain Contoso. If the user isn't a member of the Contoso domain, the domain and user name must be entered.

Looking for other management tasks related to forms-based authentication? Check out Setting Up Forms-Based Authentication for Outlook Web App.

Use the EMC to configure forms-based authentication for Outlook Web App

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.

In the console tree, select Server Configuration, select Client Access, select the server that hosts the Outlook Web App virtual directory, and then click the Outlook Web App tab.
In the work pane, select the virtual directory that you want to configure to use forms-based authentication, and then click Properties.
Click the Authentication tab.
Select Use forms-based authentication.
Select the sign-in format that you want to use.

Note:

You must restart Internet Information Services (IIS) by using the command iisreset/noforce for these changes to take effect.

Note:
You must restart Internet Information Services (IIS) by using the command `iisreset/noforce` for these changes to take effect.

Use the Shell to configure forms-based authentication for Outlook Web App

This example configures forms-based authentication on an Outlook Web App virtual directory in the default IIS Web site on the local Exchange server.

	Copy Code
Set-owavirtualdirectory -identity "owa (default web site)" -FormsAuthentication:$true

Use the Shell to configure the default sign-in method used by forms-based authentication

This example configures a full domain sign-in format,

	Copy Code
Set-owavirtualdirectory -identity "owa (default web site)" -LogonFormat FullDomain

This example configures a UPN sign-in format.

	Copy Code
Set-owavirtualdirectory -identity "owa (default web site)" -LogonFormat PrincipalName

This example configures a user name sign-in format and sets the default domain.

	Copy Code
Set-owavirtualdirectory -identity "owa (default web site)" -LogonFormat UserName -DefaultDomain "<domain name>"

Note:
You must restart IIS by using the command `iisreset/noforce` for these changes to take effect.

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

Other Tasks

After you configure forms-based authentication for Outlook Web App, you may also want to: