Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2007-11-29

This topic provides links to resources for implementing RSA SecurID for use with Microsoft Office Outlook Web Access in Microsoft Exchange Server 2007. RSA SecurID is a product that increases mailbox security by providing a single-use passcode, also known as a one-time password, for users who access Outlook Web Access. A device is used to generate a new single-use passcode every time that a user logs on.

Implementing RSA SecurID

RSA SecurID can be deployed either in Internet Information Services (IIS) on an Exchange 2007 Client Access server, or on a server that is running Internet Security and Acceleration (ISA) Server in front of a Client Access server.

For information about RSA, see For information about RSA SecurID, see

The third-party Web site information in this topic is provided to help you find the technical information you need. The URLs are subject to change without notice.

For information about how to implement RSA SecurID through ISA Server, see Outlook Web Access Publishing in ISA Server2004: RSA SecurID and Forms-Based Authentication. Information in this document also applies to ISA Server 2006.

When a user logs on to Outlook Web Access by using forms-based authentication, a cookie is created that is tracked on the Client Access server. If the user is inactive in Outlook Web Access for too long, the cookie will expire and the user will be automatically logged off. RSA SecurID offers a similar feature that they call "cookie expiration time". However, the RSA SecurID time-out feature does not interoperate well with Outlook Web Access. Therefore, you should use the automatic time-out that is a feature of forms-based authentication instead of using the automatic time-out feature in RSA SecurID.

For More Information

For more information about how to help secure Outlook Web Access, see the following topics:

For more information about ISA Server and Outlook Web Access, see "Secure Application Publishing Walk-Throughs" in Secure Application Publishing.