Can ADFS be used to provide authentication services for exchange (2013 sp1), so clients can connect to exchange using outlook. All clients will be external to the exchange forest
I have an exchange 2013 sp1 setup with a single CAS server and MBX server. I would like to provide access to the mailboxes hosted in this environment to external clients without going down the trusts root and also without creating extra user accounts in the domain where exchange is setup.
I would like to use ADFS 2.1 to authenticate the clients, however is this possible so that users can use outlook to connect to their mailboxes or is it just restricted to Outlook Web App
I would like to use ADFS 2.1 to authenticate the clients, however is this possible so that users can use outlook to connect to their mailboxes or is it just restricted to Outlook Web App
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Brad Groux
Backing up Cliff's comments (don't assign points please). ADFS just provides a method for authentication, the source needs to still be there.
ASKER
Apologies I may not have made my self clear. The clients will all have AD accounts in their source domain. I have one forest where I have my local domain accounts (Int Domain). I have another domain which is hosting exchange mailboxes.(Hosted domain) Rather then have all the user accounts duplicated from Int domain to the hosted domain, I want to use a claims based Identitiy mangment system which would be able to authenticate the existing users to the hosted domain.
My long term goal is to be able to offer my clients hosted mailboxes using a sso solution, so that they just need to authenticate once with their own corporate user account.
My long term goal is to be able to offer my clients hosted mailboxes using a sso solution, so that they just need to authenticate once with their own corporate user account.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys for the above. Accepted I will need to create the exchange mailboxes with associated A/D accounts in the same forest.
What is the best way to set up a single sign on solution between my other domain and the domain with the hosted exchange mailboxes.
My long term goal is to be able to offer clients a SSO solution whereby they can use their corporate A/D credentials to authenticate with their mailboxes hosted at my exchange domain, without using trusts or manually having to manage both set's of credentials.
What is the best way to set up a single sign on solution between my other domain and the domain with the hosted exchange mailboxes.
My long term goal is to be able to offer clients a SSO solution whereby they can use their corporate A/D credentials to authenticate with their mailboxes hosted at my exchange domain, without using trusts or manually having to manage both set's of credentials.