Microsoft OWA ile F5 APM Integration

Hijacking user credentials poses a risk of unauthorized access to accounts. Nowadays, providing additional security steps to solve such problems is possible with the SecTrail verification server.

This document provides information on two-factor authentication with one-time passwords (SMS, email, SoftOTP) using SecTrail for Microsoft Outlook Web Application.

F5 Access Policy Manager (APM) Integration with SecTrail

1. The F5 APM policy prompts the user to enter their credentials for the initial authentication on the login screen.
2. The user is authenticated with the entered credentials against the Active Directory server.
3. If the authentication is successful, the phone or email address and username information obtained from AD is sent to the SecTrail server, and a second login screen is presented to the user.
4. The SecTrail server sends a one-time password to the address (phone number or email) provided in the request via SMS or email. An external SMS proxy or email server is used for the transmission. In the case of using SoftOTP (software token), the password is generated through the SecTrail Authenticator mobile application.
5. The user enters the SMS, email password sent by the SecTrail server, or the one-time password generated by the SecTrail Authenticator mobile application on the second login screen.
6. The one-time password is sent to the SecTrail server through F5,
7. The SecTrail server verifies the one-time password and sends the response.
8. Dönen cevap başarılı ise F5, Microsoft Outlook Web Application(OWA) için SSO yaparak
   oturumu başlatır.

Mobile Application Support

If you want to use SoftOTP, you can ensure your security through the SecTrail Authenticator mobile application.

You can download the SecTrail Authenticator application to your mobile device from the Apple App Store or Google Play Store.