This document explains how to implement Monosign with Microsoft Exchange - OWA.
This documentation contains 4 main steps for integration.
Creating an Application on Monosign
Configuration Single Sign-On for Microsoft Exchange - OWA
Assign a user to the Microsoft Exchange - OWA app
Sign In Test
1- Creating an Application on Monosign
Create your application on Monosign and configure your access policy. Once you create, click “Keys” and add a new Access Key for Rest API Key for access.
We will need this information while configuring the Microsoft Exchange - OWA app.
Your application needs to have access to groups. If you are configured it yet, you can Edit your application, go to the “Source, Provider and Profile” tab, and configure User Group Access Type “Assigned Users and Defined Sources”. It means this application can access users’ groups when they sign in.
User Access Type
Defines which Users will access to this application.
Only Assigned Users
User Group Access Type
Defines application’s user group access
Only Assigned Users
Profile Access Type
Defines Application’s user’s profile access
Restricted - Only restricted user profile attributes
2- Configure your OWA App on IIS
2.1- Install IIS Module Files
Monosign MFA for Exchange OWA is working with IIS customization. Before continue please download below zip file.
Zip file is contains below files.
Copy the IIS Module “dll” files under your application “bin” folder.
For OWA use below path.
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\bin
bin directory if does not exist.
2.2- Configure OWA
Connect your OWA server and open IIS (Run inetmgr.exe).
Expand your Computer Name and click Sites then double-click “Default Web Site” right-click “owa” and click “Explore”. You will be redirected to the Explorer window that contains OWA configuration files.
Back up your
web.config file just in case.
web.config and Open with Notepad.
Edit and put your settings between the appSettings section.
<add key="MONOSIGN_API_URL" value="https://your-api-url/"/> <add key="MONOSIGN_API_KEY" value="your-api-key"/> <add key="MONOSIGN_API_SECRET" value="your-api-secret"/> <add key="MONOSIGN_DEBUG_MODE" value="true"/> <add key="MONOSIGN_LOG_PATH" value="log-directory"/> <add key="MONOSIGN_USER_EXCEPTIONS" value="if-you-have-type-email@address"/>
Add the following line to the end of the
<add name="MonoSignExchange" type="MonoSign.IISModule.MSExchange, MonoSign.IISModule"/>
Save the file. It will take a couple of minutes to restart the app.
Multiple User Sources on Monosign (Optional)
What if I use multiple User Sources in Monosign and I want to specify my User Source for my Exchange?
For that, add an additional line to
<add key="MONOSIGN_USER_SOURCE" value="MONOFOR"/>
This setting refers to your Active Directory User Source or Domain Name on Monosign.
Like the following
Or you can use the following Domain Name
3- Sign In Test
Now try login in. Navigate to the Microsoft Exchange - OWA app. Click Monosign on the UI.
If you cannot sign in to OWA, the following reasons may cause this.
The user needs to be assigned to the application
The user needs to configure MFA properly
You can check the log files if you cannot see the error properly.