Has anyone created a 2 factor authentciation for Outlook Anywhere using F5 APM and DUO ?

Hi,

What are you looking for? Configuration help.

1)What is authentication method you want to use (LDAP, RADIUS)? 2)Do you require logon page to be present for initial login?

You need to prepare all prerequisite first. Basically you can keep your apm profile as below.

Start -- logon page -- ldap/radius authentication -- variable to pass authetication to 2FA -- RADIUS Auth (Duo) -- Varible to assign password -- sso credential from logon page --- Allow.

Thanks & Regards, Habib Khan

The problem is Outlook Anywhere is RPC over HTTP so DUO alone at this time doesn't have ability to 2-factor it but I was wondering if F5 APM by itself had any ability to 2 factor it somehow since we are exposing Outlook Anywhere to Internet.

Hi.

I already deployed it few years ago. And unfortunately at this moment OA didn't supported that we set an auth (portal) between client and exchange. The only way that I find is to auth user using NTLM. It was the only way.. But it was a exchange limitations and not F5.

Additional when you set up this kind of architecture you will be vulnerable to ntlm brute force... but it's working and you can secure ntlm auth using an irule (check in devcentral).

What you have to check is if exchange support federation and if yes you can reach your needs.

SKYPE support it. If you move SKYPE auth to modern or passive auth you can auth user using what ever you want...

Let me know if I can help you. Regards