We are looking to enable RSA SecureIDs on the OWA login to provide a 2 factor authentication for all OWA users. The problem is we need to prove that this is an option and that it works before enableing it for all users. Also not everyone has a SecureID that would need access to OWA as currently we only have a small number of users that use them for VPN access. I've read some helpful documentation from RSA on adding their authentication to OWA however I would like a way for now to provide an option for users to login normally or login with RSA. Or perhaps i could have a second webpage? one for RSA users and one for non-RSA users? This would be a temporary solution for testing purposes and once proof of concept is shown we would order SecureIDs for all users needing OWA access and then migrate to a single RSA login. Any ideas would be very helpful. Thanks, Andrew

Hi Why have two sites? You want to implement RSA/two factor authentication because you want higher security Then why give them the opportunity with a less secure solution? But yes, you can create a new OWA virtual directory, it will require one more IP I want to recommend TMG for a more secure publishing of the OWA Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

There’s no native support on Exchange 2003, 2007 and 2010 for two-factor authentication RSA SecurID can be deployed either in IIS on an exchange 2007 CAS server, exchange 2003 FE server, or on a server that is ISA server in front of them How to Configure RSA SecurID for Outlook Web Access Configuring Exchange 2003 for Client Access The closest thing Microsoft has for two-factor authentication is Certificate-Based Authentication with smart card How to Configure Certificate Based Authentication for OWA (Exchange 2007) Log onto Outlook Web Access with Smart Cards (Exchange 2003) Exchange Related Deployment Scenario or Feature Forefront TMG Forefront UAG Support two-factor authentication for Outlook Web App Y Y --------Refer to <Publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010> Jonas’s right. You can use TMG or UAG to accomplish it on exchange 2010 Understanding Authentication for Outlook Web AppPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.