Single Sign On (SSO) removes the need to re-authenticate to an application when accessing it for a second time - either during an existing Connectra / Mobile Access session, or even between Connectra / Mobile Access sessions.

The authentication credentials used for logging in to the Connectra / Mobile Access Portal can be re-used automatically by Connectra / Mobile Access to authenticate to multiple applications, accessed through Connectra / Mobile Access. It is also possible to record other credentials for the application, and store them for future use.

When SSO user credentials for an internal application differ from their portal credentials, they are securely stored on the Mobile Access gateway, and so remain valid even if the user logs back in from a different client machine.

Most web applications respond to authentication success by redirecting to another page, and then Automatic SSO is viable.

If a redirect is not an indication of success and if you want to use SSO, you must configure an indicator of success or failure, such as a cookie.

The following table lists the Web Applications officially supported by Connectra / Mobile Access Web Form (HTML) Based SSO authentication (a Web Application, listed in the table as having Automatic Configuration, is configured by simply checking the relevant box) .

Note: There are many other applications that also work with Automatic SSO.

Web Application	Is Automatic Configuration supported?
Citrix 4	Yes. Web-based Citrix (Fat clients are not supported).
Citrix 4.5	Yes. Web-based Citrix (Fat clients are not supported).
iNotes8	Yes.
Sharepoint	Yes.
OWA 2003	Yes (for Connectra NGX R66 - see below).
OWA 2007	Yes (for Connectra NGX R66 - see below).
OWA 2010	Yes (since R77). (Note: some limitation may apply with using portal credentials for SSO, if the server expects the credentials to be given in "DOMAIN\user" format).
OWA 2013	Requires manual configuration (see below)
OWA 2016	Requires manual configuration (see below)

Note: If you want to enable the SSO, then open the involved application, go to 'Single Sign On' page, and check the box "This application uses a Web form to accept credentials from users":

Connectra NGX R66.x and Outlook Web Access - Additional Configurations

To configure SSO for OWA 2003 and 2007 on Connectra NGX R66.x, proceed as follows:

Note: Pay attention to the OWA protocol that is used in the configuration of the URL:

• If the OWA works in "http", the URL should be http://<OWA Server>/owa/auth/logon.aspx
• If the OWA works in "https", the URL should be https://<OWA Server>/owa/auth/logon.aspx

In the following examples, OWA 2007 works with "http" (in clear), and OWA 2003 works with "https".

OWA 2003

In OWA 2003, there is no success cookie, so instead use the failure URL.

For OWA 2003 that works in "https", the following URL should be used:

https://<OWA Server>/exchweb/bin/auth/owalogon.asp



The same URL can also be used for the sign-in Web form detection.

OWA 2007

OWA 2007 should be configured to work with "cookie" success indicator. In case of success, OWA 2007 creates a cookie with the name "UserContext".



In addition, it is recommended to configure the login URL. For OWA 2007 that works with "http" (in clear), the URL is:

http://<OWA Server>/owa/auth/logon.aspx

OWA 2013/2016

OWA 2013/2016 should be configured to work with "cookie" success indicator. In case of success, OWA 2013/2016 creates a cookie with the name "cadataKey".

 

In addition, it is recommended to configure the login URL.

If OWA 2013/2016 is working with "http" (in clear), the URL is: http://<OWA Server>/owa/auth/logon.aspx.

If OWA 2013/2016 is working with "https", the URL is: https://<OWA Server>/owa/auth/logon.aspx.