FortiAuthenticator OWA Authentication Process

Bruce7x2 · ‎08-04-2023

I have two questions regarding the FortiAuthenticator OWA Agent:

When IIS is updated, is it necessary to reinstall the OWA Agent? (Assuming the latest version is being used)
Please refer to the diagram below. I would like to understand the entire process and sequence when users log in through a browser with the OWA Agent installed on IIS. Does the IIS+OWA Agent first authenticate the OTP with the Authenticator before proceeding with the account and password verification with AD? Or does the IIS+OWA Agent not perform account and password verification with AD? If so, does the Exchange Server still verify the account with AD in the end?

Bruce Liu

Jean-Philippe_P · ‎08-07-2023

Hello Bruce7x2,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Jean-Philippe - Fortinet Community Team

ebilcari · ‎08-07-2023

For the first question I'm not quite sure, I assume that there is no need to reinstall the Agent, it may depends on the changes that IIS does during the upgrade.

For the second question as described here: it validates the OTP prior to the AD password which prevents any possibility of brute forcing the password.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

FortiAuthenticator OWA Authentication Process

Nominate a Forum Post for Knowledge Article Creation