Exchange connection - Authentication tab
Existing Exchange connection
Type of authentication
User name - Password
With this option,
the user name and password that you use for login to Windows will be
used in Intrexx to log on to Exchange. The login data can either be
queried session-based and must then be entered by the users every time
they log on to the portal again, or you can enter the data in encrypted
format on the MediaGateway in order to avoid needing to renew logins.
In this case, a connection will be created by Intrexx between the
logged-in Intrexx user and the saved login information for the Exchange
Kerberos will determine the login information according to the current
Windows user and will log in automatically log.
Please note the following basic requirements for a successful
authentication with Kerberos:
The Intrexx portal must be run with
The users in your Active Directory must be correspondingly entered to
Intrexx. Users can also be imported with ease.
Please ensure that at least one user is contained in the Administrators
group, so that you can continue to administrate the system.
The server on which the MediaGateway is installed
requires the group permission "Delegation".
All clients and server must be members of the same domain.
The Exchange server may not use form-based authentication
for Outlook web access / Exchange. You can find more information about this topic in
In Internet Explorer, the security settings for the zone to
be used during user authentication must be set to "Automatic login
with current user name and password". In addition, the
checkbox "Activate Integrated Windows
authentication"needs to be activated in the advanced settings.
With the Kerberos authentication, you will have a true
single-sign-on for access by your users to the Exchange server that will use the
integrated Windows authentication.
If a user cannot be authenticated, the session-based login will
automatically be activated.
Service Principal name
For successful authentication, the entry of a so-called Service
Principal Name (SPN) is required. The SPN contains the information
about the service for whom a Kerberos ticket should be created. This
ticket will be required for the
The dialog will suggest a SPN to you, but in practice, it may need to
be adjusted, depending on your system environment.
The SPN will usually be made up of the following components:
host/<Computer DNS Name>@<KERBEROS_REALM>
Computer DNS name: fully qualified host name (such as mycomputer.mycompany.com)
KERBEROS_REALM: as a rule, the domain in capitals (like MYCOMPANY.COM)
The SPN would, therefore, read as follows with the sample data:
Access data for the Exchange server
The login of an Intrexx user to the Exchange server takes place via a
login box that will be shown when an Intrexx Exchange application is
called up in the portal.
||The Kerberos authentication only works if the
requesting client uses the fully qualified Name in the server URL which
is entered in the login box and not the IP of the Exchange servers
The request of a portal on client systems depends on the configuration
of your DNS server and has to be executed via one of the following URLs:
Please ask your system administrator for further information on this topic.
In the configuration of the access data for the Exchange server, you
can define whether specific data should be automatically entered to the
login box, like the domain, or if data should be taken from the User
Manager, such as the user name, or which data must be manually entered
by the user to the login box in Intrexx Exchange applications.
Exchange user name / Email address / Domain / Server (URL)
In each case, opens a dialog
where you can define the source for the user name, email address, domain and server URL
for logging in to the Exchange server.
Query login data session-based on the web
If this setting is not activated, all login information from the login box will
be saved as user account in the MediaGateway as soon as the user logs
on for the first time with the Intrexx Exchange application. If this
login was successful, the corresponding account information will be
saved, encrypted with RSA, to the MediaGateway. The next time the
Intrexx portal is visited, the login will not be required, as long as
the connection to the Exchange server can be established.
Next, the login box will then only be shown again when changes to the
access data of the user come about, i.e. when, for example, the value
of a relevant field in the User Manager has changed.
If the setting is set for "Login data in web is session-based",
the information will be queried for each session and no account will be
created on the MediaGateway. The login box will thereafter always be
shown the first time an Intrexx user opens an Exchange application in
An Intrexx portal user can only access the information on the
Exchange server for which they have been provided permission by the
Overview of known users
Opens a dialog
which contains a list of the users in the MediaGateway. This link is clickable
if MediaGateway accounts have already been created because users have logged in.