Two-factor authentication for OWA - OWA 2FA - is an additional layer of security which requires users to respond to a second authentication challenge when logging into OWA.

Important: OWA 2FA can be enabled by Intermedia by request.

Note: OWA 2FA is now available for all shared Exchange 2013/16 domains.

Enabling OWA 2FA

To enable 2FA on your Exchange domain, please contact your Sales representative.

Using OWA 2FA

Once OWA 2FA is enabled for your users, they will no longer be able to log in to OWA using the Unified Login Page. They will need to use the following URL:

Default Exchange server location OWA 2FA URL

East

https://east-2fa.exchXXX.serverdata.net/owa
West https://west-2fa.exchXXX.serverdata.net/owa

where XXX is your Exchange domain. You can look up both the default location and Exchange domain under $cpnanelname > Exchange servers and settings:

Exchange server settings

  1. Have the user navigate to the URL provided above, enter their username and password and click Login
  2. On the first login, the user will be asked to choose a 2FA method and enter your phone number:
    • DoubleSafe app: Push notification - uses the DoubleSafe mobile app. The app is available for iOS and Android platforms. After its installation and setup, on every login, a push notification is sent to the mobile device. User will need to allow access from their mobile device
    • SMS text message - the code is sent to the specified number as a text message
    • Voice call - the code is provided via a voice call to the specified number
    • DoubleSafe: One-time passcode - uses the DoubleSafe mobile app. On every login, a one-time passcode is generated on the mobile device
    • Google Authenticator - uses the Google Authenticator mobile app. On every login, a verification code is generated in the Google Authenticator app on the mobile device

      2FA methods

      The selected method can be changed on the next login
  3. Once the user passes the second authentication step, they will be redirected to OWA.

Important: if the AppID service is enabled for you, we recommend not to use a browser with the AppID extension to log in to OWA with 2FA.