Two-factor authentication for OWA - OWA 2FA - is an additional layer of security which requires users to respond to a second authentication challenge when logging into OWA.

Important: At the moment, OWA 2FA is not manageable in HostPilot. Contact support if you need to enable/disable/make changes to the service.

Note: OWA 2FA is now available for all shared Exchange 2013/16 domains.

Enabling OWA 2FA

To enable 2FA on your Exchange domain, please contact Support.

Using OWA 2FA

Once OWA 2FA is enabled for your users, they will no longer be able to log in to OWA using the Unified Login Page. They will need to use the following URL:

Default Exchange server location OWA 2FA URL

East

https://east-2fa.exchXXX.serverdata.net/owa
West https://west-2fa.exchXXX.serverdata.net/owa

where XXX is your Exchange domain.
Important: to protect your account information we cannot publish your Server names in public Knowledge Base. Please log into your HostPilot to get correct settings under Home > Exchange servers and settings:

Exchange server settings

  1. Have the user navigate to the URL provided above, enter their username and password and click Login
  2. On the first login, the user will be asked to choose a 2FA method and enter your phone number:
    • DoubleSafe app: Push notification - uses the DoubleSafe mobile app. The app is available for iOS and Android platforms. After its installation and setup, on every login, a push notification is sent to the mobile device. User will need to allow access from their mobile device
    • SMS text message - the code is sent to the specified number as a text message
    • Voice call - the code is provided via a voice call to the specified number
    • DoubleSafe: One-time passcode - uses the DoubleSafe mobile app. On every login, a one-time passcode is generated on the mobile device
    •  Google Authenticator - uses the Google Authenticator mobile app. On every login, a verification code is generated in the Google Authenticator app on the mobile device

Note: in some cases Google Authenticator app may not be supported, please contact support for more details

2FA methods

       3. The selected method can be changed on the next login

Once the user passes the second authentication step, they will be redirected to OWA.

Important: if the AppID service is enabled for you, we recommend not to use a browser with the AppID extension to log in to OWA with 2FA.

2FA Reset Option

There are two ways to reset the 2FA settings for the user depending on how 2FA was enabled on the back-end.

  1. The first option is by logging in the HostPilot. In HostPilot please navigate to Users and click on the user you would like to reset 2FA for. Under User Info click on Edit 2FA settings.
  2. edit2fa
  3. You will be presented with current settings and options to disable 2FA, change authentication type, or phone number. To reset 2FA settings, click Reset 2FA settings.
    edit2fa1

If there is no Edit 2FA settings button under the User Info tab, the only option to Reset 2FA is to contact support. In such cases, please reach our Support department to reset 2FA.