Two-factor authentication for OWA - OWA 2FA - is an additional layer of security which requires users to respond to a second authentication challenge when logging into OWA.

Important: At the moment, OWA 2FA is not manageable in CONTROL PANEL. Contact support if you need to enable/disable/make changes to the service.

Note: OWA 2FA is now available for all shared Exchange 2016 domains.

Enabling OWA 2FA

To enable 2FA on your Exchange domain, please contact Support.

Using OWA 2FA

Once OWA 2FA is enabled for your users, they will no longer be able to log in to OWA using the Unified Login Page. They will need to use the following URL:

  1. Have the user navigate to the URL provided above, enter their username and password and click Login
  2. On the first login, the user will be asked to choose a 2FA method and enter your phone number:
    • DoubleSafe app: Push notification - uses the DoubleSafe mobile app. The app is available for iOS and Android platforms. After its installation and setup, on every login, a push notification is sent to the mobile device. User will need to allow access from their mobile device
    • SMS text message - the code is sent to the specified number as a text message
    • Voice call - the code is provided via a voice call to the specified number
    • DoubleSafe: One-time passcode - uses the DoubleSafe mobile app. On every login, a one-time passcode is generated on the mobile device
    • Google Authenticator - uses the Google Authenticator mobile app. On every login, a verification code is generated in the Google Authenticator app on the mobile device

      2FA methods

      The selected method can be changed on the next login
  3. Once the user passes the second authentication step, they will be redirected to OWA.

Important: if the ConnectID service is enabled for you, we recommend not to use a browser with the ConnectID extension to log in to OWA with 2FA.