How to setup Outlook Sync proxy for SSO

Outlook does not support GSSAPI protocol, that is why you need to configure certain settings after implementing SSO. If you use SSO from the very beginning, we recommend starting the installation with the parameter -sso from the command line to set up the profile for SSO.

Note: Before setting up a proxy:

  • Create relevant key tabs for SSO on your domain controller for all related services (SMTP and IMAP protocols in this case)

  • Enable SSO and GSSAPI protocol on the IceWarp server.

See our knowledge base article to know more.

In order for Outlook Sync to work without an Exchange server, it needs to create a local proxy, which imitates POP3 of Exchange server. This proxy then sends a response to Outlook stating that there are no new emails. In this way, Outlook can work without Exchange server. This is the reason why Outlook Sync uses .pst (POP3 account) rather than .ost. IMAP account is not supported by Outlook Sync. You can add many accounts of different types to Outlook via Outlook's account settings. However, you can bind only one POP3 account with Outlook Sync and its Profile manager.

We expanded the existing proxy to allow other mail protocols to be proxied via Outlook Sync as well and thus enabling the Single Sign-on.

There are two layers of settings that need to be configured:

  • How Outlook Sync connects to IceWarp server.

  • How Outlook connects to Outlook Sync. We mentioned that Outlook Sync behaves like a proxy in SSO mode.

Setting Outlook Sync and IceWarp server connection

  1. Go to Outlook Sync settings -> Login credentials -> Connection section to state the way how Outlook Sync connects to IceWarp server.

    Figure. Logon Credentials tab in Outlook Sync settings.

  2. Enter the hostname of the IceWarp (internal or external DNS A record)

  3. Indicate port numbers that are used for the connection to SMTP and IMAP (based on the settings of the company's firewall).

  4. Select connection type. The best practice is to set up SSL or TLS encryption to avoid sending passwords over the network in plain text. You can choose an unsecured connection only if Outlook is used from a local network without any access from the internet.

  5. Check if the proxy is running. Go to Outlook Sync settings -> Advanced -> Auxiliary Local Server.

    Note: You can use the random port numbers for the Auxiliary Local Server. Maximum length supported in POP3 and SMTP port fields is 5 digits. Maximum port number possible is limited to 65535.

    Outlook Sync is able to detect any available ports for the proxy communication. In case you want to change the ports, stop the proxy, change ports and then start the proxy again. Avoid using ports that are by default used by other services, e.g. 25, 465, 587, 143, 993, 80, 443, etc. Use higher port numbers (max 5 digits) to avoid binding the proxy to a port that is used by a web browser.

    Figure. Advanced tab in Outlook Sync settings.

  6. If Auxiliary Local Server does not run, Outlook Sync will not function in SSO mode. Click Start to enable it.

Setting Outlook and Outlook Sync connection

You need to adjust the settings of Outlook communication first and not Outlook Sync.

  1. Run Outlook and create a POP3 account. File -> Account Information -> Add Account

    Figure. New Account.

  2. Set the account to accept incoming and outgoing mail. Go to File -> Account Information -> Account Settings -> Server Settings

    Figure. Incoming server.

  3. Enter Connector as a User Name. Enter password. The password can be anything except blank.

  4. Check server settings. It is important to have 127.0.0.1 for SSO configuration.

  5. Set the same ports as in Outlook Sync Settings -> Advanced -> Auxiliary Local Server.

    Note: Incoming mail server address is always 127.0.0.1 whether you use SSO or not. In case you do not use SSO, the Incoming mail server remains at 127.0.0.1 and the Outgoing mail server (SMTP) can be set up directly to IceWarp address and the Auxiliary Local Server has to be stopped.

  6. Click Outgoing Mail to switch to Outgoing server settings.

    Figure. Outgoing server.

  7. Check if encryption for POP3 and SMTP ports is disabled. Do not mistake this with Outlook Sync's encrypted connection towards IceWarp. If you encrypt the communication between Microsoft Outlook and Outlook Sync, the communication would not get through. Click Next to save the settings.

  8. Uncheck the checkbox to automatically test account settings and click Next to save all settings.

  9. Return to Outlook Sync and switch the Authentication type to Single Sign-on.

    Figure. Authentication type.

  10. Once you enter your domain credentials, the SSO will start working.