Toggle navigationAirlock Secure Access HubAbout this documentAbout Airlock Gateway Release notesGetting startedGeneral warnings and recommendationsBasic conceptsREST API based configuration and administrationConfiguration Center (GUI)Configuration examples and guidesIntegration of 3rd-party products and applicationsControl APIHeader-based session trackingCSRF protection for SPAsICAP configurationJWKS providers configurationGraphQL integrationLet’s Encrypt as certificate providerThreat intelligenceMicrosoft integrationIntegration of Microsoft Exchange 2016 / 2019Configuring Gateway for OutlookConfiguring authentication enforcement for Outlook Web Access / Outlook on the WebConfiguring Airlock Gateway for Outlook AnywhereConfiguring authentication enforcement for Outlook AnywhereConfiguring Airlock Gateway for ActiveSyncConfiguring authentication enforcement for ActiveSyncTips for troubleshootingKB – Sufficient security processes availableKB – Does the back-end server accept Basic AuthenticationKB – Does Outlook Anywhere work properlyKB – Using the Exchange Management ShellKB – Information about MAPI over HTTPKB – Information about RPC over HTTPKB – Configure Exchange AutodiscoverPublishing Microsoft SharePoint 2016Requirements and limitationsAbout Microsoft SharePointPrepare SharePoint for Airlock Gateway integrationExtend web applicationConfigure Alternate Access Mappings in SharePointConfigure Airlock Gateway for SharePointCreate an Airlock Gateway virtual host for SharePointCreate an Airlock Gateway back-end group for SharePointCreate an Airlock Gateway mapping for SharePointActivate Airlock Gateway configurationConfigure authentication enforcement for SharePointAvailable authentication methods for SharePointConfigure Basic Authentication in SharePointRestrict access to the SharePoint mappingRedirect SharePoints logout request to Airlock IAMCreate an Airlock Gateway back-end group for Airlock IAMCreate an Airlock Gateway mapping for Airlock IAMActivate Airlock Gateway configurationConfigure Airlock IAM for SharePointSingle Sign-On experience for Microsoft Office applicationsConfigure Airlock Secure Session TransferConfigure the Airlock Gateway session cookie persistentlyTips for troubleshootingKB – Does the back-end server accept Basic AuthenticationPublishing Microsoft SharePoint 2019Requirements and limitationsAbout Microsoft SharePointPrepare SharePoint for Airlock Gateway integrationExtend web applicationConfigure Alternate Access Mappings in SharePointConfigure Airlock Gateway for SharePointCreate an Airlock Gateway virtual host for SharePointCreate an Airlock Gateway back-end group for SharePointCreate an Airlock Gateway mapping for SharePointActivate Airlock Gateway configurationConfigure authentication enforcement for SharePointAvailable authentication methods for SharePointConfigure Basic Authentication in SharePointRestrict access to the SharePoint mappingRedirect SharePoints logout request to Airlock IAMCreate an Airlock Gateway back-end group for Airlock IAMCreate an Airlock Gateway mapping for Airlock IAMActivate Airlock Gateway configurationConfigure Airlock IAM for SharePointSingle Sign-On experience for Microsoft Office applicationsConfigure Airlock Secure Session TransferConfigure the Airlock Gateway session cookie persistentlyTips for troubleshootingKB – Does the back-end server accept Basic AuthenticationPublishing Microsoft WebDAVRequirements and limitationsAbout WebDAVPrepare WebDAV for Airlock Gateway integrationInstall WebDAV features on Windows ServerEnable WebDAV and add authoring ruleConfigure Airlock Gateway for WebDAVCreate an Airlock Gateway virtual host for WebDAVCreate an Airlock Gateway back-end group for WebDAVCreate an Airlock Gateway mapping for WebDAVActivate Airlock Gateway configurationConfigure authentication enforcement for WebDAVAvailable authentication methods for WebDAVConfigure Basic Authentication in Microsoft IIS for WebDAVRestrict access to the WebDAV mappingCreate an Airlock Gateway back-end group for Airlock IAMCreate an Airlock Gateway mapping for Airlock IAMActivate Airlock Gateway configurationConfigure Airlock IAM for WebDAVTips for troubleshootingKB – Installing and Configuring WebDAV on IISKB – Installing Desktop Experience on Windows serverKB – Troubleshooting the WebDAV redirectorKB – Does WebDAV work properlyKB – Does the back-end server accept Basic AuthenticationKerberos integrationRequirementsAbout Back-side Kerberos SSOOverviewConceptExampleSingle domain setupLimitationsPrepare Kerberos for Airlock Gateway integrationEnable Kerberos authenticationEnable Kerberos authentication in IIS 10.0Enable Kerberos authentication in IIS 8.5Enable Kerberos authentication in IIS 7.5Enable Kerberos authentication in IIS 6.0Register SPNRegister SPN for the service userDisable Kernel-mode authenticationDisable Kernel-mode authentication in IIS 10.0Disable Kernel-mode authentication in IIS 8.5Disable Kernel-mode authentication in IIS 7.5Register SPN for the machine accountMitigate the risk of broken authenticationKeepAlive configuration for back-end connectionsDisable authPersistNonNTLM in IIS 10.0Disable authPersistNonNTLM in IIS 8.5Disable authPersistNonNTLM in IIS 7.5Active Directory configurationSystem user for Kerberos constrained delegationCreate a system userEnable Kerberos constrained delegation for the system userAllow Kerberos constrained delegation in a single domain setupAirlock Gateway configurationCreate a Kerberos EnvironmentRestrict access to the Web application's mappingConfigure Kerberos Environment for the back-end groupCreate an Airlock Gateway mapping for Airlock IAMActivate Airlock Gateway configurationAirlock IAM configurationConfigure Airlock IAM for Web application'sCross-domain setupLimitationsPrepare Kerberos for Airlock Gateway integrationEnable Kerberos authenticationEnable Kerberos authentication in IIS 10.0Enable Kerberos authentication in IIS 8.5Enable Kerberos authentication in IIS 7.5Enable Kerberos authentication in IIS 6.0Register SPNRegister SPN for the service userDisable Kernel-mode authenticationDisable Kernel-mode authentication in IIS 10.0Disable Kernel-mode authentication in IIS 8.5Disable Kernel-mode authentication in IIS 7.5Register SPN for the machine accountMitigate the risk of broken authenticationKeepAlive configuration for back-end connectionsDisable authPersistNonNTLM in IIS 10.0Disable authPersistNonNTLM in IIS 8.5Disable authPersistNonNTLM in IIS 7.5Active Directory configurationSystem user for Kerberos constrained delegationCreate a system userEnable Kerberos constrained delegation for the system userAllow Kerberos constrained delegation in a cross-domain setupAirlock Gateway configurationCreate a Kerberos EnvironmentRestrict access to the Web application's mappingConfigure Kerberos Environment for the back-end groupCreate an Airlock Gateway mapping for Airlock IAMActivate Airlock Gateway configurationAirlock IAM configurationConfigure Airlock IAM for Web application'sAdvanced SetupBack-end Failover / Load BalancingSame Host Header / SPNDifferent Host Header / SPNTips for troubleshootingKB - Verify the Airlock Gateway license for Back-side Kerberos SSOKB - Verify the domain and forest functional levelKB - The delegation tab is not availableKB - Access the back-end server directlyKB - Look for Kerberos log messagesKB - Inspect the Airlock Gateway sessionKB - Verify Host Header sent corresponds to the IIS configurationKB - Does the back-end server accept KerberosKB - Verify the Back-side Kerberos SSO SetupKB - Verify time synchronizationKB - Delayed response from configured domain controllersKB - Broken authentication in back-endKB - Verify the DNS configuration for Back-side Kerberos SSOKB - Network analysis for Back-side Kerberos SSOKB - How to enable Kerberos event loggingOperation tasksReference documentationExpert settings collectionTroubleshooting and supportIntegration of 3rd-party products and applicationsMicrosoft integrationMicrosoft integrationThis chapter contains documentation integration guides for various Microsoft products.Integration of Microsoft Exchange 2016 / 2019Publishing Microsoft SharePoint 2016Publishing Microsoft SharePoint 2019Publishing Microsoft WebDAVKerberos integration
Integration of Microsoft Exchange 2016 / 2019Publishing Microsoft SharePoint 2016Publishing Microsoft SharePoint 2019Publishing Microsoft WebDAVKerberos integration