One-shot target application configuration for MS-OFBA

This article shows how to configure a one-shot target application for usage with MS-OFBA.

Note that this article covers only part of the MS-OFBA setup. Please refer to MS-OFBA Configuration in Airlock Gateway (WAF) and Airlock IAM for all configuration steps.

The one-shot target application configuration takes care of handling the MS-OFBA-specific HTTP protocol parts and it redirects the web browser built into MS-Office applications (such as Word) to the login screen.


  • Airlock Gateway (WAF) must be configured to redirect the authentication request to IAM.
  • SharePoint must be configured as back-end in Airlock Gateway (WAF).

Limited Loginapp features available

Note that the MS-Office applications (e.g. Word) use outdated browser libraries (IE11 or IE8) that are not compatible with the AIrlock IAM Loginapp REST UI.

The Loginapp REST UI provides a very limited set of features available for MS-OFBA by offering a separate Loginapp front-end written in JavaScript. Currently, only username password authentication and mTAN as the second factor are supported.

If Microsoft does not update to newer browser libraries, MS-OFBA support may be removed from Airlock IAM in future versions.


  1. Go to:
    Loginapp >> Airlock One-Shot Authentication
  2. Create a new target application of type MS-OFBA One-Shot Target Application and open it.
  3. Set the properties according to the examples in the following table. Note that the values depend on the loginapp type (JSP-Loginapp or Loginapp REST UI). Please consult the property documentation in the Config Editor for further information.
  4. Property

    Value for JSP-Loginapp

    Value for Loginapp REST UI

    URL Pattern*

    User Agent HTTP Header Pattern

    Microsoft Office(.*)

    Browser Redirect URL

    MS-OFBA Authentication URL

    MS-OFBA Success URL

    MS-OFBA Display Size


  5. In the IAM mapping on Airlock Gateway (WAF) make sure to enable the allow rule for one-shot authentication (One-Shot Functionality).