Secure Password Authentication (SPA) is a proprietary Microsoft protocol used to authenticate Microsoft email clients with an electronic mail server when using the SMTP, POP, or IMAP.
This article provides information on how you can set up SPA in Outlook with the KOFF profile for a domain-joined user.
Kerio Connect should be installed on Windows.
NOTE: KOFF secure authentication will work only when Kerio Connect Server is running on the Windows platform. This is because Kerio Connect for Mac or Linux does not support NTLM authentication, which is used by KOFF during secure authentication.
- The host on which the Kerio Connect server is installed has to be domain joined, and domain mapping should be appropriately configured for Active Directory.
- Do not confuse domain joining a host computer to Active Directory and mapping Active Directory domain to the Kerio Connect domain in Webadmin.
- Domain joining host computer depends on the operating system; on Windows, it is usually achieved via Control Panel configuration.
- The user for which the KOFF profile will be created must have a Kerio Connect Mailbox created.
- Such a user can be created by installing Kerio Connect Active Directory Extension on the Active Directory server before creating the user. (For more information refer to Adding Users to Kerio Connect.)
- The host on which KOFF and Outlook are installed must be domain joined.
- The user previously created must log in on this machine using their Active Directory credentials.
- Follow the creating Profiles in MS Outlook (Steps 1-4).
- Enter the Server name (hostname of the PC on which the Kerio Connect server is installed) and choose Secure Password Authentication.
E.g., Server name:
- In the Server Details tab, checkmark the option for Use secure connection (SSL).
- Click Retrieve Info and OK to finish the profile configuration.
The KOFF profile is successfully configured using SPA, and the account information is retrieved.