Click Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Protected Resources.
Click New, then specify a display name for the resource.
(Optional) Specify a description for the protected resource.
Select an authentication contract. If you want to enable non-redirected login, select Name/Password - Basic as the authentication contract.
(Optional) If you want to enable non-redirected login, click the Edit Authentication Procedure icon, then click the contract that you have added to specify the following information:
Non-Redirected Login: Select the option to enable non-redirected login.
Realm: Specify the security realm configured for the IIS server running the Outlook Web Access server.
To check the security realm configured for the IIS server, open the IIS Administration Console, right-click the Outlook Web Access Server Access Gateway is protecting, then select Properties. The Directory Security tab contains the Security realm field.
Create protected resource:
In the Protected Resource List, click New, specify a name such as root, then click OK.
Specify the following values:
Authentication Procedure: Select the contract you created.
URL Path: Make sure that /* is selected. If you have configured Outlook Web Access as a path-based service, then click the URL path and add the path name of the service. For example, /owa/*, where owa is the path name.
Click OK.
Create a second protected resource:
In the Protected Resource List, click New, specify a unique name, then click OK.
Specify the following values:
Authentication Procedure: Do not select any authentication procedure because the URL path is a public resource.
URL Path: Specify /exchweb/* in the URL path. If you have configured Outlook Web Access as a path-based service, click the URL path and add the path name of the service. For example, /owa/exchweb/*, where owa is the path name.
Click OK > OK.
Click OK.
In the Protected Resource List, ensure that the protected resource you created is enabled.
If you want to enable single sign-on, configure Identity Injection or Form Fill policy depending on the Outlook Web Access configuration. For information, see Configuring Identity Injection.
Continue with Configuring a Rewriter Profile.