All, I'm at a bit of an impasse. I have configured an ISA 2004 EE Array to use RSA SecurID for accessing a published OWA site. I can authenticate against the RSA Authentication Manager just fine. The problem comes when the OWA site is passed back to the client; a user different from the one that authenticated against RSA can log onto OWA. Does ISA 2004 EE only support a VPN-like logon (authenticate against RSA for access to the network) for RSA? Or is there a way to have the ISA Array ensure that "two-factor" authentication is followed without putting an RSA agent on it? Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.