The user makes a login request from the client to the OnTime server. The OnTime servers passes the login as an Authentication request to the Exchange server. In turn the user gets a token, valid for typically 7 days, for further requests to OnTime.

OnTime supports four types of authentication methods as shown below.

Form Based – Pass-through (HTTP and HTTPS)

How to login with your Outlook email address and password on the OnTime login screen. If you can approve by login operation, a Token will be issued.
The proper use of HTTP and HTTPS is determined by the URL to connect to.

HTTP(s) Domain (SSO)

This is a method that can be linked with SSO, Single-Sign-On as a function of Windows,joined to an AD domain, Windows integrated authentication. If it can be approved via AD, a Token will be issued.
Select HTTP or HTTPS at the time of setting to use HTTP and HTTPS properly.
The “OnTime Auth Service” bundled with OnTime runs on the server.

HTTPS ADFS (SSO)

An SSO that authenticates by redirecting to ADFS organisational authentication in Azure AD or on-premise AD. Azure AD configures SAML settings from an enterprise application.

HTTP(s) Mail Auth

This is a method to enter an email account to login to and send an email with a one-time activation link to that email account. OnTime activates the Token when you click the one-time activation link in the email.
Authentication is possible regardless of the mail system you are using, on-premise or cloud, client application you are using, etc. In addition, there is no need to link with the authentication system used by the organisation, and installation is simple.
Also, this one-time activation link can only be used once, so if you need it again, it will be resent. This one-time activation link is valid only 15 minutes after sending, and can be used only once. If you need it again, it will be resent. If you receive an email with a one-time activation link that you don’t remember, don’t click the link as someone else is trying to activate OnTime using that person’s account. Also, if this email is clicked first by anyone other than you, you need to worry about eavesdropping on the email environment and authentication to the email environment before OnTime.
Of course, if you enter an external email address or an email address that does not use OnTime even within the same organisation (an email address that is not subject to OnTime synchronisation), an error message will be displayed and the one-time link email will not be sent.