Configure SMTP Email Settings

Privileged Identity can send email via SMTP for reporting and alerting purposes. You must have access to an SMTP server. To configure Privileged Identity to send emails, first select Settings > Email Settings from the management console.

General Settings

SMTP Email Settings > General

Email Profile

  • Profile Name: You can create multiple email profiles, but only one can be used at a time.
  • Description: Enter a short description of this profile.

Sender Information

This information is sent in the header of each email and appears to the recipient. Some email servers reject messages that don't have the proper address information for these fields.

  • Name: Enter the "from" name for the email.
  • Organization: Enter the name of your organization.
  • Sender Email: Enter the "from" address for the email.
  • Reply-to Email: Enter the address that replies should be sent to.
  • Read Receipts Email: (Optional) Enter the address that read receipts should be sent to. A read receipt prompts the user to send a delivery status notification as soon as they open the email. If the recipient approves the receipt to be sent, their email client sends a reply to this address.
  • Return Receipt To Email: (Optional) Enter the address that delivery receipts should be sent to. A delivery receipt requests the receiving mail server to send a delivery status notification as soon as it receives the email.

Priority, Sensitivity, and Importance

  • Priority: (Optional) Choose if emails should be sent with a status of Unspecified, Normal, Urgent, or Non_Urgent.
  • Sensitivity: (Optional) Choose if emails should be sent as Unspecified, Personal, Private, or Company_Confidential.
  • Importance: (Optional) Choose if emails should be sent with an importance of Unspecified, High, Normal, or Low.

Advanced Message Settings

 

Don't confuse this section with email subject lines. This section allows you to write custom MIME headers, which are added to the email before the body of the message appears. Do not enter any information in this section unless you need special headers and are comfortable writing MIME headers for email.

  • Name: Enter the attribute name to include in the message header.
  • Value: Enter the attribute value to include in the message header.

Outgoing Server Settings

SMTP Email Settings > Outgoing Server

Outgoing SMTP Server Settings

  • Outgoing SMTP Server Name: Enter the DNS or IP address of the mail server.
  • Port: Set the port through which to connect to the mail server.

    Port 25 is standard for email, although it may be port 465 or 587 for SSL/TLS-encrypted email. Click Default to reset it to 25.

  • Server Timeout: Set the number of seconds to wait for email to send.
  • Authentication Method: Select the authentication method your mail server is configured to use. Incorrect method settings can prevent connection to a mail server even if the credentials are correct.
    • USER_PASSWORD: Basic username and password as defined below.
    • CRAMMD5: Challenge-response authentication; protects passwords in transit.
    • NTLM: Challenge-response authentication; never sends a user password.
    • SASLPLAIN: Challenge-response authentication; does not protect the password in transit.
    • KERBEROS: Kerberos authentication with the email server.
    • XOAUTH2: OAuth authentication; requires configuration of the OAUTH2 Authentication tab.
  • SSL/TLS Channel Encryption: If using SSL/TLS encryption, choose the option that your SMTP server is configured to use.
    • AUTOMATIC: Negotiate with the email server to find a supported SSL/TLS or plain-text method. Not all email servers support negotiation.
    • IMPLICIT: The mail server expects the initial connection to be already encrypted with SSL/TLS.
    • EXPLICIT: The mail server does not require the initial connection to be encrypted with SSL/TLS but may use SSL/TLS after the connection is initiated.
    • NONE: Use when automatic negotiation does not work and SSL/TLS is not configured on the email server.

Email Server Authentication

  • Use Authentication Credentials: The username and password to connect to the mail server. If your mail server allows anonymous authentication, you can leave this unchecked. 

Email Server SSL Settings

  • Use SSL Client Certificate Authentication: Select this option if your SMTP server is configured to use SSL encryption. SSL encryption allows both logon credentials and data to be encrypted during the SMTP transaction. The server must be set up to use SSL encryption for this option to work.
  • User Certificate File: Enter the path to the security certificate file.
  • User Authentication Certificate Store: Enter the path to the certificate store, if configured.
  • User Certificate Password: If required, enter the password to your certificate file.
  • Enable Cached Certificate: Select if you want to allow the certificate information to be cached.

Test Options

  • Test Connection: Verify that you can connect to the SMTP server and that the server accepts the configured credentials. This option completes the handshake with the server, but it does not send mail.

    The program log records the transaction details:

    SetMailServer error: 11001, [11001] Host not found

    Failed to fill SMTP settings

    Failed to send email message error: Host not found.

  • Send Test Email - Send a test email.

S/MIME Settings

SMTP Email Settings - SMIME

Sign Email

  • Sign Email: Select this option to digitally sign outgoing email using Secure Multi-Purpose Internet Mail Extensions (S/MIME). This allows recipients to verify that the email was not tampered with.

If Privileged Identity cannot read the signing file you select, this check box will be automatically cleared the next time you open this dialog. To make sure the signing certificate file is valid, be sure to click Verify before closing these settings.

  • Signing File: Browse for a certificate located in the file store.
  • Signing Certificate Store: Choose from a list of certificates held in the certificate store.
  • Signing Cert Password: If applicable, enter the password used while exporting the certificate.
  • Hash Algorithm: Choose the algorithm used to prepare the message digest for signature.
  • Enable Cached Certificate: Select this option to allow the certificate to be cached in the program database; clear this option if the certificate should be loaded from the path specified above. You might want to enable this option if signing fails because you're running components on different servers, which can't access the required certificate locally.
  • Attach Certificate to Email: If you select this option, the certificate used to sign the message is encoded and included in the message signature.
  • Verify: Click to test that the email can be successfully signed.

Encrypt Email

  • Encryption File: Select this option to encrypt outgoing email with the recipient's public key. The recipient must have the corresponding private key to decrypt the email.

 

If you use Secure Multi-Purpose Internet Mail Extensions (S/MIME) to encrypt email, you must have an enterprise public key infrastructure (PKI). Only messages sent to recipients in your organization's address list can be encrypted. Recipients who do not have a certificate cannot read encrypted messages.

If Privileged Identity cannot read the encryption file you select, this check box will be automatically cleared the next time you open this dialog. To make sure the encryption file is valid, be sure to click Verify before closing these settings.

  • Encryption File: Browse for a certificate located in the file store.
  • Encryption Certificate Store: Choose from a list of certificates held in the certificate store.
  • Encrypt Cert Password: If applicable, enter the password used while exporting the certificate.
  • Encryption Algorithm: Choose the algorithm used to encrypt the email.
  • Enable Cached Certificate: Select this option to allow the certificate to be cached in the program database; clear this option if the certificate should be loaded from the path specified above. You might want to enable this option if signing fails because you're running components on different servers, which can't access the required certificate locally.
  • Verify: Click to test that the email can be successfully encrypted.

OAUTH2 Authentication Settings

SMTP Email Settings - OAUTH2 Authentication

  • ClientId: Enter the ID of the OAuth client that was assigned when you registered Privileged Identity with the authorization server.
  • ClientSecret: Enter the client secret that was created when you registered Privileged Identity.
  • ServerAuthURL: Enter the URL of the authorization server.
  • ServerTokenURL: Enter the URL used to obtain the access token.
  • AuthorizationScope: (Optional) Enter the scope request or response parameter used during authorization. If the scope is not set, the authorization server will use the default access scope as determined by the server. To request a specific access scope, set this to a space-separated list of strings as defined by the authorization server.
  • AuthenticationValue: Provide an authentication value if required by your authorization server.
  • Get OAUTH Authentication: Click to start the authorization process. A browser window opens to the OAuth authenticaton page you specified so that you can complete the authentication flow.
  • Sample Data: Click to populate the configuration fields with sample data for a demo application.

 

Clicking Sample Data will overwrite your form entries.

  • Hide Browser Response: Click to suppress the confirmation pop-up that indicates successful authentication.

Firewall Configuration

SMTP Email Settings - Firewall Configuration

  • Firewall Type: If necessary, configure settings to connect to your SMTP server through a firewall. Select the type of firewall to connect through.
    • None: (Default) The client connects directly to the mail server.
    • Tunnel: Bypasses the local router and connects the email client directly to the email server.
    • SOCK S4: Basic proxy connection with no additional security that supports TCP.
    • SOCK S5: Basic proxy connection that combines TCP and UDP support and allows for domain name resolution (DNS).
  • Auto Detect Firewall: Select this option if you want to automatically detect and use firewall system settings, if available.
  • Host: (Optional) Enter the domain name or IP address of the firewall. If you provide the domain name, a DNS request will set this property to the corresponding address.
  • Port: The TCP port of the firewall host is set automatically based on the selected firewall type, but you can edit it for non-default configurations.
  • User Name: If the firewall requires authentication, enter a username.
  • Password: If the firewall requires authentication, enter the password for the provided username.

 

SMTP Logging Settings

SMTP Email Settings - SMTP Logging

  • Enable Event Log Logging: Select this option if you want Privileged Identity to write SMTP log events to the Windows event log. This can be helpful in troubleshooting problems with SMTP traffic.
  • Enable SMTP File Logging: Select this option if you want Privileged Identity to write SMTP application log events to a text file. This can be helpful in troubleshooting problems with SMTP traffic.

File Logging Settings

  • Log File Name: Enter the path to the .txt file where you want SMTP events to be logged.