Mail Server Settings

Once the administrator creates an account for the users, Access Manager Plus sends email notifications to users with their account details. The email sent from Access Manager Plus will serve as both a notification and contain vital information such as access URL and credentials for login. Hence, it is essential to configure mail server settings in Access Manager Plus before adding users. Access Manager allows you to configure the SMTP mail server used in your environment or an external mail server - Microsoft Exchange Online, that permits OAuth 2.0 authentication for all emails sent from Access Manager Plus.

The following sections will help you to learn about configuring different mail server settings in Access Manager Plus.

  1. Configuring Microsoft Exchange Online as the mail server
  2. Configuring other mail servers

1. Configuring Microsoft Exchange Online as the Mail Server

To configure Microsoft Exchange Online as the mail server, create an Azure application in the Microsoft Azure portal to generate required inputs such as Tenant ID, Client ID, and Client Secret for OAuth 2.0 authentication. Follow the below sub-sections for further configuration details:

1.1 Creating an Azure Application in Microsoft Azure

  1. Log in to the Microsoft Azure portal.
  2. Click App registrations on the Microsoft Azure home page.
    3. mail-server-1
  3. Click + New registration from the top pane of the App registrations page.
    4. mail-server-2
  4. On the Register an application page, enter the following attributes:
    1. Enter the application name of your choice, e.g. Access Manager Plus.
    2. Choose the Supported account types.
    3. For the Redirect URI, choose Web from the drop-down and enter the URI of the Access Manager Plus application in the following format: https://Hostname:port/ampredirect/AzureOAuth.
      4. mail-server-3
  5. Click Register to add Access Manager Plus as an application in the Microsoft Azure portal. Now you will be redirected to the page with the essentials of the newly registered application.
    6. mail-server-4
  6. From the left pane, click API permissions under Manage. In the API Permissions page, click + Add a permission.
    1. In the Request API Permissions page, choose Microsoft Graph.
    2. Click Delegated Permissions and search for 'SMTP.Send' in the Select Permissions search bar to populate relevant permissions. Select the option SMTP.Send and click Add Permissions.
    3. Click Delegated Permissions and search for 'offline_access' in the Select Permissions search bar to populate relevant permissions. Select the option offline_access and click Add Permissions.
      4. mail-server-5
  7. After adding the required API permissions, click the Grant admin consent button beside + Add a Permission.
  8. In the pop-up that opens, click Yes to grant consent for the requested permissions.
    9. mail-server-6
  9. Click the Certificates & secrets option on the left pane.
  10. Navigate to the Client secrets tab and click + New client secret.
  11. Enter a Description, choose an expiry period, and click Add.
  12. Immediately after the creation, the client secret value will be displayed under the Value column in the table. Copy the value and save it in a secure location. This client secret value will be displayed only once and will not be accessible once you navigate to other pages of the Microsoft Azure portal.
    13. mail-server-7
  13. Once you have registered the application with the appropriate permissions, go to the Access Manager Plus web interface and configure the mail server settings.

1.2 Configuring Microsoft Exchange Online as the Mail Server in Access Manager Plus

  1. Navigate to 'Admin >> Server Settings >> Mail Server Setting'.
  2. In the pop-up that opens, enter the following:
    1. In the Server Name field, enter the actual SMTP server's name. E.g., smtp.office365.com
    2. Port - The default port for TLS is 587, and SSL is 465. Enter the port that you are using.
    3. Choose Microsoft Exchange Online from the Mail Server drop-down.
    4. Sender E-mail Address - Enter the sender's email address. Make sure that the address you provided here is the same as the email provided in the Microsoft Azure sign-in credentials.
    5. Access URL - Please ensure that the Access URL is the same as the Redirect URI mentioned in step 4.c. For example, if the mentioned Redirect URI is https://amp-server:9292/ampredirect/AzureOAuth, then the Access URL entered here must be https://amp-server:9292.
    6. Tenant ID - Enter the directory ID of the Azure application.
    7. Client ID - Enter the application ID of the Azure application.
    8. Client Secret - Enter the client secret value created for the Azure application.
    9. Click Save to save the mail server settings.
    3. mail-server-8

You have now configured Microsoft Exchange Online as your mail server for your organization. Once you save the settings, the session will redirect you to the Microsoft Azure portal for the first-time authentication. This is a one-time operation during the mail server configuration.

2. Configuring Other Mail Servers

  1. Navigate to 'Admin >> Server Settings >> Mail Server Setting'.
  2. In the pop-up that opens, enter the following:
    1. Server Name: Enter the name of the SMTP server used in your environment E.g. manageengine.360.com.
    2. Port - Enter a valid port number. By default, most SMTP servers work with port 25. However, the default port for TLS is 587, and SSL is 465. If you are choosing TLS or SSL under the Secure Connection Protocol option required below, then enter the corresponding port here.
    3. Choose Others from the Mail Server drop-down.
    4. Sender E-mail Address: Provide the email address that will appear as the sender's email address in the email notifications sent from Access Manager Plus. Ideally, this could be the email of your team's IT admin.
      5. mail-server-setting
    5. Access URL: Enter the URL with which users can access Access Manager Plus. This URL will be included in the notification email sent to them.
    6. Requires Authentication: Selecting this checkbox will give you two options:
      1. Specify a Username and Password Manually - Choose this option to provide a username and password to log in to the access URL.
      2. Use an account stored in Access Manager Plus - Choose this option to use an account stored in Access Manager Plus. The password of this account will be retrieved from Access Manager Plus and used at the time of authentication to the SMTP server.
    7. Use Secure Connection: Choose a protocol to encrypt the emails sent from Access Manager Plus. Choose None to leave the emails unencrypted.
      1. SSL - Secure Sockets Layer (SSL) is a cryptographic protocol that enables secure connection over the internet.
      2. TLS - Transport Layer Security (TLS) is a new version of SSL that enables secure connection over the internet.
    8. Once you have provided the authentication details and the secure connection protocol, click Test to send a test email for verification. Click Save once satisfied.

      9. Note: It is recommended to use SSL/TLS options for secure communication over the Internet/Intranet.

Top