Entrust Identity as a Service™ Administrator Help
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. Customize Identity as a Service >
  3. Manage mail servers

 

Manage mail servers

The Mail Server setting allows you to use your own SMTP mail server to send emails. By default, email messages are sent from the Identity as a Service built-in mail server. When you configure a custom SMTP server, all messages sent from Identity as a Service are sent from the custom SMTP server.

For Basic authentication you provide the SMTP username and password directly in IDaaS. For OAuth authentication, you do not provide the username and password for authorization in IDaaS. The username is retrieved after signing in to the OAuth application as long as you have the required ID token.

Before you begin, you need the following information:

 For Basic authentication:

The hostname or IP address of your SMTP server

The SMTP username (the email address associated with the mail server)

The SMTP password for the SMTP username

For example, if you want to set up Gmail as your SMTP server, you would use the following:

SMTP server: smtp.gmail.com

Protocol: TLS(465)

SMTP username: your full Gmail address (for example, username@gmail.com)

SMTP password: your Gmail password

 For OAuth authentication:

The Issuer URL from your mail server

Authorization Endpoint

Token Endpoint

The Client ID of the application configured on the mail server

The Client Secret of the application configured on the mail server

The required scopes

For example, if you want to set up Google as your SMTP server, you would use the following:

The Issuer URL from your mail server: accounts.google.com

Protocol: TLS(465)

Authorization Endpoint: https://accounts.google.com/o/oauth2/v2/auth

Token Endpoint: https://oauth2.googleapis.com/token

The Client ID: your full Gmail address (for example, username@gmail.com).

The Client Secret: your gmail password

The required scopes: https://mail.google.com https://www.googleapis.com/auth/userinfo.email  

Configure a custom mail server using basic authenticationConfigure a custom mail server using basic authentication

Click > Configuration > Mail Server. The Mail Server page appears.

Select Custom Mail Server to set a custom mail server. The Mail Server page appears.

Select the Basic Authentication Method.

Select the Protocol used by your mail server to secure your emails.

In the SMTP Server field, enter the hostname of the SMTP server (your outgoing mail). For example, smtp.mailprovider.com.

In the SMTP Username field, enter the SMTP username. This is the email address associated with the mail server (for example, example@yourdomain.com).

In the SMTP Password field, enter the SMTP password of the SMTP username.

Optional. In the From Name field, enter the name of the user that sends the emails.

In the From Address, enter the email address that sends the email message.

In the Reply To Address, enter the email address that receives replies. Leave this field blank to disable the ability to send replies.

Click Save.

Click Send Test Email to test the settings.

Configure a custom mail server to use OAuth authenticationConfigure a custom mail server to use OAuth authentication

Click > Configuration > Mail Server. The Mail Server page appears.

Select Custom Mail Server to set a custom mail server. The Mail Server page appears.

Select the OAUTH Authentication Method.

Select the Protocol used by your mail server to secure your emails.

If applicable, enter the Issuer URL used to by your server to send outgoing mail. For example, https://accounts.mailprovider.com.

Click Fetch Configuration. If available, this button fetches the Authorization Endpoint and the Token Endpoint. If the Fetch Configuration option is not available for your SMTP mail server, refer to your mail server provider documentation and interface  for the Authorization Endpoint and Token Endpoint and then enter the information in the corresponding fields.

If needed to configure your OAuth mail server, copy the Redirect URI and paste it where required in your mail server configuration page.

Enter the Client ID of the application configured on the mail server.

Enter the Client Secret of the application configured on the mail server.

Enter the Scopes needed for the application. These permissions the users have when using the mail server, for example

Read, write, send, and delete emails

Link users to their personal information on the mail server.

See primary account email address

If there are multiple scopes, separate them with a space.

Example: https://mail.mailprovider.com https://mailproviderapis.com/auth/userinfo.email

Note: The offline_access scope is not required for GMAIL OAUTH. If added, it causes an error.

Click Authorize. You are redirected to your OAuth application to sign in.

Enter your application username and password. If you receive a message that your OAuth application has not yet been approved app access, you must provide the consent for IDaaS to have access to your OAuth account.

Click Continue. A verification page appears. Optionally, click the link to view the email Services that IDaaS will be able to access. these are the scopes that your defined in step 8.

Click Continue again to return to the IDaaS Mail Server page. The SMTP Username and the From Address fields are populated from the OAuth log in information.

Note: If there is no ID Token, you must manually enter the SMTP username.

If required, copy the Redirect URI. You need this to configure Microsoft or Gmail email OAuth servers.

In the SMTP Server field, enter the hostname of the SMTP server (your outgoing mail). For example, smtp.mailprovider.com.

Optionally:

In the From Address, enter the email address that sends the email message.

In the Reply To Address, enter the email address that receives replies. Leave this field blank to disable the ability to send replies.

Click Save.

Click Send Test Email to test the settings.