Mail Server Settings

Password Manager Pro sends email notifications to newly added users to inform them the details about their Password Manager Pro access credentials. Therefore, it is necessary to configure mail server settings prior to adding new users into the product. You can either configure the SMTP mail server used in your environment or use the Microsoft Exchange Online mailbox. Password Manager Pro supports OAuth 2.0 authentication for SMTP-based email communications when using Microsoft Exchange Online. Choosing Microsoft Exchange Online as the mail server will activate OAuth 2.0 authentication for all emails sent from the product. Read further to learn how to configure mail server settings.

Configure Microsoft Exchange Online as the Mail Server
Configure Other Mail Servers

1. Configure Microsoft Exchange Online as the Mail Server

To configure Microsoft Exchange Online as the mail server in Password Manager Pro, you must create an application in the Azure portal and generate the Application ID, Client ID, and Client Secret value. Follow the below steps:

1.1 Steps to Configure an Azure Application for Microsoft Exchange Online Server

Log in to the Microsoft Azure portal.
Click App registrations from the Microsoft Azure homepage.
Click + New registration from the top pane of the App registrations page.
In the Register an application page, enter the following attributes:
1. Enter a name of your choice for the application.
2. Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multi-tenant).
3. For the Redirect URI, choose Web from the drop-down list and enter the URI of Password Manager Pro application in the following format: <Password_Manager_Pro-URI>/pmpredirect/AzureOAuth".
  For example: https://win23-t11f:7272/pmpredirect/AzureOAuth
  
  Note: Ensure that the Password Manager Pro -URI provided here is the same as the one users use to access the Password Manager Pro application from other machines. Provide this Password Manager Pro-URI in the Access URL field in step 1.2.
Click Register. PMP will be added as an application in the Azure AD portal.
You will be taken to the page with the details of the newly registered application.
Click API permissions under Manage in the left pane. In the API Permissions page, click + Add a permission.

Note: Once an application is created in the Microsoft Azure portal, the User.Read permission will be added to it by default.
1. On the Request API Permissions page, click Microsoft Graph >> Delegated permissions.
2. Search for "smtp" in the Select Permissions search bar to populate relevant permissions. Select the option "SMTP.Send" from the list and click Add permissions.
3. Similarly, search for "offline_access" in the Select permissions search bar and add the offline_access permission.
Now, click the Grant admin consent button beside the + Add a permission button.
In the pop up that opens, click Yes to grant consent for the requested permissions.
Click the Certificates & secrets option on the left pane.
Navigate to the Client secrets tab and click + New client secret.
Enter a description and choose an expiry period. Click Add.
Immediately after creation, the client secret value is displayed under the Value column in the table, copy the value and save it in a secure location. This client secret value will be displayed only once and will not be accessible once you move away from this page.
Once you have registered the application with the appropriate permissions, go to Password Manager Pro's web interface and configure mail server settings.

1.2 Steps to Configure Microsoft Exchange Online in Password Manager Pro

Navigate to Admin >> Settings >> Mail Server Settings.
In the pop-up form that opens, enter the following:
1. Server Name - The actual SMTP server's name. For eg, smtp.office365.com.
2. Port - The default port for TLS is 587 and for SSL is 465. Enter the port that you are using.
3. Sender E-mail Address - This field requires a valid email address, as Password Manager Pro will send onboarding messages, notification alerts, and license expiry reminders to users. Also, ensure that the user account you specify in this field has the ownership permission for the SMTP enterprise application created in the Microsoft Azure portal.
  
  Note: Ensure that the user account you specify in the Sender E-mail Address field has the ownership permission for the SMTP enterprise application created in the Azure portal.
4. Access URL - The URL that is to be displayed on the mail intimation sent to users to access Password Manager Pro. Please ensure that the Access URL is the same as the one you have specified in the Redirect URI mentioned in step 1.1. For example, if the mentioned Redirect URI is "https://win10-prod-qa:7272/pmpredirect/AzureOAuth", then the Access URL to be provided here must be "https://win10-prod-qa:7272".
5. Mail Server - Choose Microsoft Exchange Online from the dropdown.
6. Tenant ID - The directory ID of the Azure application.
7. Client ID - The application ID of the Azure application.
8. Client Secret - The client secret value created for the Azure application. Click Save to save the settings.
You will be redirected to the Microsoft Azure portal for authentication. Log in to the Azure portal using the email address you specified in the Sender E-mail Address field (this is a one-time operation).

Upon completing the above steps, Microsoft Exchange Online will be configured as the mail server in PAM360.

2. Configure Other Mail Servers

Navigate to Admin >> Settings >> Mail Server Settings.
In the pop-up form that opens, enter the following:
1. Server name - The actual SMTP server's name. For eg, smtp.zoho.com.
2. Port - Most SMTP servers work with port 25. However the default port for TLS is 587 and for SSL is 465.
3. Sender E-mail Address - A valid email address from which you want to send emails to users.
4. Access URL - The URL that is to be displayed on the mail intimation sent to users to access Password Manager Pro.
5. Mail Server - Choose Others from the dropdown.
Upon clicking the Requires Authentication checkbox, the pop-up form lists two options:
- Specify a Username and Password Manually
- Use an account used in Password Manager Pro.
If you choose the first option Specify a Username and Password Manually, enter the authentication details and click Save.
If you choose the second option Use an account stored in Password Manager Pro, the resources and accounts that appear in your resources tab will be listed in a drop-down. You can choose the required details and click Save. The chosen account will be used for authentication. Earlier, in case of a password change, the user has to manually update the new password in the mail server settings. But now, the new password will be automatically updated for authentication.
You also have the option to choose the Secure Connection Protocol - None/SSL/TLS.
1. SSL - Secure Sockets Layer (SSL) is a cryptographic protocol that enables secure connection over the internet.
2. TLS - Transport Layer Security (TLS) is a new version of SSL that enables secure connection over the internet.
Once you have provided the authentication details and the secure connection mode, click Save.
Notes:
1. It is recommended to use SSL/TLS options for secure communication over the internet /intranet.
2. If the mail server is using a self-signed certificate, then we need to import it in Password Manager Pro.
  - Copy the server certificate and paste it under <Password Manager Pro Installation Folder>/bin directory.
  - From the <Password Manager Pro Installation Folder>/bin directory, execute the following command:
  - This adds the certificate to the Password Manager Pro certificate store.
3. After providing the authentication details and the secure connection mode, you also have the option to test mail server before clicking save.


Mail Server Settings Password Manager Pro sends email notifications to newly added users to inform them the details about their Password Manager Pro access credentials. Therefore, it is necessary to configure mail server settings prior to adding new users into the product. You can either configure the SMTP mail server used in your environment or use the Microsoft Exchange Online mailbox. Password Manager Pro supports OAuth 2.0 authentication for SMTP-based email communications when using Microsoft Exchange Online. Choosing Microsoft Exchange Online as the mail server will activate OAuth 2.0 authentication for all emails sent from the product. Read further to learn how to configure mail server settings. Configure Microsoft Exchange Online as the Mail Server Configure Other Mail Servers 1. Configure Microsoft Exchange Online as the Mail Server To configure Microsoft Exchange Online as the mail server in Password Manager Pro, you must create an application in the Azure portal and generate the Application ID, Client ID, and Client Secret value. Follow the below steps: 1.1 Steps to Configure an Azure Application for Microsoft Exchange Online Server Log in to the Microsoft Azure portal. Click App registrations from the Microsoft Azure homepage. Click + New registration from the top pane of the App registrations page. In the Register an application page, enter the following attributes: Enter a name of your choice for the application. Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multi-tenant). For the Redirect URI, choose Web from the drop-down list and enter the URI of Password Manager Pro application in the following format: <Password_Manager_Pro-URI>/pmpredirect/AzureOAuth". For example: https://win23-t11f:7272/pmpredirect/AzureOAuth Note: Ensure that the Password Manager Pro -URI provided here is the same as the one users use to access the Password Manager Pro application from other machines. Provide this Password Manager Pro-URI in the Access URL field in step 1.2. Click Register. PMP will be added as an application in the Azure AD portal. You will be taken to the page with the details of the newly registered application. Click API permissions under Manage in the left pane. In the API Permissions page, click + Add a permission. Note: Once an application is created in the Microsoft Azure portal, the User.Read permission will be added to it by default. On the Request API Permissions page, click Microsoft Graph >> Delegated permissions. Search for "smtp" in the Select Permissions search bar to populate relevant permissions. Select the option "SMTP.Send" from the list and click Add permissions. Similarly, search for "offline_access" in the Select permissions search bar and add the offline_access permission. Now, click the Grant admin consent button beside the + Add a permission button. In the pop up that opens, click Yes to grant consent for the requested permissions. Click the Certificates & secrets option on the left pane. Navigate to the Client secrets tab and click + New client secret. Enter a description and choose an expiry period. Click Add. Immediately after creation, the client secret value is displayed under the Value column in the table, copy the value and save it in a secure location. This client secret value will be displayed only once and will not be accessible once you move away from this page. Once you have registered the application with the appropriate permissions, go to Password Manager Pro's web interface and configure mail server settings. 1.2 Steps to Configure Microsoft Exchange Online in Password Manager Pro Navigate to Admin >> Settings >> Mail Server Settings. In the pop-up form that opens, enter the following: Server Name - The actual SMTP server's name. For eg, smtp.office365.com. Port - The default port for TLS is 587 and for SSL is 465. Enter the port that you are using. Sender E-mail Address - This field requires a valid email address, as Password Manager Pro will send onboarding messages, notification alerts, and license expiry reminders to users. Also, ensure that the user account you specify in this field has the ownership permission for the SMTP enterprise application created in the Microsoft Azure portal. Note: Ensure that the user account you specify in the Sender E-mail Address field has the ownership permission for the SMTP enterprise application created in the Azure portal. Access URL - The URL that is to be displayed on the mail intimation sent to users to access Password Manager Pro. Please ensure that the Access URL is the same as the one you have specified in the Redirect URI mentioned in step 1.1. For example, if the mentioned Redirect URI is "https://win10-prod-qa:7272/pmpredirect/AzureOAuth", then the Access URL to be provided here must be "https://win10-prod-qa:7272". Mail Server - Choose Microsoft Exchange Online from the dropdown. Tenant ID - The directory ID of the Azure application. Client ID - The application ID of the Azure application. Client Secret - The client secret value created for the Azure application. Click Save to save the settings. You will be redirected to the Microsoft Azure portal for authentication. Log in to the Azure portal using the email address you specified in the Sender E-mail Address field (this is a one-time operation). Upon completing the above steps, Microsoft Exchange Online will be configured as the mail server in PAM360. 2. Configure Other Mail Servers Navigate to Admin >> Settings >> Mail Server Settings. In the pop-up form that opens, enter the following: Server name - The actual SMTP server's name. For eg, smtp.zoho.com. Port - Most SMTP servers work with port 25. However the default port for TLS is 587 and for SSL is 465. Sender E-mail Address - A valid email address from which you want to send emails to users. Access URL - The URL that is to be displayed on the mail intimation sent to users to access Password Manager Pro. Mail Server - Choose Others from the dropdown. Upon clicking the Requires Authentication checkbox, the pop-up form lists two options: Specify a Username and Password Manually Use an account used in Password Manager Pro. If you choose the first option Specify a Username and Password Manually, enter the authentication details and click Save. If you choose the second option Use an account stored in Password Manager Pro, the resources and accounts that appear in your resources tab will be listed in a drop-down. You can choose the required details and click Save. The chosen account will be used for authentication. Earlier, in case of a password change, the user has to manually update the new password in the mail server settings. But now, the new password will be automatically updated for authentication. You also have the option to choose the Secure Connection Protocol - None/SSL/TLS. SSL - Secure Sockets Layer (SSL) is a cryptographic protocol that enables secure connection over the internet. TLS - Transport Layer Security (TLS) is a new version of SSL that enables secure connection over the internet. Once you have provided the authentication details and the secure connection mode, click Save. Notes: It is recommended to use SSL/TLS options for secure communication over the internet /intranet. If the mail server is using a self-signed certificate, then we need to import it in Password Manager Pro. Copy the server certificate and paste it under <Password Manager Pro Installation Folder>/bin directory. From the <Password Manager Pro Installation Folder>/bin directory, execute the following command: importCert.bat <name of the server certificate> This adds the certificate to the Password Manager Pro certificate store. After providing the authentication details and the secure connection mode, you also have the option to test mail server before clicking save.