Mail Server Settings

Prior to configuring Key Manager Plus in an organization, you must configure some prerequisites that allow Key Manager Plus to send emails directly from within the application without requiring an external email client. Key Manager Plus sends email notifications to newly added users to notify details that include - their login credentials, configured schedules, policy enforcement, and reports. 

You can either configure the SMTP mail server used in your environment, or an external mail server, such as Microsoft Exchange Service or Google, which allow OAuth authentication to be enabled for all emails sent from Key Manager Plus.

Scroll down to learn about configuring different mail server settings in Key Manager Plus.

1. Configuring Microsoft Exchange Service as the mail server
2. Configuring Google as the mail server
3. Configuring other mail servers

1. Configuring Microsoft Exchange Service as the Mail Server

To configure Microsoft Exchange Service as the mail server in Key Manager Plus, you must create an Azure application in the Microsoft Azure portal to generate certain inputs for the OAuth authentication. Follow the below section for further configuration details:

1.1 Creating an Azure Application for Microsoft Exchange Service as the Mail Server

1. Log in to the Microsoft Azure portal with your user credentials.
2. Click App registrations on the Microsoft Azure home page.
   
3. On the page that appears, click + New registration from the top pane.
   
4. On the Register an application page, enter the following attributes:
   1. Enter a name of your choice.
   2. Choose the Supported account type.
   3. In the Redirect URI, choose Web from the drop-down and enter the URL of the KMP application in the format 'https://kmp-server:6565/servlet/OauthServlet'.
      
5. Click Register. Now KMPOauth will be added as an application in the Microsoft Azure portal, and you will be taken to the page with the details of the newly registered application.
   
6. From the left pane, under Manage, click API permissions. In the API Permissions page, click + Add a permission.
   1. In the Request API Permissions page, choose Microsoft Graph.
   2. Click Delegated Permissions and search for 'SMTP.Send' in the Select Permissions search bar to populate relevant permissions. Select the option SMTP.Send and click Add Permissions.
   3. Click Delegated Permissions and search for 'offline_access' in the Select Permissions search bar to populate relevant permissions. Select the option offline_access and click Add Permissions.
   4. Click Delegated Permissions and search for 'User.Read' in the Select Permissions search bar to populate relevant permissions. Select the option User.Read and click Add Permissions.
      
7. Now, click the Grant admin consent for some company button beside + Add a Permission.
8. In the pop-up that opens, click Yes to grant consent for the requested permissions.
9. Click the Certificates & secrets option on the left pane.
10. Navigate to the Client secrets tab and click + New client secret.
    
11. Enter a Description, choose an expiry period, and click Add.
12. Immediately after the creation, the client secret value will be displayed under the Value column in the table. Copy the value and save it in a secure location. This client secret value will be displayed only once and will not be accessible once you navigate to other pages of Microsoft Azure portal.
13. Once you have registered the application with the appropriate permissions, go to Key Manager Plus web interface and configure the mail server settings.

1.2 Configuring Microsoft Exchange Service as the Mail Server in Key Manager Plus

1. Navigate to Settings >> General Settings >> Mail Server.
2. On the page that appears to the right, enter the following:
   1. Select OAuth in the Authentication Type.
   2. The SMTP Server field will be filled in default with 'smtp.office365.com'.
   3. Port - The default port for TLS is 587.
   4. Choose Microsoft Exchange Service from the Mail Server drop-down.
   5. To Address - Enter an email address here to check the mail server setting functionality after the mail server configuration.
   6. From/Sender Address- Enter the sender's email address. Make sure that the address you provided here is the same as the email provided in the Microsoft Azure sign-in credentials.
      
   7. Tenant ID - Enter the directory ID of the Azure application.
   8. Client ID - Enter the application ID of the Azure application.
   9. Client Secret - Enter the client secret value created for the Azure application.
   10. Redirect URL - Copy the URL shown here and add it to the Authentication page of the Microsoft Azure portal as shown below:
       
   11. Click the Test Mail button to check the mail server functionality. If you have configured the mail server settings correctly, then the recipient will receive an email from the Key Manager Plus interface.
   12. Click Save to save the mail server settings.
3. You have now configured Microsoft Exchange Service as your mail server for your organization.

2. Configuring Google as the Mail Server

To configure Google as the mail server in Key Manager Plus, you must create a project in the Google cloud and generate the respective Client ID and Client Secret value. Follow the below sections for further configuration details:

2.1 Creating a Google Application for Google as the Mail Server

1. Log in to the google cloud console with your login credentials.
2. Click on Select a project from the home page and in the pop-up that appears select New Project.
   
3. In the window that opens, enter the Project Name, select the organization under the Location, and click CREATE.
   
4. Expand the Navigation Menu on the top left and navigate to APIs & Services >> Library.
   
5. Select Gmail API from the available list of APIs using the available search option.
6. In the window that opens, click Enable.
   
7. Click the OAuth consent screen from the left menu, choose the User Type, and click CREATE.
   
8. On the page that opens (Edit app registration), enter the application name and fill in all the mandatory fields.
9. Upon entering the valid information, click Save and Continue.
   
10. Click ADD OR REMOVE SCOPES button and search for Gmail API.
11. Select the Gmail API with scope - https://mail.google.com/ and click Update.
    
12. Click Save and continue for the next two occurrences and select BACK TO DASHBOARD.
13. From the left panel, navigate to Credentials >> + Create Credentials >> OAuth Client ID.
    
14. In the page that appears, select the Application type as Web Application and provide a Name.
15. Under Authorized redirect URIs, click the + ADD URIs and enter the Redirect URL of Key Manager Plus in any one of the below format:
    • https://kmp-server.csez.manageenginecorpin.com:6565/servlet/OauthServlet
      
    • https://localhost:6565/servlet/OauthServlet 
16. Upon entering the required fields, click Create.
    
17. A pop-up displaying the Client ID and Client Secret will be displayed. Copy the values and save them in a secure location.
18. Click DOWNLOAD JSON to download the file containing the authorization server details.
19. Click OK.
    

Google is now configured as your organization's authorization server.

2.2 Configuring Google as the Mail Server in Key Manager Plus

1. Navigate to Settings >> General Settings >> Mail Server.
2. On the page that appears to the right, enter the following:
   1. Select OAuth in the Authentication Type.
   2. The SMTP Server field will be filled in default with 'smtp.gmail.com'.
   3. Port - The default port for TLS is 587.
   4. Choose Google from the Mail Server drop-down.
   5. To Address - Enter an email address here to check the mail server setting functionality after the mail server configuration.
   6. From/Sender Address- Enter the sender's google email address.
      
   7. Client ID - Enter the application ID of the Azure application.
   8. Client Secret - Enter the client secret value created for the Azure application.
   9. Redirect URL - The redirect URL must end with a public top-level domain such as .com or .org. Enter the Redirect URL of Key Manager Plus in any one of the below formats as entered while configuring Google as the mail server:
      • https://kmp-server.csez.zohocorpin.com:6565/servlet/OauthServlet
      • https://localhost:6565/servlet/OauthServlet
      The Google application accepts only the redirect URLs that end with a public top-level domain such as .com or .org.
3. You have now configured Google as your mail server for your organization. 

3. Configuring Other Mail Servers

1. Navigate to Settings >> General Settings >> Mail Server.
2. On the page that appears to the right, enter the following:
   1. Select Basic in the Authentication Type.
   2. SMTP Server - Enter the actual SMTP server's name. For e.g., smtp.manageengine.com.
   3. Port - Most SMTP servers work with port 25. However, the default port for TLS is 587, and for SSL is 465.
   4. From/Sender Address - Enter the sender's email address.
   5. To Address- Enter the recipient email address for whom the emails are to be sent from the Key Manager Plus.
      
   6. Upon clicking the Requires Authentication checkbox, the pop-up form enables two options.
   7. Enter the User Name and the Password details and click Save.
   8. You also have the option to choose the Secure Connection Protocol - Never/TLS/SSL.
      
      • SSL - Secure Sockets Layer (SSL) is a cryptographic protocol that enables secure connection over the internet.
      • TLS - Transport Layer Security (TLS) is a new version of SSL that enables secure connection over the internet.
3. Once you have provided the authentication details and the secure connection mode, click Save.

You have now configured your organization SMTP mail server in as the mail server for Key Manager Plus.