Mail Server Settings
Password Manager Pro sends email notifications to newly added users to inform them the details about their Password Manager Pro access credentials. Therefore, it is necessary to configure mail server settings prior to adding new users into the product. You can either configure the SMTP mail server used in your environment or use the Microsoft Exchange Online mailbox. Password Manager Pro supports OAuth 2.0 authentication for SMTP-based email communications when using Microsoft Exchange Online. Choosing Microsoft Exchange Online as the mail server will activate OAuth 2.0 authentication for all emails sent from the product. Read further to learn how to configure mail server settings.
1. Configure Microsoft Exchange Online as the Mail Server
To configure Microsoft Exchange Online as the mail server in Password Manager Pro, you must create an application in the Azure portal and generate the Application ID, Client ID, and Client Secret value. Follow the below steps:
1.1 Steps to Configure an Azure Application for Microsoft Exchange Online Server
- Log in to the Microsoft Azure portal.
- Click App registrations from the Microsoft Azure homepage.
- Click + New registration from the top pane of the App registrations page.
- In the Register an application page, enter the following attributes:
- Enter a name of your choice.
- Choose Supported account types - Accounts in any organizational directory (Any Azure AD directory - Multi-tenant)
- For the Redirect URI, choose Web from the dropdown and enter the URI of PMP application in the following format: "https://Hostname:port/pmpredirect/AzureOAuth". Please ensure that the PMP application URI provided here is the same as the one users can use to access the PMP application from other machines. Provide the same link in the Access URL section in step 1.2.
- Click Register. PMP will be added as an application in the Azure AD portal.
- You will be taken to the page with the details of the newly registered application.
- Click API permissions under Manage in the left pane. In the API Permissions page, click + Add a permission.
- In the Request API Permissions page, choose Microsoft Graph.
- Click Delegated Permissions and search for "SMTP.Send" in the Select Permissions search bar to populate relevant permissions. Select the option SMTP.Send and click Add Permissions.
- Click Delegated Permissions and search for "offline_access" in the Select Permissions search bar to populate relevant permissions. Select the option offline_access and click Add Permissions.
- Now, click the Grant admin consent button beside the + Add a permission button.
- In the pop up that opens, click Yes to grant consent for the requested permissions.
- Click the Certificates & secrets option on the left pane.
- Navigate to the Client secrets tab and click + New client secret.
- Enter a description and choose an expiry period. Click Add.
- Immediately after creation, the client secret value is displayed under the Value column in the table, copy the value and save it in a secure location. This client secret value will be displayed only once and will not be accessible once you move away from this page.
- Once you have registered the application with the appropriate permissions, go to Password Manager Pro's web interface and configure mail server settings.
1.2 Steps to Configure Microsoft Exchange Online in Password Manager Pro
- Navigate to Admin >> Settings >> Mail Server Settings.
- In the pop-up form that opens, enter the following:
- Server name - The actual SMTP server's name. For eg, smtp.office365.com.
- Port - The default port for TLS is 587 and for SSL is 465. Enter the port that you are using.
- Sender E-mail Address - This field requires a valid email address, as Password Manager Pro will send onboarding messages, notification alerts, and license expiry reminders to users. Also, ensure that the user account you specify in this field has the ownership permission for the SMTP enterprise application created in the Microsoft Azure portal.
- Access URL - The URL that is to be displayed on the mail intimation sent to users to access Password Manager Pro. Please ensure that the Access URL is the same as the Redirect URI mentioned in step 1.1. For example, if the mentioned Redirect URI is "https://win10-prod-qa:7272/pmpredirect/AzureOAuth", then the Access URL given here must be "https://win10-prod-qa:7272".
- Mail Server - Choose Microsoft Exchange Online from the dropdown.
- Tenant ID - The directory ID of the Azure application.
- Client ID - The application ID of the Azure application.
- Client Secret - The client secret value created for the Azure application. Click Save to save the settings.
- You will be redirected to the Microsoft Azure portal for authentication. Log in using the email address you specified in the Sender E-mail Address field in Password Manager Pro. This is a one-time operation.
Now, you have successfully configured Microsoft Exchange Online as the mail server.
2. Configure Other Mail Servers
- Navigate to Admin >> Settings >> Mail Server Settings.
- In the pop-up form that opens, enter the following:
- Server name - The actual SMTP server's name. For eg, smtp.zoho.com.
- Port - Most SMTP servers work with port 25. However the default port for TLS is 587 and for SSL is 465.
- Sender E-mail Address - A valid email address from which you want to send emails to users.
- Access URL - The URL that is to be displayed on the mail intimation sent to users to access Password Manager Pro.
- Mail Server - Choose Others from the dropdown.
- Upon clicking the Requires Authentication checkbox, the pop-up form lists two options:
- Specify a Username and Password Manually
- Use an account used in Password Manager Pro.
- If you choose the first option Specify a Username and Password Manually, enter the authentication details and click Save.
- If you choose the second option Use an account stored in Password Manager Pro, the resources and accounts that appear in your resources tab will be listed in a drop-down. You can choose the required details and click Save. The chosen Account will be used for authentication. Earlier, in case of a password change, the user has to manually update the new password in the mail server settings. But now, the new password will be automatically updated for authentication.
- You also have the option to choose the Secure Connection Protocol - None/SSL/TLS.
- SSL - Secure Sockets Layer (SSL) is a cryptographic protocol that enables secure connection over the internet.
- TLS - Transport Layer Security (TLS) is a new version of SSL that enables secure connection over the internet.
Notes:
- It is recommended to use SSL/TLS options for secure communication over the internet /intranet.
- If the mail server is using a self-signed certificate, then we need to import it in Password Manager Pro.
- Copy the server certificate and paste it under <Password Manager Pro Installation Folder>/bin directory.
- From the <Password Manager Pro Installation Folder>/bin directory, execute the following command:
importCert.bat <name of the server certificate>
- This adds the certificate to the Password Manager Pro certificate store.
- After providing the authentication details and the secure connection mode, you also have the option to test mail server before clicking save.