Mail Server

RecoveryManager Plus provides two modes of mail server configuration:

  1. SMTP
  2. API

SMTP

This method allows you to configure a mail server via Basic or OAuth authentication.

To configure an SMTP mail server,

  1. Navigate to Admin > General settings > Mail Server.
  2. In the Mode field, select SMTP.
  3. Enter your mail server's Server Name or IP and Port Number in the respective fields.
  4. In the From Address field, enter the email address that will be used to send out notifications, alerts, etc. from RecoveryManager Plus.
  5. In the Admin Mail Address field, enter your email address if you wish to receive notifications for the emails sent from RecoveryManager Plus.
  6. Select the connection security type from the available options: SSL, TLS, or None.
  7. Select the authentication type from the options provided:

    Basic authentication

    • Enter the Username and Password to access the mail server.
    • If your mail server does not require authentication, leave the fields empty.

    OAuth authentication

    • Select your mail provider from the available options: Microsoft or Google.
    • If your mail provider is Microsoft, provide the Username, Tenant ID, Client ID, and Client Secret in the respective fields. In RecoveryManager Plus, the Azure Cloud is considered the default Azure environment. You can modify the Azure environment setting by clicking the Choose the appropriate Azure environment link.

      Note: To learn how to find your Azure Tenant ID, Client ID, and Client Secret, click here.

    • If your email provider is Google, enter the Google Workspace Client ID and Client Secret in the respective fields, and click Configure.

      Note: To learn how to find your Google Workspace Client ID and Client Secret, click here.

  8. If you selected Basic authentication in step 7, you can have RecoveryManager Plus send a test email by clicking the Test Mail button.
  9. Click Save Settings to save your mail server configuration.

API

This method allows you to configure a mail server via your mail provider’s API.

  1. Navigate to Admin > General settings > Mail Server.
  2. In the Mode field, select API.
  3. Select your mail provider from the available options: Microsoft or Google.
  4. In the From Address field, enter the email address that will be used to send out notifications, alerts, etc. from RecoveryManager Plus.
  5. In the Admin Mail Address field, enter your email address if you wish to receive notifications for the emails sent from RecoveryManager Plus.
  6. If your mail provider is Microsoft, provide the Tenant ID, Client ID, and Client Secret in the respective fields. In RecoveryManager Plus, the Azure Cloud is considered the default Azure environment. You can modify the Azure environment setting by clicking the Choose the appropriate Azure environment link.
  7. Note: To learn how to find your Azure Tenant ID, Client ID, and Client Secret, click here.

  8. If your mail provider is Google, upload the JSON private key file.
  9. Note: To learn how to get your JSON private key file, click here.

  10. Click Save settings.

Steps to find your Azure Tenant ID, Client ID, and Client Secret for SMTP mail server configuration

  1. Log in to portal.azure.com.
  2. Under Azure services, click App registrations > New registration.
  3. Provide a Name of your choice and select the Supported account types. (Leave it as default.)
  4. In the Redirect URI field, select web and paste the following OAuth link: https://identitymanager.manageengine.com/api/public/v1/oauth/redirect (or) You can also add the localhost redirect API in the following syntax.
    protocol://localhost:port_number/context_if_any/RestAPI/WC/OAuthSetting For example, http://localhost:8090/RestAPI/WC/OAuthSetting. If you have only added localhost as the redirect URI, you must access the product using localhost to configure mail server.
  5. On the next page, you will find the application details. Copy the Client ID and Tenant ID.
  6. From the left pane, click Certificates & secrets > New client secret.
  7. Provide a Description for the client secret, and in the Expires field, choose the validity of the client secret and click Add.
  8. The client secret will be generated. Copy the string displayed under Value.
  9. Click Save setting and complete the authorization prompt.

Steps to find your Google Workspace Client ID and Client Secret for SMTP mail server configuration

  1. Log in to console.developers.google.com.
  2. In the dashboard, click Create to create a new project if there is no existing project, or select any existing project and click New Project.
  3. Enter the Project Name. In the Location field, click Browse and select the parent organization. Click Create.
  4. In the left pane of the displayed project details page, click APIs & Services > Library.
  5. From the available list of APIs, select Gmail API and click Enable. You can use the search option to find the API quickly.
  6. In the left pane, click OAuth consent screen and choose the User Type. If you don't have a Google workspace account, choose External User.
  7. Provide the Application Name, the support email of your help desk, the Application Logo, and the Developer contact information, and click Save & continue.
  8. Click Add or Remove Scopes, choose Gmail API (https://mail.google.com/), and click Update. Then, click Save & Continue.
  9. Add a test user and click Save & continue.
  10. In the left pane, click Credentials > Create Credentials > OAuth Client ID.
  11. Select the application type as Web Application. Provide a name of your choice.
  12. In the Authorized Redirect URIs, paste the following OAuth link: https://identitymanager.manageengine.com/api/public/v1/oauth/redirect (or) You can also add localhost redirect API in the following pattern.
    protocol://localhost:port_number/context_if_any/RestAPI/WC/OAuthSetting
    For example, http://localhost:8090/RestAPI/WC/OAuthSetting. If you have only added localhost as the redirect URI, you must access the product using localhost to configure the mail server.
  13. Click Save.
  14. Click DOWNLOAD JSON to download the file containing the authorization server details. Copy the Client ID and Client Secret displayed on the screen.

Steps to find your Azure Tenant ID, Client ID, and Client Secret for API mail server configuration

  1. Log in to portal.azure.com.
  2. Under Azure services, click App registrations > New registration.
  3. Enter a Name of your choice and choose the Supported account types. (If you’re unsure about the supported account types, select Accounts in the organizational directory only.)
  4. In the left pane, click API Permission > Add a permission.
  5. Click Microsoft Graph > Application permission.
  6. Search Mail and select the permission Mail.Send. Click Add Permission.
  7. Click Grant admin consent.
  8. Copy the Client ID and Tenant ID displayed.
  9. In the left pane, click Certificates & secrets > New client secret.
  10. Provide a Description for the client secret. In the Expires field, choose the validity of the client secret and click Add.
  11. The client secret will be generated. Copy the string displayed under Value.

Steps to download JSON private key for API mail server configuration

  1. Log in to console.developers.google.com.
  2. Open the Service accounts page.
  3. Click Create Project. Enter the project name, organization, and location. Click Create.
  4. Click the + Create service account button from the top row.
  5. Under Service account details, type a name, ID, and description for the service account, then click Create and continue.
  6. If required, you can also select the IAM roles to be granted to the service account using the Grant this service account access to project option.
  7. Click Continue.
  8. If required, you can add the users or groups that are allowed to use and manage the service account.
  9. Click Done.
  10. Click the email address for the service account you created.
  11. Click the Keys tab.
  12. In the Add key drop-down list, select Create new key.
  13. Select the key type as JSON.
  14. Click Create.

Your new public/private key pair will be generated and downloaded to your machine. Please keep the private key safe as this will be the only copy, and you cannot generate the same private key again.

Once you have downloaded the JSON private key, you’ll have to enable the Gmail API service and provide domain-wide authority to the service account.

Enable the Gmail API service

  1. Log in to console.cloud.google.com.
  2. Select the project from the drop-down menu.
  3. Click + Enable APIS and Services.
  4. Select Gmail API and click Enable.

Delegating domain-wide authority to the service account

  1. Log in to the Google Workspace domain's Admin console as a super administrator.
  2. Navigate to Main menu > Security > Access and data control > API Controls.
  3. In the Domain wide delegation pane, select Manage Domain Wide Delegation.
  4. Click Add new.
  5. In the Client ID field, enter the service account's Client ID. You can find your service account's client ID on the Service accounts page.
  6. In the OAuth scopes (comma-delimited) field, enter the list of scopes that your application should be granted access to. For example, if your application needs domain-wide full access to the Google Mail API, enter: https://mail.google.com.
  7. Click Authorize.

Your application now has the authority to make API calls as users in your domain (to "impersonate" users). When you prepare to make authorized API calls, specify the user to impersonate as.

Copyright © 2023, ZOHO Corp. All Rights Reserved.