Configure the SMTP(s) Mail Service

Before you invite users to authenticate with Approve authentication, if you plan to use e-mail to deliver on-demand tokencodes or if you plan to notify administrators by e-mail when you run a report, you must configure all AM instances to send Simple Mail Transfer Protocol (SMTP) messages.

Authentication Manager from 8.8 has capability to send e-mails over secure e-mail delivery channel along with un-secure e-mail delivery channel.

For secure communication between Authentication Manager and configured E-mail (SMTP) server, any one of the TLS mode can be opted.

TLS Mode - For a TLS handshake to happen, a connection needs to be established first between a client and a server. By default, a SMTP connection is not secure in nature and will be vulnerable towards attacks.

There are two options:

1. Strict TLS (Implicit TLS): The client will try to establish a secure connection without asking the server about its compatibility. If it succeeds, a secure connection will be set up and a handshake will follow. If a server is not compatible or a connection times out, a transmission will be abandoned.

2. Start TLS (Explicit TLS): The client will run a STARTTLS command to upgrade a connection to an encrypted one. If a server is compatible and no errors occur, the secured TLS connection will be established. If anything fails in the negotiation process, a plain-text transmission will be established.

SMTP/SMTPS settings might not be immediately visible through the replica instance. Data should replicate within 10 to 20 minutes.

Before you begin 

You must be a Super Admin for RSA Authentication Manager.

Procedure 

1. In the Security Console, click Setup > System Settings.

2. Click E-Mail (SMTP).

3. Select an instance.

4. Click the Next tab.

5. In the Hostname field, enter the hostname of the mail server to which this instance will send messages.

6. In the Port field, enter the destination port number for the mail server.

7. In the From E-mail Address field, enter the e-mail address that you want to display in all outgoing e-mail from this instance. Use an e-mail address to which users can respond.

8. (Optional) If your mail server connection requires a User ID and password, select Logon Required.

9. If logon is required, do the following:

   1. Enter the administrator's User ID in the User ID field. This User ID must already be defined in the SMTP mail server.

   2. Enter the password defined for the User ID in the Password field.

   3. Re-enter the password in the Confirmed Password field.

10. If secure connection is required between Authentication Manager and your E-mail server, you must follow the steps from 11 to 13. Otherwise, skip.

11. Select Enable SMTPS, ensure that the HostName field's value must match either Common Name or Subject Alternative Name of the SMTP Server certificate.

12. Import the Certificate , this enables Authentication Manager to validate the E-mail (SMTP) server to which the E-mail(s) are sent. Authentication Manager accepts all connections signed by this certificate. For instructions, see Import the SMTP(s) Certificate.

13. In the TLS Mode field, select the required mode for TLS encryption.

    1. Strict TLS - Authentication Manager will leverage the TLS communication as soon as connection is established. E-mail (SMTP) server need to have the necessary SSL/TLS settings configured.

    2. Start TLS - Authentication Manager will leverage the On-demand TLS communication. E-mail (SMTP) server needs to configure STARTTLS network extension.

14. In the Test E-mail Address field, enter the e-mail address to use for testing this instance.

15. Click Test Connection to test the mail service.

16. If you configured the primary instance, you can choose to apply the same settings to the replica instance.

17. After you receive the test e-mail, click Save.