By default, EmpowerID is configured to use SMTP as the provider for email delivery. However, SMTP is not the only provider option. You can elect to use SendGrid (requires a SendGrid account with an API key), Exchange Web Services (on-premise or Office 365) or both SMTP and Exchange Web Services (EWS). If you choose to use more than one provider, you order the precedence by setting the priority for each. The provider with the lowest priority has the higher precedence. By default, SMTP has precedence. You can change this at any time.
You can configure EmpowerID to process emails differently, depending on your scenario. These scenarios include the following:
...
Simple SMTP relay – In this scenario, you specify the SMTP server that EmpowerID uses to send automated emails on behalf of the system and the default from address for all EmpowerID notifications. Examples of these types of emails include welcoming emails sent to new employees, emails sent to users when their passwords are reset by the help desk, and pending password expiration notifications, etc.
...
...
...
...
...
...
...
...
title | SMTP Relay |
---|
To configure EmpowerID for simple SMTP relay, do the following:
...
In the SMTP Mail Delivery Settings pane, enter the following information:
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Note
When configuring EmpowerID for authenticated SMTP, the mailbox selected for reading and processing emails takes precedence over the setting entered in the SMTP From Address setting.
If you are using a mail delivery system other than Exchange that supports SMTP, then you need to create a tracking-only account store and add an account with the appropriate credentials, as well as a user principal name, for that system to that account store. You then vault the password for that user account.
...
title | Office 365 / Exchange EWS |
---|
...
...
On the Email Settings page, edit the following settings:
...
Office 365 / Exchange Mailbox for Send and Receive — This specifies the user account EmpowerID uses to authenticate to the EWS server as well as to send automated emails on behalf of the system. This account needs to have its password vaulted in EmpowerID.
...
...
...
...
...
...
...
Click Save.
...
...
...
...
On the Email settings page, select Enable Approve by Email Reply.
...
...
Click Save.
...
title | How To Vault Account Passwords |
---|
...
On the navbar, expand Privileged Access and select Shared Credentials.
Select the All Shared Credentials tab and then click the Add button.
...
...
Enter a name for the shared credential in the Name and Display Name fields.
...
Click the Shared Credential Policy drop-down and select the appropriate one to link to the credentials. Here are the default options for non-computer credentials:
Non-Computer Creds - Multi-Check-Out - No Password Reset — Select this policy to create credentials for an account where more than one check out is allowed and you do not want EmpowerID to reset the password when a user checks in the credentials.
Non-Computer Creds - No Approval, No Multi Check-Out with Password Reset — Select this policy to create credentials for an account where more than one check out is not allowed, no approval is required, and you want EmpowerID to reset the password when a user checks in the credentials.
Non-Computer Creds - No Multi-Check-Out with Password Reset — Select this policy to create credentials for an account where more than one check out is not allowed and you want EmpowerID to reset the password when a user checks in the credentials. Please note that this policy type is only valid for use with user accounts with passwords that have been vaulted in EmpowerID. The user account must belong to a domain or account store that has been inventoried by EmpowerID.
Service Account with Scheduled Password Reset — Select this policy for credentials for a Windows Service account or IIS App pool identity.
When you select this policy, EmpowerID resets the password against all Windows servers in your environment that have Windows Services or App Pools. Please note that this policy type is only valid for use with service accounts with passwords that have been vaulted in EmpowerID. The service account must belong to a domain or account store that has been inventoried by EmpowerID.
...
Underneath Location, click Select a Location, then select a location for the credential and click Save.
...
...
Enter a description in the Description field.
...
In the User Name field, enter the user name for the account you are vaulting.
...
In the Password field, enter the password for the account you are vaulting.
...
Optionally, enter any notes in the Notes field.
...
Select Enabled.
...
Click Save.
...
If you have not yet entered your master password for this session, EmpowerID prompts you to do so. Enter your master password and click OK.
...
...
If you have not yet created a master password for yourself, EmpowerID prompts you to do so. Enter a password in the Password and Confirm Password fields and click OK.
...
...