By default, EmpowerID is configured to use SMTP as the provider for email delivery. However, SMTP is not the only provider option. You can elect to use Exchange Web Services (on-premise or Office 365) or both SMTP and Exchange Web Services (EWS). If you choose to use both providers, you order the precedence by setting thepriorityfor each. The provider with the lowest priority has the higher precedence. By default, SMTP has precedence over EWS. You can change this at any time in the EmpowerID Web interface.
You can configure EmpowerID to process emails differently, depending on your scenario. These scenarios include the following:
Simple SMTP relay — In this scenario, you specify the SMTP server that EmpowerID uses to send automated emails on behalf of the system and the defaultfrom addressfor all EmpowerID notifications. Examples of these types of emails include welcoming emails sent to new employees, emails sent to users when their passwords are reset by the help desk, and pending password expiration notifications, etc.
Authenticated SMTP Delivery — In this scenario, you specify an account that EmpowerID should use to connect to the SMTP server. This account must have password that is vaulted in EmpowerID and becomes the defaultFrom addressused for any automated emails sent on behalf of the system. When configuring for authenticated SMTP delivery, you have the option to specify whether to use SSL, TLS and the port used for TLS.
Exchange Web Services (EWS) — In this scenario, you specify the account that EmpowerID should use to connect to EWS, as well as the URL to the EWS server. As with configuring EmpowerID for authenticated SMTP delivery, you need to vault the password for the user account.
Email approvals — In this scenario, you set EmpowerID up to give resource owners and other delegated approvers the ability to respond to Access Requests from their email clients, apart from interacting directly with the request in the EmpowerID Web interface. This allows users to respond to requests when away from their desks. To do so, they simply reply to the email with "Approved" or "Rejected." EmpowerID reads the response and submits the decision.
Rw ui expands macro
Rw expand
title
Configure EmpowerID for Simple SMTP Relay
To configure EmpowerID for simple SMTP relay, do the following:
On the navbar, expand Infrastructure Admin > EmpowerID Servers and Settings navigate to the Email Settings page by expanding Infrastructure Admin >EmpowerID Servers and Settings and then click Email Settings.
Select SMTP from the Email Delivery Mode drop-down.
In the SMTP Mail Delivery Settings pane, enter the following information:
SMTP From Address — This specifies the defaultFrom addressthe system should use when sending automated emails to your user.
SMTP Server DNS— This specifies the DNS or IP address of the SMTP server in your environment.
Save your changes.
Rw expand
title
Configure EmpowerID for Authenticated SMTP Delivery
To configure EmpowerID for authenticated SMTP delivery, do the following:
On the navbar, expand Infrastructure Admin > EmpowerID Servers and Settings navigate to the Email Settings page by expanding Infrastructure Admin >EmpowerID Servers and Settings and then click Email Settings.
Select SMTP from the Email Delivery Mode drop-down.
In the SMTP Mail Delivery Settings pane, enter the following information:
Account with Vaulted Password for Authenticated SMTP — Select the user account to be used by EmpowerID to authenticate to the SMTP server and to send automated responses on behalf of the system. This account must have a password that is vaulted in EmpowerID. If the account does not have a password that is vaulted, please see How to Vault Account Passwords below and then return to complete the setup.
SMTP From Address — This specifies the defaultFrom addressthe system should use when sending automated emails to your user.
SMTP Server DNS— This specifies the DNS or IP address of the SMTP server in your environment.
Save your changes.
Info
When configuring EmpowerID for authenticated SMTP, the mailbox selected for reading and processing emails takes precedence over the setting entered in the SMTP From Address setting.
Info
If you are using a mail delivery system other than Exchange that supports SMTP, then you need to create a tracking-only account store and add an account with the appropriate credentials, as well as a user principal name, for that system to that account store. You then vault the password for that user account. For information on creating tracking-only account stores, see Creating Tracking-Only Account Stores.
Expand
title
How to Vault Account Passwords
From the navigation sidebar, expand Identity Administration and click User Accounts.
Search for the user account and then click theLogon Namelink for it.
From the View One page for the account, expand theActionsaccordion and then click theEdit Vaulted Account Passwordbutton.
Image Modified
On the Service Account Credentials page that appears, do the following:
ClickEncryption Certificateand select a certificate for encrypting the password.
Enter the password in thePasswordandConfirm Passwordfields
ClickSubmit.
Image Modified
ClickOKto close the Operation Execution Summary.
Return to the EmpowerID System Settings page and edit any of the other SMTP settings as needed.
Rw expand
title
Configure EmpowerID for Office 365 / Exchange EWS
On the navbar, expand Infrastructure Admin, then EmpowerID Servers and Settings, and click Email Settings.
Select Exchange EWS from the Email Delivery Mode drop-down.
On the Email Settings page, edit the following settings:
— This specifies the user account EmpowerID uses to authenticate to the EWS server as well as to send automated emails on behalf of the system. This account needs to have its password vaulted in EmpowerID.
— This specifies the URL to the EWS server. If you are using Office 365, the value of the URL should behttps://outlook.office365.com/EWS/Exchange.asmx.
Rw expand
title
Configure Email Approvals
Warning
For EmpowerID to process email approvals, the task or operation being approved or rejected must have theEnableBulkApprovalset totrue. This is set in Workflow Studio.
Info
If you are using SMTP, follow the procedure outlined in theConfiguring EmpowerID for authenticated SMTP Deliverysection, including vaulting a user account; otherwise, following the procedure outlined in theConfiguring EmpowerID for EWSsection. After completing those steps, do the below steps.
On the navbar, expand Infrastructure Admin, then EmpowerID Servers and Settings, and click Email Settings.
On the Email settings page, select Enable Approve by Email Reply.
