Email Configuration
IdentityCenter uses email for notifications, alerts, and communication with users and administrators. This guide covers how to configure email settings.
Email Architecture
┌─────────────────────────────────────────────────────────────┐
│ IdentityCenter Email System │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Templates │ │ Queue │ │ Sender │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ SMTP / Email Service │ │
│ └─────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
┌────────────┼────────────┐
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Exchange │ │ Office │ │ SMTP │
│ Server │ │ 365 │ │ Relay │
└──────────┘ └──────────┘ └──────────┘
SMTP Configuration
Navigate to Email Settings
- Log in to IdentityCenter as an administrator
- Navigate to Administration > Settings > Email
- Select SMTP Configuration
Basic SMTP Settings
| Setting | Description | Example |
|---|---|---|
| SMTP Server | Mail server hostname | smtp.company.com |
| Port | SMTP port number | 587 (TLS) or 465 (SSL) |
| Enable SSL/TLS | Use encryption | Yes (recommended) |
| From Address | Sender email address | identitycenter@company.com |
| From Display Name | Sender name | IdentityCenter |
Authentication
| Setting | Description | Example |
|---|---|---|
| Authentication Type | How to authenticate | Basic / OAuth2 / None |
| Username | SMTP username | identitycenter@company.com |
| Password | SMTP password | ******** |
Common SMTP Configurations
Microsoft 365
Server: smtp.office365.com
Port: 587
SSL/TLS: StartTLS
Authentication: OAuth2 or Basic
Username: your-account@company.com
On-Premises Exchange
Server: mail.company.com
Port: 587
SSL/TLS: StartTLS
Authentication: Basic (NTLM)
Username: DOMAIN\serviceaccount
Gmail (G Suite)
Server: smtp.gmail.com
Port: 587
SSL/TLS: StartTLS
Authentication: OAuth2
Username: your-account@company.com
Generic SMTP Relay
Server: smtp-relay.company.com
Port: 25
SSL/TLS: None (internal only)
Authentication: None
Testing Email Configuration
Send Test Email
- Navigate to Administration > Settings > Email
- Click Send Test Email
- Enter a recipient email address
- Click Send
- Check for:
- Email received
- Correct sender information
- No spam folder issues
Test Results
| Result | Meaning |
|---|---|
| Success | Email sent and delivered |
| Connection Failed | Cannot reach SMTP server |
| Authentication Failed | Wrong credentials |
| Relay Denied | Server won't relay for this sender |
| TLS Error | SSL/TLS configuration issue |
Email Settings
General Settings
| Setting | Description | Default |
|---|---|---|
| Enable Emails | Master switch for all emails | Yes |
| Max Retries | Retry failed emails | 3 |
| Retry Interval | Time between retries | 15 minutes |
| Queue Timeout | Max time in queue | 24 hours |
Notification Categories
Enable/disable specific notification types:
| Category | Description | Default |
|---|---|---|
| Access Reviews | Campaign notifications | Enabled |
| Policy Violations | Alert notifications | Enabled |
| Sync Errors | Sync failure alerts | Enabled |
| System Alerts | Health and status | Enabled |
| User Notifications | End-user emails | Enabled |
Rate Limiting
Prevent email flooding:
| Setting | Description | Default |
|---|---|---|
| Max Emails/Hour | Hourly limit | 100 |
| Max Emails/Day | Daily limit | 1000 |
| Batch Size | Emails per batch | 50 |
| Batch Interval | Time between batches | 60 seconds |
Troubleshooting Email
Connection Issues
Cannot connect to SMTP server:
- Verify server hostname is correct
- Check port number (25, 465, 587)
- Verify firewall allows outbound SMTP
- Test with telnet:
telnet smtp.company.com 587
SSL/TLS errors:
- Verify certificate is valid
- Check TLS version compatibility
- Try different port (587 vs 465)
- Enable/disable StartTLS
Authentication Issues
Authentication failed:
- Verify username and password
- Check authentication method
- For OAuth2, verify token refresh
- Check account lockout status
Access denied:
- Verify sender address is allowed
- Check relay permissions
- Verify IP is authorized
- Check mailbox permissions
Delivery Issues
Emails going to spam:
- Set up SPF record for sender domain
- Configure DKIM signing
- Set up DMARC policy
- Use consistent from address
Emails not received:
- Check recipient address
- Verify no mail loops
- Check recipient spam folder
- Review email server logs
Advanced Configuration
Multiple SMTP Servers
Configure failover SMTP servers:
Primary:
Server: smtp-primary.company.com
Port: 587
Secondary:
Server: smtp-secondary.company.com
Port: 587
Failover: Yes
FailoverTimeout: 30 seconds
Email Archiving
Archive sent emails for compliance:
Archive:
Enabled: Yes
Location: Database
RetentionDays: 365
IncludeAttachments: Yes
Custom Headers
Add custom headers to outgoing emails:
CustomHeaders:
X-Application: IdentityCenter
X-Environment: Production
X-Category: {email.category}
Security Considerations
Credential Storage
- SMTP passwords are encrypted at rest
- Consider using service accounts
- Rotate passwords regularly
Email Security
- Use TLS for all connections
- Validate server certificates
- Implement SPF, DKIM, DMARC
Monitoring
- Monitor email queue size
- Track delivery success rate
- Alert on authentication failures
Configuration File Reference
Email settings in appsettings.json:
{
"Email": {
"Smtp": {
"Server": "smtp.company.com",
"Port": 587,
"UseSsl": true,
"Username": "identitycenter@company.com",
"Password": ""
},
"From": {
"Address": "identitycenter@company.com",
"DisplayName": "IdentityCenter"
},
"Settings": {
"MaxRetries": 3,
"RetryIntervalMinutes": 15,
"MaxEmailsPerHour": 100,
"EnableArchiving": true
}
}
}