10.17 Mail Sender

In the Mail sender policy, you can configure settings for the Email OTP method to facilitate sending email messages with one-time passwords to users.

To configure the Mail sender settings, perform the following steps:

  1. Specify the following details:

    1. Host: The outgoing mail server name. For example, smtp.company.com.

    2. Port: The port number. For example, 465.

    3. Authentication Required: By default, this option is set to OFF, keep the option in this state if your SMTP server does not require authorization.

      Set this option to ON, to specify the password required for the SMTP server authorization.

    4. Username: The username of an account that is used to send the authentication email messages. For example, noreply or noreply@company.com.

    5. Password: The password for the specified account. Is required when Authentication Required is set to ON.

    6. Sender email: The email address of the sender.

    7. Recipient Mask: Specify the masked value that you want to display for the email.

      The email address of the users value is masked when users authenticate with the email method.

      NOTE:For Advanced Authentication 6.3 Service Pack 3 and newer versions, Recipient Mask field is not available. In Advanced Authentication 6.3 Service Pack 3 and newer versions, the email address of the users is masked by default.

      NOTE:The default value is set and if you do not change the Recipient Mask value, the default value is considered for masking of the email address.

    8. TLS and SSL: The cryptographic protocol used by the mail server.

  2. You can test the configurations for the Mail sender policy in the Test section.

    1. Specify the email address in E-mail to which you want to send the Email OTP.

    2. Specify a message to be sent to the phone in Message.

    3. Click Send test message!.

  3. Click Save.

    Real messaging uses async sender. Ensure that you have configured a chain with the Email OTP method and assigned it to an event. Login to the Self-Service portal and test the Email authenticator. If it does not work, click async log.

Authentication Flow

The authentication flow for the Mail sender is described in the following image.

A user wants to authenticate on an endpoint such as a laptop or a website with the Email OTP method. The following steps describe the authentication flow:

  1. When the authentication request is initiated, the endpoint contacts the Advanced Authentication server.

  2. The Advanced Authentication server validates the user’s credentials and gets an email address of the user from a repository.

  3. Advanced Authentication server sends the request to a configured mail server to send an email message with the content that includes a one-time password (OTP) for authentication.

  4. Mail server sends the message to the user's email address.

  5. Mail server sends the sent signal to the Advanced Authentication server.

  6. Advanced Authentication server sends a request to the user to specify an OTP on the endpoint.

  7. The user specifies the OTP from the email message. The Advanced Authentication server gets the OTP.

  8. Advanced Authentication server validates the authentication. The authentication is done or denied.

HTTPS protocol is used for the internal communication.

Access configuration

Advanced Authentication server - Mail Server (SMTP, outbound).