32.2 Authenticate to the Server by Using Modern Authentication

Modern authentication helps you to securely manage email approvals. You can configure modern authentication for email notification server in Identity Manager 4.9 and later.

To authenticate the server using modern authentication:

  1. On the Identity Console home page, click Email Server Configuration.

  2. On the Email Server Options page, specify the values for your email notification server.

    • Host Name: Specify the hostname or IP address of your SMTP server along with the port number. Use colon (:) to separate the hostname or IP address and port.

      For example, smtp.example.com:587

    • From: Specify the sender's email address. The email server performs reverse lookups or authentication using this value.

    • Time Out Value: The timeout option allows you to set the time limit (in seconds) to send notification emails.

    • Enable SSL: Select to enable SSL, if required.

  3. For Authentication Required, select Modern Authentication and specify values for the following parameters:

    NOTE:You must register the Identity Console application with Azure AD to get the values for these parameters. For more information on how to register your application, see Azure AD portal for registering applications.

    • User Id: Specifies the account required for server authentication.

    • Tenant Id: Specify the tenant ID of your registered application.

    • Client Id: Specify the client ID assigned to your application.

    • Client Secret: Specify the client secret password.

    • Scope: Specify the scope of the server.

    • Request Url: Specifies the request URI of your email server, to which Identity Manager sends authentication requests containing the client secret, scope, grant type, and auth mechanism in the payload.

      For example, https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token

    • Grant type: Used by Identity Console to obtain an access token to access their own resources, not on behalf of a user. The Grant Type parameter is set to client_credentials by default and cannot be modified.

    • Auth mechanism: Specifies the format used by the application to encode and transmit the access token to the authentication server. The access token authenticates a user's Outlook account. By default, Auth Mechanism is set to XOAUTH2 and cannot be modified.

  4. Click Save.