NOTE: You can only configure vendor notification in the Launchpad on a One Identity Manager database with the Production system staging level.
To check whether vendor notification is enabled
Start the Launchpad and log in to the One Identity Manager database.
In the Installation overview > Installation Check list section, in the Configure vendor notification entry, you can see whether the function is enabled.
NOTE: You can only configure vendor notification in the Launchpad on a One Identity Manager database with the Production system staging level.
To disable a vendor notification
Start the Launchpad and log in to the One Identity Manager database.
In the Installation overview > Installation Checklist section, select the Configure email delivery entry and click Run.
This starts the Designer and opens the Configuration Parameter Editor.
Disable the Common | MailNotification | VendorNotification configuration parameter.
Select the Database > Save to database and click Save.
One Identity Manager sends email notifications about various actions taken within the system. Thus, various notifications are sent to requester and approver within the request process. In the same way, notifications about attestation cases are sent or reports delivered by email. Notifications are sent when an actions is successfully or unsuccessfully run during process handling. You can implement custom notifications in addition to predefined notification processes.
To change the configuration settings for email notifications, use the email configuration wizard or edit the configuration parameters in the Designer.
NOTE: Some configuration settings are only available if the One Identity Manager modules are installed.
To set up the email notification system
In the Launchpad, in the Installation overview > Installation Checklist section, select the Configure email delivery entry and click Run.
On the home page of the Mail Configuration Wizard, click Next.
On the Create connection to the SMTP server page, configure the SMTP server connection to use for sending emails.
SMTP server: SMTP server for sending email notifications. If a server is not given, localhost is used.
User name: User account name for authentication on an SMTP server.
Domain: User account domain for authentication on the SMTP server.
Password and Password repeat: User account password for authentication on the SMTP server.
To test the user account data, click Test connection.
Microsoft 365 client ID: Application client ID used to send the emails. You can find your application ID in the Microsoft Entra ID Admin Center under Applications > App registrations < <your application> > Overview > Application (client) ID.
Port: Port of the SMTP service on the SMTP server. Default: 25
Transport encryption: Encryption method for sending email notifications. If none of the following options are given, the port is used to define the behavior (port 25: no encryption, port 465: with SSL/TLS encryption).
Permitted values are:
Auto: Identifies the encryption method automatically.
SSL: Encrypts the entire session with SSL/TLS.
STARTTLS: Uses the STARTTLS mail server extension. Switches TLS encryption after the greeting and loading the server capabilities. The connection fails if the server does not support the STARTTLS extension.
STARTTLSWhenAvailable: Uses the STARTTLS mail server extension if available. Switches on TLS encryption after the greeting and loading the server capabilities, however, only if it supports the STARTTLS extension.
None: No security for the transport layer. All data is sent as plain text.
Accept self-signed certificates: Specifies whether self-signed certificates for TLS connections are accepted.
Allow server name mismatch in certificates: Specifies whether server names that do not match are permitted by certificates for TLS connections.
On the Define SMTP Job servers page, select at least one Job server to take on the SMTP server functionality.
On the Email settings page, you can define the default email address of a sender and a recipient as well as the layout of the email.
Recipient address: Default email address of the recipient of the notifications.
Sender address: Sender's default email address for sending automatically generated notifications.
Syntax:
sender@company.com
Example:
noreply@company.com
You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).
Example:
One Identity <noreply@company.com>
Language code: Default language used to send email notifications if a language cannot be determined for a recipient.
Language: Default language for sending email notifications.
Font: Default font for email notifications.
Font size: Default font size for email notifications.
Signature: Signature under the salutation.
Company: Company name.
Link: Link to the company's website.
Link display: Display text for the link to the company's website.
On the Data security page, you can configure the data security settings.
Certificate thumbprint: SHA1 thumbprint of the certificate to use for the signature. This can be in the computer's or the user's certificate store.
NOTE: Ensure that the private key in the certificate is marked as exportable.
If you want to use a digital signature, enable Certificate thumbprint and specify the thumbprint.
Encryption: Specifies whether emails are encrypted. If you enable this function, additional settings are shown.
Domain controller: Domain controller of the requested domain to use.
Domain: Distinguished name of the domain to request.
User account:User account for querying Active Directory.
Password and Confirm password: Password of the user account.
Port: Communication port for secure access. Default: 389
Use Secure Sockets Layer Protokoll (SSL): Specifies whether to use an SSL/TLS encrypted connection.
Certificate encryption script: Script that supplies a list of encryption certificates. Default: QBM_GetCertificates
Authentication type: Authentication type for logging in to LDAP. Default: Basic
Permitted values are:
Basic: Uses default authentication.
Negotiate: Uses Negotiate authentication from Microsoft.
Kerberos: Uses Kerberos authentication.
NTLM: Uses Windows NT Challenge/Response (NTLM) authentication.
On the Email notifications about requests page, make any changes to the general settings for email notifications about requests. In addition, define whether the Approval by mail feature can be used for requests. If you enable this feature, the settings you need are shown.
Sender address: Sender's default email address for sending automatically generated notifications.
Syntax:
sender@company.com
Example:
noreply@company.com
You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).
Example:
One Identity <noreply@company.com>
Daily notifications about pending approvals: Specifies whether approvers only receive emails once a day if there are requests awaiting their approval decisions.
If this option is not set, approvers immediately receive an email once a request is available for approval. Set this option to reduce the number of email notifications. This will mean that you cannot use the Approval by mail feature.
TIP: To use a template other than the default one for this, change the value in the QER | ITShop | MailTemplateIdents | RequestApproverByCollection configuration parameter in the Designer.
IT Shop approval by mail: Specifies whether the Approval by mail feature can also be used for approving requests. If you enable the feature, adjust the required settings. Then you cannot use the Daily notifications about pending approvals feature.
User name: Name of the user account for authenticating the mailbox used for approval by mail.
Domain: Domain of the user account for authenticating the mailbox used for approval by mail.
Password and Password repeat: Password of the user account for authenticating the mailbox used for approval by mail.
Web service URL:
Mailbox: Microsoft Exchange mailbox to which approvals by mail are sent.
Delete behavior: Specifies the way emails are deleted from the inbox.
Application ID: Exchange Online application ID for authentication with OAuth 2.0. If the value is not set, the Basic or the NTML authentication method is used.
On the Email notifications about attestation page, make any changes to the general settings for email notifications about attestations. In addition, define whether the Approval by mail feature can be used for attestations. If you enable this feature, the settings you need are shown.
Sender address: Sender's default email address for sending automatically generated notifications.
Syntax:
sender@company.com
Example:
noreply@company.com
You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).
Example:
One Identity <noreply@company.com>
Daily notifications about pending approvals: Specifies whether attestors only receive emails once a day if there are attestation cases awaiting their approval decisions.
If this option is not set, attestors immediately receive an email once an attestation case is available for approval. Set this option to reduce the number of email notifications. Then you cannot use the Approval by mail feature.
TIP: To use a template other than the default one for this, change the value in the QER | Attestation | MailTemplateIdents | RequestApproverByCollection configuration parameter in the Designer.
Attestation by mail: Specifies whether the Approval by mail feature can be used. If you enable the feature, adjust the required settings. Then you cannot use the Daily notifications about pending approvals feature.
User name: Name of the user account for authenticating the mailbox used for approval by mail.
Domain: Domain of the user account for authenticating the mailbox used for approval by mail.
Password and Password repeat: Password of the user account for authenticating the mailbox used for approval by mail.
Web service URL:
Mailbox: Microsoft Exchange mailbox to which approvals by mail are sent.
Delete behavior: Specifies the way emails are deleted from the inbox.
Application ID: Exchange Online application ID for authentication with OAuth 2.0. If the value is not set, the Basic or the NTML authentication method is used.
On the Report subscriptions page, you can change the default settings for report subscriptions.
Sender address: Sender's default email address for sending automatically generated notifications about report subscriptions. Replace the default address with a valid email address.
Syntax:
sender@company.com
Example:
noreply@company.com
You can enter the sender's display name in addition to the email address. In this case, ensure that the email address is enclosed in chevrons (<>).
Example:
One Identity <noreply@company.com>
Default report template: Default report that is used as a template for creating simple list reports.
Report storage share: Path to the repository for subscribed reports.
Syntax: \\<server>\<share>
Storage life time (days) Maximum retention period in days that a report is available in the storage share. After this period, reports are deleted.
On the Email notifications about actions in the target system page, you can enter an email address for notifying about actions in the target system. This might be error or success messages about changes in the target system.
<Target system type>: Specifies whether email notifications are sent with error or success messages about changes in target systems of this type. If you enable the feature, enter the email address to send notifications to.
On the last page of the Mail Configuration Wizard, click Finish.
There may be other configuration settings required for different notification processes. You can edit these in the configuration parameters in the Designer if required.
To send email notifications via Microsoft 365, perform the following steps.
Register an application in the Microsoft Entra ID Admin Center (https://admin.microsoft.com/). For more information about registering an application, see https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app.
Modify the configuration settings for email notifications in the One Identity Manager. These settings are used in the default processes for sending emails.
NOTE: When you add an application to Microsoft Entra ID, it creates an application ID. You need the application ID for configuring sending mail notifications.
To register an application in Microsoft Entra ID
Log in to the Microsoft Entra ID Admin Center (https://admin.microsoft.com/).
Register a new application under Applications > App registrations.
Under Name, enter a name for your application.
Under Redirect URI (optional), select Public client/native (mobile & desktop).
Click Register.
Under Manage > Authentication, in the Advanced settings section under Allow public client flows, set the Enable the following mobile and desktop flows to Yes. Click Save.
Under Manage > API permissions in the Configured permissions section, configure the following settings.
Remove the User.Read Microsoft Graph permission.
Click Add a permission and under Request API permissions > Microsoft APIs, select the Microsoft Graph tile.
Select Delegated permissions and select the SMTP.Send permission.
Click Add permissions.
To grant administration consent for these permissions, click Grant Admin consent and confirm the prompt with Yes.
To change the configuration settings, use the email configuration wizard or edit the configuration parameters in the Designer.
|
Setting |
Value |
Configuration parameter |
|---|---|---|
|
SMTP server |
smtp.office365.com |
Common | MailNotification | SMTPRelay |
|
Port |
587 |
Common | MailNotification | SMTPPort |
|
Microsoft 365 client ID |
Application client ID used to send the emails. You can find your application ID in the Microsoft Entra ID Admin Center under Applications > App registrations < <your application> > Overview > Application (client) ID. |
Common | MailNotification | O365ClientId |
|
User name |
Microsoft 365 user email address. |
Common | MailNotification | SMTPAccount |
|
Password |
User password. |
Common | MailNotification | SMTPPassword |
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center
SMTP connection properties