SMTP Configuration

SMTP Short for simple mail transfer protocol, SMTP is a protocol for sending email messages between servers. settings to enable Keyfactor Command to deliver reports and alerts via email are generally specified during initial Keyfactor Command installation and configuration, but can be modify through the Management Portal if needed.

To make a change to these settings:

1. In the Management Portal, browse to System Settings Icon > SMTP Configuration.

2. On the SMTP Configuration page, modify the configuration as needed.

   

   Figure 450: SMTP Configuration

3. Enter the FQDN of your SMTP server in the Host field.
4. Enter the SMTP port (default is 25) in the Port field.
5. Check the Use SSL box if this option is supported by your mail server. Your mail server may not be configured to support TLS TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers./SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers..
6. Set the Sender Account name in the form of an email address (e.g. user@keyexample.com). Depending on the email configuration in your environment, the sender account may need to be a valid user on your mail server or you may be able to put anything in this field.
7. Set the Sender Name as desired. This is the name that appears as the from in the user's mail client both with anonymous authentication and explicit credentials.
8. Select the appropriate authentication method for your environment. Some mail servers will accept Anonymous. Others may not. If your mail server requires that you provide a username and password for a specific valid user, select the Explicit Credentials radio button.
9. Click Set Username. In the Username dialog, choose from Load from Keyfactor Secrets or Load From PAM Provider, and follow in respective instructions. Click Save when complete.

   

   Figure 451: SMTP Username

   Select the Load From Keyfactor Secrets radio button if you want Keyfactor Command to encrypt and store the password in the Keyfactor Command database as a secret. Enter and confirm password in the Secret Value field.

   Important:  Keyfactor highly recommends that you use strong passwords for any accounts or certificates related to Keyfactor Command and associated products, especially when these have elevated or administrative access. A strong password has at least 12 characters (more is better) and multiple character classes (lowercase letters, uppercase letters, numeral, and symbols). Ideally, each password would be randomly generated. Avoid password re-use.

   Tip:  A Keyfactor secret is a user-defined password or other information that is encrypted and stored securely in the Keyfactor Command database. Although Keyfactor recommends using Privileged Access Management (see Privileged Access Management (PAM)) as a more secure solution to secure information, Keyfactor Secret has historically been an option for customers that don’t already have a relationship with a PAM provider such as CyberArk or Delinea/Thycotic. More recent versions of Keyfactor Command offer Keyfactor Command local PAM databases, allowing you to store secrets in the Keyfactor Command database using PAM.

   Select the Load from PAM Provider radio button if you want to store the password in a Keyfactor Command local or supported third-party PAM solution (see Privileged Access Management (PAM)). The remaining fields on the dialog will vary depending on the PAM provider. For example:

   Keyfactor Command Local Database

   Select your Keyfactor Command local database provider in the Providers dropdown. The remaining field in the dialog will then be:

   • Secret Reference Name—The name given to the secret defined in Keyfactor Command (see Managing Secrets for a Local Keyfactor Command PAM Provider).

   CyberArk

   Select your CyberArk provider in the Providers dropdown if your PAM provider is CyberArk (see Adding or Modifying a PAM Provider). The remaining fields in the dialog will then be:

   • PrivateArk Folder Name —The path and name of the folder that stores the secret (e.g. Root or Root\MyDir).
   • PrivateArk Protected Password Name —The name of the username or password to use for this instance.

   Delinea/Thycotic

   Select your Delinea/Thycotic provider in the Providers dropdown if your PAM provider is Delinea /Thycotic (see Adding or Modifying a PAM Provider). The remaining field in the dialog will then be:

   • Thycotic Secret ID—The numeric ID of the secret to retrieve from provider server.

   Hashicorp

   Select your Hashicorp Vault provider in the Providers dropdown if your PAM provider is Hashicorp Vault (see Adding or Modifying a PAM Provider). The remaining fields in the dialog will then be:

   • KV Secret Key—The key of the secret to retrieve from the Hashicorp Vault.
   • KV Secret Name—The name of the secret to retrieve from the Hashicorp Vault.
10. Click Set Password. In the Password dialog, choose from Load from Keyfactor Secrets or Load From PAM Provider, and follow in respective instructions. Click Save when complete.

    

    Figure 452: SMTP Password

    Select the Load From Keyfactor Secrets radio button if you want Keyfactor Command to encrypt and store the password in the Keyfactor Command database as a secret. Enter and confirm password in the Secret Value field.

    Important:  Keyfactor highly recommends that you use strong passwords for any accounts or certificates related to Keyfactor Command and associated products, especially when these have elevated or administrative access. A strong password has at least 12 characters (more is better) and multiple character classes (lowercase letters, uppercase letters, numeral, and symbols). Ideally, each password would be randomly generated. Avoid password re-use.

    Tip:  A Keyfactor secret is a user-defined password or other information that is encrypted and stored securely in the Keyfactor Command database. Although Keyfactor recommends using Privileged Access Management (see Privileged Access Management (PAM)) as a more secure solution to secure information, Keyfactor Secret has historically been an option for customers that don’t already have a relationship with a PAM provider such as CyberArk or Delinea/Thycotic. More recent versions of Keyfactor Command offer Keyfactor Command local PAM databases, allowing you to store secrets in the Keyfactor Command database using PAM.

    Select the Load from PAM Provider radio button if you want to store the password in a Keyfactor Command local or supported third-party PAM solution (see Privileged Access Management (PAM)). The remaining fields on the dialog will vary depending on the PAM provider. For example:

    Keyfactor Command Local Database

    Select your Keyfactor Command local database provider in the Providers dropdown. The remaining field in the dialog will then be:

    • Secret Reference Name—The name given to the secret defined in Keyfactor Command (see Managing Secrets for a Local Keyfactor Command PAM Provider).

    CyberArk

    Select your CyberArk provider in the Providers dropdown if your PAM provider is CyberArk (see Adding or Modifying a PAM Provider). The remaining fields in the dialog will then be:

    • PrivateArk Folder Name —The path and name of the folder that stores the secret (e.g. Root or Root\MyDir).
    • PrivateArk Protected Password Name —The name of the username or password to use for this instance.

    Delinea/Thycotic

    Select your Delinea/Thycotic provider in the Providers dropdown if your PAM provider is Delinea /Thycotic (see Adding or Modifying a PAM Provider). The remaining field in the dialog will then be:

    • Thycotic Secret ID—The numeric ID of the secret to retrieve from provider server.

    Hashicorp

    Select your Hashicorp Vault provider in the Providers dropdown if your PAM provider is Hashicorp Vault (see Adding or Modifying a PAM Provider). The remaining fields in the dialog will then be:

    • KV Secret Key—The key of the secret to retrieve from the Hashicorp Vault.
    • KV Secret Name—The name of the secret to retrieve from the Hashicorp Vault.

11. You may test the settings prior to saving them. To test the SMTP settings, click the Test button, enter a valid email address (a mailbox you can access) in the Send a Test SMTP Message dialog and click Save. Verify that the test email is delivered. You will receive an error message if the test failed.

    

    Figure 453: Send an SMTP Test Message

12. Click Save to save any changes you have made.

To cancel any changes you’ve made without saving, click the Undo button.

Tip:  Click the help icon () next to the SMTP Configuration page title to open the Keyfactor Software & Documentation Portal to this section. You will receive a prompt indicating:

You are being redirected to an external website. Would you like to proceed?

You can also find the help icon () at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Software & Documentation Portal at the home page or the Keyfactor API Endpoint Utility.

Keyfactor provides two sets of documentation: the On-Premises Documentation Suite and the Managed Services Documentation Suite. Which documentation set is accessed is determined by the Application Settings: On-Prem Documentation setting (see Application Settings: Console Tab).