Identity Panel sends messages from the Identity Panel Workflows and the Scheduler when a workflow or schedule is defined to send an email message. MIM Test and the mail tester also send messages, but they do so by dispatching a special case schedule. To send messages, the Panel Service must be able to relay mail through a SMTP relay server. This can be an internal server or server hosted within your network. It can be an internal relay limited to internal mailboxes, or an external relay, allowing messages to go to external addresses like firstname.lastname@example.org.
SMTP Authentication (AuthN) and Authorization (AuthZ)
Since an SMTP relays are secured if configured properly, to prevent unauthorized use, Identity Panel will need to be permitted to send messages through the relay. Typically, you will need to white-list the IP address of each Windows Server running the Identity Panel Windows Service (Panel Service), you will need to give Identity Panel an account on the relay, or both.
If the relay is using white-listing only, you do not need to add a User credential with password under Credentials.
With Exchange Server, if the relay authenticates and grants permission to the Panel Service account, you will not need to specify credentials in Identity Panel. They credentials of the Panel Service account will be implied.
If you use explicit credentials, which means entering and storing an account and password authorized to send to the SMTP host or relay, you will need a license key from SoftwareIDM for storing credentials. This is a free add-on key, but often not turned on by SoftwareIDM by default in your regular key (check your license key list within Identity Panel). SoftwareIDM can prevent credentials being applied to Identity Panel through license keys. This is done so customer security teams can audit and approve password storage before the storage ability is granted. (For more information about how passwords are protected, see a future article on this topic in this knowledge base.)
You must include the SMTP from address. This will inform to receive the source of the message.
You must include a recipient for any message generated by Identity Panel, that does not have an explicitly defined recipient.
You may have noticed that this article skipped the more obvious settings of server, port, and SSL. These fields are obvious to many. The server can be an IP address or resolvable name. The port is typically 25 as defined by RFC 821 Appendix A. These values must be specified.
For more information, see Designing you SMTP architecture (for Identity Panel).
Sending a Test Message
Pressing the Test Message button will enqueue an ad-hoc schedule step to send a test message to the Fallback Recipient in the SMTP settings.
To successfully send the message at least one copy of Panel Service must be running, or a Panel Tools must be running in service mode.
Because Identity Panel settings are cached by Panel Service for up to 5 minutes, it may be necessary to restart the service, or wait after updating settings before attempting a test message.
Posted to Twitter via @IdentityPanelKB on June 12, 2017