Configure email account

Setting up an email account in senhasegura allows the application to send notifications about different actions, such as changing a password before a certificate expires or suspicious access.

Including valid email addresses is important because approvers receive access requests via email. Likewise, applicants receive their disapproval or approval responses.

Set up an SMTP account

Through the Settings ➔ Notifications ➔ SMTP Configuration menu, you have access to all accounts registered on the platform. Accounts can be active or inactive, as well as all system entities.

You must configure an SMTP account as default for use by the platform. To create a new account, select the View Actions menu and then click New:

• Account Name: name for internal identification and distinction from other registered accounts.
• Enabled: option 'Yes' selected indicates that the account can be used on the platform.
• Sender e-mail: e-mail used to send the messages.
• Reply e-mail: email that receives replies.
• Reply e-mail (Return-Path): return email for error cases.
• Confirmation mail: email for read confirmation.
• Default account: option 'Yes' selected indicates that this account is the platform's default shipping account.
• Send read receipt: option 'Yes' selected indicates that the read receipt request must be forwarded.
• Force settings use: option 'Yes' indicates that the email accounts set to Reply, Return-Path, and Confirmation must be maintained.
• Enable footnote: option 'Yes' selected indicates that the automatic footer is added to the body of the email.

SMTP server settings:

• Host SMTP: address of the server that hosts the SMTP service.
• Port: SMTP service port.
• Use safe connection?: option 'Yes' selected indicates that protocols must send with encryption.
• Secure connection type: encryption type - TLS or SSL.
• Use authentication?: option 'Yes' indicates that the server requires authentication.
• Ignore Certificate Error: Selecting 'Yes' for this option indicates that any SMTP server certification errors will be ignored.
  
  Network Connector

  Please note that if you are using the Network Connector feature, it is necessary to configure the "Ignore Certificate Error" option to 'Yes'.
• Network connector: the Network connector agent.
• Credential for authentication: the credential used for authentication on the SMTP server.

When saving the registration, the account becomes available for test submission and use of the platform.

In the Action column, there is the Test setting option. Use to verify that the configuration was done correctly. Fill in the Send to, Subject, and Message fields and click Send. This action sends the email immediately.

Emails forwarded by the platform are viewed under Notifications ➔ Email ➔ Outbox.

Set an SMTP account for Gmail or Office360

Requirements

• OAuth2 client_id of chosen email provider
• client_secret OAuth2 of chosen email provider

The registration process for the senhasegura solution is done using the APIs of the chosen provider.

Step (1/3) - Email-oauth2-proxy registration

After obtaining the 'client_id' and 'client_secret' values, configure the senhasegura solution, particularly the 'email-oauth2-proxy' component. In the example below, we use the necessary steps to configure senhasegura with the Google Gmail service.

1. Access the senhasegura server using SSH with port 59022.
2. Log in with the mt4adm administrative user.
3. Use the 'orbit email-oauth2-proxy register' command, with the client_id and client_secret and the following parameters:

$ orbit email-oauth2-proxy register 
--imap-server-address=imap.gmail.com \
--imap-server-port=993 \
--smtp-server-port=465 \
--smtp-server-address=smtp.gmail.com \ --oauth2-token-url=https://oauth2.googleapis.com/token \ --oauth2-scope=https://mail.google.com/ \
--oauth2-client-id=<your client id here> \
--oauth2-client-secret=<your client secret here> \
--oauth2-permission-url=https://accounts.google.com/o/oauth2/auth \
--force

Email OAuth2 Proxy is almost ready!

Setup guide for sending and receiving emails with SMTP, IMAP and POP3 can be found in our official documentation, available at https://d.senhasegura.io/aeb2am4a

Step (2/3) - senhasegura SMTP service configuration

After the initial configuration of the 'email-oauth2-proxy' component, the user must configure the senhasegura SMTP service.

1. Access senhasegura through the browser
2. Go to Settings ➔ Notifications ➔ SMTP configuration
3. Create a new SMTP service configuration.
4. Fill in the fields as indicated in the figure below. The Secure connection type field must be disabled:
   
5. Click Send.

Step (3/3) - Authorize Oauth-Proxy URL 

1. Access the senhasegura server using SSH with port 59022.
2. Log in with the mt4adm administrative user.
3. Run the command:
   ShellShell

   sudo orbit email-oauth2-proxy get-auth-url

4. The user must obtain the URL for accessing the 'email-oauth2-proxy' configuration and authorization, along with the API used.
5. Open your browser and paste the obtained URL.
6. If necessary, complete the login process for the provider account used.
7. The result of the previous step results in a URL like the one below:
   https://localhost/email-oauth2-proxy-authorize/?code=4/0AWgavde0I1PjN4mmAypCfIPTRp69w67cIn0CoYiL41jjZtkzjcl1osCjaJQqd3apfZaoVg&scope=https://mail.google.com/
   Info

   If you use Office365, the URL already has the correct IP instead of localhost.
8. Replace the word localhost in the URL address with the IP address of senhasegura.
   https://<IP_senhasegura>/email-oauth2-proxy-authorize/?code=4/0AWgavde0I1PjN4mmAypCfIPTRp69w67cIn0CoYiL41jjZtkzjcl1osCjaJQqd3apfZaoVg&scope=https://mail.google.com/

As a result, we have the message shown below. The message appears in another browser tab.

Email OAuth 2.0 Proxy successfully authenticated account [email protected].
You can close this window.

Set up a POP3/IMAP account

Access the menu Settings ➔ Notifications ➔ IMAP Configuration/POP3. Here, you can access all the inbox accounts that senhasegura will interact with. To create a new account, select the View actions menu and then click New:

• Account name: name for internal identification and distinction from other registered accounts.
• Keep copy in server: option 'Yes' selected indicates that the received e-mail must have a copy in the inbox of the POP3/IMAP server.
• Automatic check: option 'Yes' selected indicates that the platform should automatically read messages from the inbox.
• Enabled: option 'Yes' selected indicates that the account can be used on the platform.
  

Server configuration:

• Address: address of the server hosting the POP3/IMAP service.
• Port: port where the service is running on the target server.
• Protocol: choose the desired protocol.
• Network connector: the Network connector agent.
• Credential for authentication: the credential used for authentication in the POP3/IMAP service.
• Skip certificate?: option 'Yes' selected indicates that Inbox server certificate errors should be ignored.
• Use safe connection: choice 'Yes' set shows that communication with the service must be done using encryption.
• Secure connection type: encryption type - TLS or SSL.

Set IMAP account for Gmail or Office360

1. Access senhasegura through the browser.
2. Go to Settings ➔ Notifications ➔ IMAP Configuration/POP3.
3. Create a new SMTP service configuration.
4. Fill in the fields as indicated in the figure below.
   
   Safe connection

   Leave the Secure connection type field disabled
   
5. Click Save.