Configuring OAuth for SMTP

Edit online

You can use OAuth standard to for the SMTP authentication in IBM Verify Identity Governance - Container.

Overview

OAuth (Open Authorization) is an open standard token-based authorization and access delegation.

The IBM Verify Identity Governance - Container supports using OAuth for SMTP authentication.

Depending on your approach to configuration of OAuth, choose one of the following paths:
Configuring OAuth during fresh installation
Perform these steps if you want to configure OAuth during the fresh installation of IBM Verify Identity Governance - Container.
  1. Complete the prerequisites listed in Before you begin section.
  2. Configure OAuth as described in the Configuring OAuth section.
  3. Validate the OAuth configuration as shown in Next steps section.
Configuring OAuth after installation
Perform these steps if you want to configure OAuth after you have completed a fresh installation of the IBM Verify Identity Governance - Container.
  1. Complete the prerequisites # 1 and # 2 listed in Before you begin section.
  2. Use the createConfig utility to load the certificates into the keystore.
  3. Restart the IBM Verify Identity Governance - Container pods.
  4. Use the getConfig utility to update the enrolMail.properties file and set the authentication.type parameter in the enrolMail.properties file to OAuth
  5. Run the createConfig utility.
  6. Restart the IBM Verify Identity Governance - Container pods.
  7. Configure OAuth as described in the Configuring OAuth section.
  8. Validate the OAuth configuration as shown in Next steps section.
Configuring OAuth during upgrade
Perform these steps if you want to configure OAuth when upgrading to the IBM Verify Identity Governance - Container.
  1. Complete the prerequisite # 1 listed in Before you begin section.
  2. Use the createConfig utility to load the certificates into the keystore.
  3. Restart the IBM Verify Identity Governance - Container pods.
  4. Use the getConfig utility to update the enrolMail.properties file and set the authentication.type parameter in the enrolMail.properties file to OAuth
  5. In IBM Verify Identity Governance - Container, set the useSMTPMail parameter in the config.yaml file to true.
  6. Run the createConfig utility.
  7. Restart the IBM Verify Identity Governance - Container pods.
  8. Configure OAuth as described in the Configuring OAuth section.
  9. Validate the OAuth configuration as shown in Next steps section.

Before you begin

Ensure that the following prerequisites are completed.
  1. You must configure the OAuth provider application (for example, GMail) to use OAuth. After configuration, you should have the following details:
    • Client ID
    • Authorization URL
    • Token URL
    • Client Secret
    Refer the documentation of the OAuth provider application for the steps to receive these parameters.
  2. You must add the certificates of the OAuth provider application to the IBM Verify Identity Governance - Containerkeystore in the /config/certs directory.
  3. In IBM Verify Identity Governance - Container, you must set the useSMTPMail parameter in the config.yaml file to true.
  4. In IBM Verify Identity Governance - Container, you must set the authentication.type parameter in the enrolMail.properties file to OAuth.

Configuring OAuth

Perform the following steps to configure OAuth for SMTP authorization in IBM Verify Identity Governance - Container.

  1. In main menu of IBM Verify Identity Governance - Container, go to Configure System Additional Mail Properties.
  2. Provide the following information. Note that all the fields are mandatory.
    Mail Server
    For example: smtp.mail.com
    Port
    Provide the port number to use for SMTP. For example: 587
    Mail From
    Provide the email address of the user. For example: username@gmail.com
    Client ID
    Enter the client ID received from the external application. Ensure that the client ID and the Mail From value are for the same person.
    Client Secret
    Enter the client secret received from the external application.
    Redirect URL
    This is the callback mechanism of IBM Verify Identity Governance - Container. This is the URL that the external application will use to authenticate the IBM Verify Identity Governance - Container. This field is automatically filled by IBM Verify Identity Governance - Container and cannot be edited. You must verify and confirm that the URL is correct.
    Scope
    Provide the external application scope. For example: https://mail.google.com
    Authorization URL
    Enter the authorization URL received from the external application.
    Token Endpoint
    Enter the token endpoint.
  3. After providing all the values, click Save Configuration. This button is only enabled after you have provided values for all the parameters.
  4. A pop-up window appears, asking you to select the external application user account. Select the appropriate user account.
  5. Provide your confirmation to the external application for authenticating IBM Verify Identity Governance - Container. A message appears confirming the successful authentication.

Next steps

You can verify that OAuth is successfully configured for SMTP authentication in IBM Verify Identity Governance - Container. From the main menu, go to Configure SystemPost Office. Send a test email and verify that it is received successfully by the recipient.