Email and 2FA requirements
You will need to decide if you want to use the Email and two-factor authentication features.
SMTP server
The 1E SMTP feature can optionally be enabled to send the following types of emails to 1E users.
Approval request emails to approvers about pending action requests
Notification emails to users about responses that will expire shortly
One-time authentication code emails if the two-factor authentication feature is enabled.
Emails are HTML format, without any attachments, and have a typical size of approximately 70KBytes. You can choose to modify the email banner header.
Emails are sent by the Coordinator service (workflow module) which by default uses the built-in Network Service (NT AUTHORITY\NETWORK SERVICE).
If the 1E SMTP feature is enabled, your SMTP relay/gateway may require the following to be configured.
Add the 1E Server name or IP address to a new or existing white-list policy
Disable require SMTP authentication (allow anonymous) - see note below
Assign the "mail-from" address to an AD account - see Mail-From address below - if it has a SPF (Sender Policy Framework) or Sender ID policy.
Note
In this version of 1E, SMTP Authentication is not configurable using the Server installer. The default is anonymous authentication. However, it can be changed post-installation. For details of changing the SMTP configuration and disabling email notifications, please refer to 1E Server post-installation tasks.
Mail-From address
If the 1E SMTP feature is enabled, then a Mail-From address is required as the Sender of 1E emails.
1E does not require the Mail-From address to belong to a real AD account or have a real mailbox, however, your SMTP relay/gateway might have these requirements, therefore you may need to create an additional AD account.
Choose a suitable email address, especially if there is no mailbox, for example no_reply@acme.local.
Email for Users and Approvers
Each 1E user and approver should have an email address, otherwise they will not receive emails when actions require authentication or approval. Email addresses are mandatory if two-factor authentication is enabled.
If a Group is assigned rights in 1E to approve actions, and the Group has an email address, then 1E will use that. However, a group member will receive emails only if your organization's mail system supports group emails and the member has an email address. If the Group does not have an email address, then 1E will look up group members and send emails to any member that has an email address. Irrespective of whether the Group has an email address, members must have emails addresses in order to receive emails.
Note
If your organization uses separate accounts for user and administration tasks, then you should consider the impact of using admin accounts for 1E if they do not have associated email addresses.
Two-factor Authentication requirements
If the 2FA feature is enabled, 1E users are prompted to enter a one-time authentication code in addition to their password in order to confirm they want to submit an action instruction.
The one-time authentication code is sent to the user by email. The two-factor authentication feature requires email.
Please refer to 1E Server post-installation tasks.