Skip to main content

1E 9.x (on-premises)

Email and 2FA requirements

You will need to decide if you want to use the Email and two-factor authentication features.

SMTP server

The 1E SMTP feature can optionally be enabled to send the following types of emails to 1E users.

  • Approval request emails to approvers about pending action requests

  • Notification emails to users about responses that will expire shortly

  • One-time authentication code emails if the two-factor authentication feature is enabled.

Emails are HTML format, without any attachments, and have a typical size of approximately 70KBytes. You can choose to modify the email banner header.

Emails are sent by the Coordinator service (workflow module) which by default uses the built-in Network Service (NT AUTHORITY\NETWORK SERVICE).

If the 1E SMTP feature is enabled, your SMTP relay/gateway may require the following to be configured.

  • Add the 1E Server name or IP address to a new or existing white-list policy

  • Disable require SMTP authentication (allow anonymous) - see note below

  • Assign the "mail-from" address to an AD account - see Mail-From address below - if it has a SPF (Sender Policy Framework) or Sender ID policy.

Note

In this version of 1E, SMTP Authentication is not configurable using the Server installer. The default is anonymous authentication. However, it can be changed post-installation. For details of changing the SMTP configuration and disabling email notifications, please refer to 1E Server post-installation tasks.

Mail-From address

If the 1E SMTP feature is enabled, then a Mail-From address is required as the Sender of 1E emails.

1E does not require the Mail-From address to belong to a real AD account or have a real mailbox, however, your SMTP relay/gateway might have these requirements, therefore you may need to create an additional AD account.

Choose a suitable email address, especially if there is no mailbox, for example no_reply@acme.local.

Email for Users and Approvers

Each 1E user and approver should have an email address, otherwise they will not receive emails when actions require authentication or approval. Email addresses are mandatory if two-factor authentication is enabled.

If a Group is assigned rights in 1E to approve actions, and the Group has an email address, then 1E will use that. However, a group member will receive emails only if your organization's mail system supports group emails and the member has an email address. If the Group does not have an email address, then 1E will look up group members and send emails to any member that has an email address. Irrespective of whether the Group has an email address, members must have emails addresses in order to receive emails.

Note

If your organization uses separate accounts for user and administration tasks, then you should consider the impact of using admin accounts for 1E if they do not have associated email addresses.

Two-factor Authentication requirements

If the 2FA feature is enabled, 1E users are prompted to enter a one-time authentication code in addition to their password in order to confirm they want to submit an action instruction.

The one-time authentication code is sent to the user by email. The two-factor authentication feature requires email.

Please refer to 1E Server post-installation tasks.