Skip to main content

1E 8.1 (on-premises)

Email and 2FA requirements

You will need to decide if you want to use the Email and two-factor authentication features.

SMTP server

The Tachyon SMTP feature can optionally be enabled to send the following types of emails to Tachyon users.

  • Approval request emails to approvers about pending action requests

  • Notification emails to users about responses that will expire shortly

  • One-time authentication code emails if the two-factor authentication feature is enabled.

Emails are HTML format, without any attachments, and have a typical size of approximately 70KBytes. You can choose to modify the email banner header.

Emails are sent by the Coordinator service (workflow module) which by default uses the built-in Network Service (NT AUTHORITY\NETWORK SERVICE).

If the Tachyon SMTP feature is enabled, your SMTP relay/gateway may require the following to be configured.

  • Add the Tachyon Server name or IP address to a new or existing white-list policy

  • Disable require SMTP authentication (allow anonymous) - see note below

  • Assign the "mail-from" address to an AD account - see Mail-From address below - if it has a SPF (Sender Policy Framework) or Sender ID policy.

Note

In this version of Tachyon, SMTP Authentication is not configurable using the Server installer. The default is anonymous authentication. However, it can be changed post-installation. For details of changing the SMTP configuration and disabling email notifications, please refer to Tachyon Server post-installation tasks.

Mail-From address

If the Tachyon SMTP feature is enabled, then a Mail-From address is required as the Sender of Tachyon emails.

Tachyon does not require the Mail-From address to belong to a real AD account or have a real mailbox, however, your SMTP relay/gateway might have these requirements, therefore you may need to create an additional AD account.

Choose a suitable email address, especially if there is no mailbox, for example no_reply@acme.local.

Email for Users and Approvers

Each Tachyon user and approver should have an email address, otherwise they will not receive emails when actions require authentication or approval. Email addresses are mandatory if two-factor authentication is enabled.

If a Group is assigned rights in Tachyon to approve actions, and the Group has an email address, then Tachyon will use that. However, a group member will receive emails only if your organization's mail system supports group emails and the member has an email address. If the Group does not have an email address, then Tachyon will look up group members and send emails to any member that has an email address. Irrespective of whether the Group has an email address, members must have emails addresses in order to receive emails.

Note

If your organization uses separate accounts for user and administration tasks, then you should consider the impact of using admin accounts for Tachyon if they do not have associated email addresses.

Two-factor Authentication requirements

If the 2FA feature is enabled, Tachyon users are prompted to enter a one-time authentication code in addition to their password in order to confirm they want to submit an action instruction.

The one-time authentication code is sent to the user by email. The two-factor authentication feature requires email.

Please refer to Tachyon Server post-installation tasks.