SAP Cloud Platform Identity Authentication Mail Server Configuration
This blog would cover the settings to configure Mail Server with SAP Cloud Platform Identity Authentication.
By default, SAP Identity Authentication uses own mail server to send e-mails to registered users. Typically example is when an user complete a registration form for Single Sign On, she/he would receive an activation e-mail from email@example.com.
Based on September 2018 release, SAP Identity Authentication supports the configuration of Mail Server to be used for e-mails sent to users in different application processes (self registration, on behalf registration, invitation, forgot password, reset password, locked password).
As described in SAP help, once tenant administrators configure mail server, all e-mails will go through this new configuration. If you want to return to the default settings (using SAP own mail server), remove the configuration.
To configure Mail Server, follow the next steps:
- Go to SAP Cloud Platform Identity Authentication, navigate to Applications & Resources > Tenant Settings
- Select Mail Server Configuration.
- Configure your Mail server.
Now, before configuring a new Mail Server, there are some important information about the capabilities:
- Only STMP is supported. POP3 and IMAP are not supported at this point.
- As part of standard protocols used to secure email transmissions, STARTTLS is supported and always used for the communication with the server. Transport Layer Security (TLS) is also supported.
Remember that STARTTLS is an email protocol command that tells an email server that an email client, including an email client running in a web browser, wants to turn an existing insecure connection into a secure one.
- Ports: Port 587 and 25 are the only option available.Port 25: Remember this port is used primarily for SMTP relaying. SMTP relaying is the transmittal of email from email server to email server. However modern SMTP clients (Outlook, Mail, etc.) shouldn’t use this port, as it is traditionally blocked, by residential ISPs and Cloud Hosting Providers to curb the amount of spam.Port 587: This is the default mail submission port. When a mail client or server is submitting an email to be routed by a proper mail server, it should always use this port.
- As part of configuration, an user and password to mail server must be provided. This user is not limiting the email account used under section From or Reply to.
To configure a new mail server, enter the required information:
- Host. You can user your own company mail server, but other mail providers also supported such as an account with office 365 or gmail.
- As indicated previously only ports 587 and 25 are supported. Based on your mail server, 587 would be the preferred option.
- From: You can specify any email account to be used when sending emails. This email account could be different to the other option reply to, if required.
- Reply to: Is a common practice nowadays to send emails from generic accounts, but if an user required to reply, an different email account that is monitored is provided in the email sender information or in the email content.
- User: A valid user for your host is required. An user with authorization to send emails.
- Password: Provided the valid password for user indicated in previous step.
After configuring your mail server, new email sent from SAP Cloud Platform Identity Authentication would display information configured, as below:
Finally, if you are using an Office account, please take in account information supplied by Microsoft: How to set up a multifunction device or application to send email using Office 365
Once of most common issues after setting your mail server, is that your server provider would block third party from access the mail server functionalities. To bypass this issue, ensure to set as trusted IP in your third party mail server, the IP address for SAP Cloud Platform Identity Authentication. To find the IP of your SAP CPIA, use some web pages that offer “URL/IP Lookup”. Enter the URL for your SAP Cloud Platform Identity Authentication and obtain your IP range, for example:
This concludes all required steps to configure mail server with SAP Cloud Platform Identity Authentication. If you require more information, check SAP Help:
SAP Cloud Platform Identity Authentication
thank you for this blog post.
We have configured the mail server succesfully, including the trust of the SAP Cloud Platform Identity Authentication IP address.
The problem is that this IP changes at some time without any notice. User are just claiming that "Password reset" mails are not sent.
Is there a way to be noticed when the IP changes?
Here you can see the range of IP's according to the data center where your tenant is hosted: