PingFederate Server

Configuring an SMTP Notification Publisher instance

Set up an instance of the SMTP Notification Publisher for PingFederate to notify administrators and end users about various events. You can configure multiple instances, each with different settings as needed.

Steps

  1. On the Instance Configuration tab, provide the required information or update any default or previously configured setting values.

    For more information about each field, refer to the following table:

    Field Description

    From Address (required)

    The email address that appears in the “From” header line in email messages generated by PingFederate. The address needs a valid format but doesn’t need to be set up on your system.

    Sender Name

    The sender name displayed in email messages generated by PingFederate.

    Sender name can’t exceed 256 characters.

    Email Server (required)

    The IP address or host name of your email server.

    SMTP Port

    The SMTP port on your email server.

    The default value is 25.

    Encryption Method

    Select SSL/TLS to establish a secure connection to the email server at the SMTPS port.

    Select STARTTLS to establish an unencrypted connection to the email server at the SMTP port and initiate a secure channel afterward.

    Select None, the default value, to establish an unencrypted connection to the email server at the SMTP port.

    SMTPS Port

    The secure SMTP port on your email server. Only applicable if you select SSL/TLS as the chosen encryption method.

    The default value is 465.

    Verify Hostname

    Indicates whether to verify the host name of the email server matches the Subject (CN) or one of the Subject Alternative Names from the certificate. Only applicable if you select SSL/TLS or STARTTLS as the chosen encryption method.

    This checkbox is selected by default.

    UTF-8 Message Header Support

    Indicates whether the email server supports UTF-8 encoding in message headers; for example, in the recipient email address. Enable this option only if your email server supports this feature.

    With this option enabled, PingFederate supports UTF-8 characters in the sender and recipient email addresses. It doesn’t support emojis in the domain portion of the email address.

    Authentication Method

    The method used to authenticate the SMTP server. Depending on which method you select, you will have to complete different fields on this form. If you select None, you can skip down to Test Address.

    Basic Authentication

    Microsoft Exchange Online will deprecate basic authentication beginning in late 2026. Learn more in Updated Exchange Online SMTP AUTH Basic Authentication Deprecation Timeline in the Microsoft community site.

    Username

    The username for the SMTP server.

    Password

    The password for the SMTP server.

    OAuth 2.0 Bearer Token

    OAuth Authentication Method

    The method for obtaining an OAuth access token. For either method, you must configure OAuth Token Endpoint, OAuth Scope, and Client ID. Other fields will depend on the method you select.

    OAuth Token Endpoint

    The URL for the OAuth token endpoint

    OAuth Scope (Optional)

    The authorization scopes requested from the OAuth endpoint. Separate multiple scopes with spaces.

    Client ID

    The ID of the client created for authentication.

    If you selected Client Credentials, configure one of the following fields:

    Client Secret

    The secret associated with the client ID.

    Client Secret Reference

    The secret reference for the client when using a configured secret manager. The format is OBF:MGR:{secretManagerId}:{secretId}. Learn more in Secret managers.

    If you selected Private Key JWT, configure the following fields:

    Use Centralized Signing Key

    Select this option to use a centralized key when signing JWTs using an RSA-based or EC-based algorithm.

    JWT Signing Key

    Select a signing key in the list to use for creating JWT client assertions. Used only when Use Centralized Signing Key is cleared.

    JWT Signing Algorithm

    Select a signing algorithm in the list to use for creating JWT client assertions. Used only when Use Centralized Signing Key is cleared. This is also required when Use Centralized Signing Key is selected.

    JWT Audience

    The audience claim for the JWT assertion. The issuer identifier of the authorization server is the recommended value.

    JWT Lifetime

    The lifetime in minutes of the JWT client assertion. Maximum value is 1440. Default value is 5.

    JWT Type Header

    The type header value value for the JWT client assertion. Check the provider schema for recommended value.

    Test Address

    Enter an email address PingFederate should use to verify connectivity with the configured email server.

    Click Show Advanced Fields to review the following settings. Modify as needed.

    Connection Timeout

    The amount of time in seconds that PingFederate waits before it times out connecting to the SMTP server.

    The default value is 30.

    Enable SMTP Debugging Messages

    Turns on detailed error messages for the PingFederate server log to help troubleshoot SMTP issues.

    This setting is disabled by default. When enabled, PingFederate logs email messages, which can contain sensitive information, to the server log. Consider enabling debug messages solely for troubleshooting purposes and disabling this option when debug messages are no longer required.

  2. Click Next.

Next steps

You can modify email-notification template files to suit the particular branding requirements. Learn more in Customizable email notifications.