Email from STEP

Mail Server with Basic Authentication Configuration

When using basic authentication, every time a user or functional area within STEP sends an email, a username and password are exchanged with the configured mail relay service. Basic authentication is increasingly considered outdated and vulnerable, and many widely used email services, such as Office 365, plan to discontinue support.

Note: Microsoft has announced that Basic authentication will be deprecated for client submissions within their Exchange Online / Office 365 mail service in September 2025. Search the web for details.

To use a mail server with basic authentication, submit a Stibo Systems Service Portal ticket and include the relevant values for your environment on these configurations:

1. Provide the mail server URL, such as smtp.office365.com, for the Mail.MailServerURL configuration.

2. Provide the mail server port, such as 587, for Mail.MailServerPort configuration.

3. If TLS should be used in connection to the mail server, request to set the Mail.UseTLS configuration to 'true'.

4. Provide the default mail address displayed in the 'From' field, such as noreply@mailserver.com, for the Mail.DefaultFromMailAddress configuration.

   If no default mail address is provided, STEP sets the default 'From' email address as noreply@step-system.invalid.

5. Provide the authorized user name, such as AuthUser, for the Mail.MailAuthenticationUser.Name configuration.

6. Provide the authorized user password, such as AuthPassword, for the Mail.MailAuthenticationUser.Password configuration.

   Note: This configuration holds the password of the authorized user. When that password changes, the value on this configuration must also be updated.

Mail Server OAuth 2.0 Authentication Configuration

When using OAuth 2.0 to send an email from STEP, first an access token is requested from an authorization service using a client ID and a password or a client ID and a certificate. Once the authorization service accepts the request, it provides an access token with a limited lifetime to STEP, and during that lifetime, STEP uses that token to authenticate when sending email.

To use a mail server with OAuth 2.0 instead of Basic authentication, submit a Stibo Systems Service Portal ticket and include the relevant values for your environment on these configurations:

1. Provide the mail server URL, such as smtp.office365.com, for the Mail.MailServerURL configuration.

2. Provide the mail server port, such as 587, for the Mail.MailServerPort configuration.

3. If TLS should be used in the connection to the mail server, request to set the Mail.UseTLS configuration to 'true'.

4. Provide the authorized user name, such as AuthUser, for the Mail.MailAuthenticationUser.Name configuration.

5. Provide the OAuth scope, such as https://outlook.office365.com/.default, for the Mail.OAuth.Scope configuration.

6. Provide the appropriate URL, such as https://login.microsoftonline.com/f3b75255-4214-4a54-b552-56ac6906ae88/oauth2/v2.0/token, for the Mail.OAuth.TokenService.URL configuration.

7. Identify the required authentication option:

   • To use a Client ID / Client Secret, use the following configurations:

     • Provide the Client ID, such as Mail.OAuth.ClientID=b3118bec-cc88-4c90-b202-5aa3f67f6ff8, for the Mail.OAuth.ClientID configuration.

     • Provide the secret, such as HST8Q~egaNMbB_CeZg8S8G5RhgeF1bMYwSSpUb8z, for the Mail.OAuth.ClientSecret configuration.

   • To use a Client ID / Certificate, use the following configurations:

     • Provide the Client ID, such as b3118bec-cc88-4c90-b202-5aa3f67f6ff8, for the Mail.OAuth.ClientID configuration.

     • Provide the keystore file or location, such as /home/mailserverconfig/keystore.jks, for the Mail.OAuth.ClientKeyStore configuration.

     • Provide the keystore password, such as Mail.OAuth.ClientKeyStore.Password=Pa55worD, for the Mail.OAuth.ClientKeyStore.Password configuration.