DocumentationAPI ReferenceRelease Notes
Log In
Documentation

Email configuration

Suggest Edits

What is email configuration?

Email configuration allows administrators to set up and manage email notifications for various events within the BeyondTrust system, such as session invitations, alerts, and updates.

How is email configuration useful?

Email configuration enables the automation of communication within the BeyondTrust system, ensuring users are promptly notified about important events. It helps streamline support processes and improves communication between administrators, support staff, and customers.

How do I access the Email Configuration page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Privileged Remote Access > Management.
    The Managment page opens and the Software tab displays by default.
  3. Click the Email Configuration tab.
    The Email Configuration tab displays.

How to configure email notifications

Email address

ℹ️

Note

If a B Series Appliance is designated as a backup B Series Appliance or a traffic node, the email configuration for that B Series Appliance will be overwritten with the email configuration defined on the primary B Series Appliance.

From address

Set the email address from which automatic messages from your B Series Appliance will be sent.

SMTP relay server

Configure your B Series Appliance to work with your SMTP relay server in order to send automatic email notifications of certain events.

SMTP relay server

Enter the hostname or IP address of your SMTP relay server.

SMTP port

Set the SMTP port to contact this server on.

SMTP encryption

If your SMTP server supports TLS encryption, choose TLS or STARTTLS. Otherwise, select None.

SMTP authentication type

To use a form of authentication with this server, select either Username and Password or OAuth2. Otherwise, select None.

Username and password

Enter a username and password to configure this form of authentication.

OAuth2

Admin contact

Default admin contact email addresses

Enter one or more email addresses to which emails should be sent. Separate addresses with a space.

Send daily communication notice

You can have the B Series Appliance send a daily notification to ensure that alert communication is working correctly.

In addition to the test email and daily communication notices that can be configured above, emails are sent for the following events:

  • During any failover operation, the product version on the primary node does not match the product version on the backup node.

  • During a failover status check, any of the following problems are detected.

    • The current B Series Appliance is the primary node and a shared IP address is configured in /login, but its network interface is not enabled.
    • A shared IP address is configured in /login but is not listed as an IP address in /appliance.
    • The backup node could not contact the primary node, and it also could not contact any of the test IP addresses configured on the Management > Failover page.
    • The backup node could not contact any of the test IP addresses configured on the Management > Failover page.
    • The backup node's backup operations are disabled on the Management > Failover page.
    • The backup node unexpectedly failed to perform a probe of itself, indicating that it is malfunctioning.
    • The backup node failed to contact the primary node using the primary node's hostname.
    • Automatic failover is disabled, and the backup node failed to probe the primary node.
    • Automatic failover is enabled, and the backup node failed to probe the primary node. The backup node will automatically become the primary node if the primary node remains unresponsive.
    • Automatic failover is enabled, and the backup node is automatically becoming the primary node because the primary node was down for too long.
    • The primary node failed to perform a data sync with the backup node sometime in the past 24 hours.

    Send a test email when the settings are saved

    If you wish to receive an immediate test email to verify that your SMTP settings are accurately configured, check this option before clicking the Save button.

Configure OAuth2 for Entra ID

1. Configure Entra ID.
  1. Follow Microsoft's Enable or disable modern authentication for Outlook in Exchange Online procedure to ensure Authenticated SMTP is enabled for each account on Exchange Online
  2. Log into your Azure console (portal.azure.com), navigate to Entra ID, and follow instructions there for registering a new application.
  3. When prompted, enter https://{URL OF YOUR APPLIANCE}/login/smtp-verification as the URI redirect.
  4. Note the following in your Azure configuration, as they are required later:
    • Application (client) ID
    • Authorization endpoint
    • Token endpoint
    • Client secret
2. Provide credentials to the SMTP relay server.
  1. Within the Privileged Remote Access admin interface, navigate to Management > Email Configuration.
  2. Under SMTP Authentication Type, select OAuth2, and enter the following information:
    • Email: The email address for the SMTP relay.
    • SMTP OAuth Provider ID: The application ID noted earlier.
    • SMTP OAuth Client Secret: The client secret noted earlier.
    • SMTP OAuth Scopes: Enter https://outlook.office.com/SMTP.Send offline_access.
    • SMTP OAuth Authentication Endpoint: The authorization endpoint noted earlier.
    • SMTP OAuth Token Endpoint: The token endpoint noted earlier.
  3. Click Save.
  4. Click Verify Oauth2 Provider to verify and connect the provider account.

ℹ️

Note

Ensure you are logged into the provider portal as the email address for the SMTP relay, entered above, in the same browser session. You may need to log out of your personal or admin account.

Configure OAuth2 for Google

1. Configure your Google Cloud Platform for OAuth.
  1. Log into Google Cloud Platform.

    📘

    Note

    Use the correct Gmail account, as only the owner of the project is able to work with the project. If you do not already have a paid account, you might choose to purchase an account by clicking Activate in the top banner. BeyondTrust cannot provide assistance with purchasing an account. Click Learn More in the top banner for information regarding the limitations of free accounts.

  2. Follow Google's Manage OAuth Clients procedure.
  3. Use the following information during GCP OAuth configuration:
    • Authorized domains: The BeyondTrust test appliance domains include:
      • qabeyondtrustcloud.com
      • bomgar.com
    • Credentials: When you create your credentials, select Web application for your appliance setup.
    • Authorization Redirect URI- When you create the Redirect URI, use this form: _https://{URL OF YOUR APPLIANCE}/login/smtp-verification
2. Provide credentials to the SMTP relay server.
  1. Ensure you are signed into the provider portal as the email address for the SMTP relay.n.
  2. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  3. From the main menu, click Privileged Remote Access > Management.
    The Backup Settings page opens and the Software tab displays by default.
  4. Click the Email Configuration tab.
  5. Under the SMTP Relay Server section, go toSMTP Authentication Type.
  6. Select OAuth2, and enter the following information:
    • Email: The email address for the SMTP relay.
    • SMTP OAuth Provider ID: The client_id from the JSON file generated during the Google configuration.
    • SMTP OAuth Client Secret: The client_secret from the JSON file generated during the Google configuration.
    • SMTP OAuth Scopes: Enter https://mail.google.com/.
    • SMTP OAuth Authentication Endpoint: The auth_uri from the JSON file generated during the Google configuration.
    • SMTP OAuth Token Endpoint: The token_uri from the JSON file generated during the Google configuration.
  7. Click Save.
  8. Click Verify Oauth2 Provider to verify and connect the provider account.

Updated 21 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.