How can I configure a third-party email provider to send 2FA codes using ADManager Plus?

How can I configure a third-party email provider to send 2FA codes using ADManager Plus?

Objective 

This article helps administrators configure ADManager Plus to send one-time passwords (OTPs) for two-factor authentication (2FA) using an external email provider like Gmail, Outlook, or another SMTP-based service. This setup is especially useful for organizations that don’t manage their own mail servers and want to ensure secure, reliable delivery of OTPs to users during login. By using trusted external email services, admins can improve authentication success rates and reduce delays or failures in OTP delivery.

Prerequisites 

  • ADManager Plus installed on a compatible Windows Server.

  • Administrator privileges within ADManager Plus to configure email server and security settings.

  • A valid third-party SMTP email server (e.g., Gmail, Outlook), along with the necessary authentication credentials.

  • An SMTP server supporting secure communication using TLS or SSL.

  • Internet access for the ADManager Plus server and connection to the SMTP server on the appropriate port, typically 587 (TLS) or 465 (SSL).

  • Firewall settings that allow outbound SMTP traffic to the third-party provider.

  • DNS and domain configurations set up so the ADManager Plus server can resolve and communicate with the SMTP server.

Steps to follow 

Step 1: Configure email server settings in ADManager Plus 

  1. Log in to ADManager Plus using an administrator account.

  2. Navigate to Admin > General Settings > Server Settings > Email Server/SMS Gateway.

  3. In the Email Server field, enter your SMTP server name.

  4. In the Email Port field, specify the appropriate port number. This is typically 465 for SSL or 587 for TLS, depending on your provider.

  5. From the Connection Security dropdown, select the security protocol required by your provider (TLS or SSL).

  6. In the From Address field, enter the sender’s email address that will be used to send OTP emails.

  7. Enable Authentication, and enter the email address and corresponding password or app-specific password (if required by your provider). Click Configure.

  8. In the Administrator’s Email Address field, enter the email address to receive test notifications.

  9. Click Send Test Email to verify the email configuration and ensure ADManager Plus can send emails successfully.

  10. Click Save to apply the changes.

Step 2: Enable OTP via email for 2FA 

  1. Navigate to Delegation > Configuration > Logon Settings > Two-Factor Authentication.

  2. Use the toggle to enable Two-Factor Authentication.

  3. Under One-time password via email:

    • Select the check box beside Enable one-time password via email.

    • Customize the Subject and Message as needed.

NotesNote: Use macros like ${OTP} to dynamically insert the one-time password into the message.

  1. Click Save to apply your 2FA settings.

Step 3: Verify the 2FA setup 

  1. Log out of ADManager Plus and log back in using a user account that has 2FA enabled.

  2. After entering the username and password, ADManager Plus will send an OTP email via the configured third-party email provider.

  3. Check the user’s inbox to confirm the OTP email was received.

  4. Enter the OTP on the login screen to complete authentication.

  5. If login is successful, it confirms that the 2FA setup is functioning correctly.

Tips 

  • Use app-specific passwords or OAuth tokens if your email provider restricts regular passwords for SMTP access (e.g., Gmail commonly enforces this).

  • Review your email provider’s policies on automated email limits to avoid throttling or delivery failures.

  • Ensure firewall rules allow outbound SMTP connections to the correct server and port used by your email provider.

  • Regularly check ADManager Plus logs and the sender account’s Sent folder to identify any potential delivery or configuration issues.

                  New to ADSelfService Plus?