By setting up a custom email domain, Sana notification emails will be sent from your company's email address instead of from Sana. This makes the notification emails look more professional and consistent with your brand, making them instantly recognizable to your recipients. This article will show you how to set it up if Microsoft is your email provider.
What are the benefits?
By using your domain and SMTP server, you can ensure compliance with legal and industry regulations related to email sending, such as GDPR and CAN-SPAM Act. Emails sent from your domain also enhances brand consistency and recognition.
How to Configure SMTP settings for Microsoft
โ ๏ธ This process is a bit involved, which means that we'll need to perform the changes in real-time to avoid any down-time with email notifications. Kindly coordinate this request with your Engagement Manager. You must have administrative privileges in your Entra portal to perform the changes below.
Step 1: Provide the credentials and details
You will need to first provide us with your tenant ID along with the email that you would like to use. You can view your tenant ID by going to your Entra Portal > Identity > Overview. Once you have provided the credentials to us, you will now see a new option in the Sana platform when you go to Settings > Notifications called Authorize.
Step 2: Obtaining admin consent
Click on the Authorize button in the Notifications section and you should be redirected to the the consent screen for the Sana Entra app, used to send emails from Exchange Online:
Once you authorize, you will get an error message along with a redirect URI. Kindly provide us the redirect URI link that's missing as this will need to be added from our Microsoft application page.
Step 3: Grant access to the Exchange Online mailbox
After giving admin consent, you can now navigate to the Entra Portal. Under Identity > Applications > Enterprise Applications, find the Sana Exchange Oauth application (Application ID: 44de40b6-4ac2-42f1-a9da-f26d811f9e23).
Once a tenant admin consents your Microsoft Entra application, they must register your Entra AD application's service principal in Exchange via Exchange Online
To use the New-ServicePrincipal cmdlet, install ExchangeOnlineManagement and connect to your tenant as shown in the following snippet:
Install-Module -Name ExchangeOnlineManagement -allowprerelease Import-module ExchangeOnlineManagement Connect-ExchangeOnline -Organization <tenantId>
Registration of an Microsoft Entra application's service principal in Exchange is shown in the following example:
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]
The tenant admin can find the service principal identifiers referenced above in your Entra AD application's enterprise application instance on the tenant. You can find the list of the enterprise application instances on the tenant in the Enterprise applications blade in the Microsoft Entra view in Azure Portal.
Get-ServicePrincipal | fl
The following example shows how to give your application's service principal access to one mailbox:
Add-MailboxPermission -Identity "[email protected]" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
Different IDs are used during creation of the Exchange service principal and also later when granting mailbox permissions. The following example may help you to use the correct ID for the different stages. This example uses Microsoft Entra cmdlets; so, you'll need to install the Microsoft Entra PowerShell module, if you haven't already. For more information, see Install Microsoft Entra PowerShell for Graph.
Your Microsoft Entra application can now access the allowed mailboxes via the SMTP, POP, or IMAP protocols using the OAuth 2.0 client credentials grant flow. For more information, see the instructions in Permissions and consent in the Microsoft identity platform.
Well done! ๐ Kindly test by sending an email from your Sana learning platform and confirm if you can receive it through the SMTP username correctly.
Appendix: Example Exchange Online Powershell steps
Required permissions for CmdLets
Bad example output:
New-ServicePrincipal: The term 'New-ServicePrincipal' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.