As a tie-in to our previous blog post Secret Server and Secure LDAP, SMTP Authentication was another important feature released in Secret Server version 7.8.000036. SMTP Authentication was implemented as a direct result of customer requests. Many of our clients work in environments that require secure messaging. In this release and beyond, Secret Server now has the ability to authenticate to an SMTP server, use SSL, and even specify a custom port.
Some background: Notifications sent via email from Secret Server can contain sensitive information (but never passwords, of course.) The most common risks include spam, false or fraudulent claims, personal threats, social engineering risks (phishing, imposters, etc.), or even virus & malware propagation. While this solution does not offer protection against compromised accounts, it does severely limit the risks associated with running SMTP servers. In response, many organizations require SMTP authentication and SSL connections to their internal servers (as well as other requirements beyond the scope of Secret Server.)
We recommend using SMTP Authentication and SSL if possible. Enable SMTP Authentication is a short and simple process. You can access these settings in Secret Server with the following clicks:
Administration -> Configuration -> Email (see below)
As with any blog post, Secret Server, or general Thycotic Software question, please comment below or find support information here: http://www.thycotic.com/products_secretserver_support.html.