Use your own email provider

You can use an external email provider to send email notifications from Okta. By default, email notifications like the welcome or account recovery emails are sent through an Okta-managed SMTP server. You can configure a third-party email provider in Okta and then send these emails through it.

Adding a custom email provider lets you satisfy business and regulatory requirements:

  • Fulfill data residency requirements by choosing an email provider that stores data in a certain geographical location.
  • Control the IP addresses used for your emails.
  • Get detailed metrics and insights into the emails that you send, like email delivery and usage status.

Okta makes multiple attempts to deliver messages through the provider. If the first attempt fails, Okta queues the message and reattempts the delivery later. If the second attempt fails, the message is requeued with longer delays. When the maximum limit for retries is exceed, a FAILURE delivery event is recorded in the System Log. In these cases, the message delivery doesn't fall back to the Okta default email service. If the delivery is successful, a SUCCESS delivery event is recorded in the System Log.

Before you begin

  • Set up your external email provider.

  • Gather the following details of your provider's SMTP server:
    • Host: Hostname or IP address of your SMTP server. For example, your.smtp.host.com.
    • Port: Port used by your SMTP server. This must be a number. For example, 465.
    • SMTP username: Your SMTP username.
    • SMTP password: Your SMTP password or Google app password if Google Workspace is your external email provider.

Add a custom email provider (non-Google Workspace)

Add a custom email provider (non-Google Workspace) to your Okta org. You can only add one external SMTP provider. To use Google Workspace as your external provider, see Add Google Workspace as a custom email provider.

  1. In the Admin Console, go to CustomizationsEmail provider.
  2. Click Add custom email provider.
  3. Enter the details of your SMTP: Host, Port, SMTP username, and SMTP password.
  4. Click Save. The new provider is added.
  5. Send a test email to ensure that it works correctly.
  6. Toggle on Use custom email provider.

Add Google Workspace as a custom email provider

Google doesn't allow basic authentication (username and password) to access its services from external products, like Okta and others. Instead, you generate an app password in Google Workspace, which is a kind of OAuth token, and then use that token as the SMTP password in Okta. To use other email providers (non-Google Workspace), see Add a custom email provider (non-Google Workspace).

  1. Create an app password in Google Workspace. See Google's support article Create & use app passwords.
  2. Copy the app password and store it in a secure location.
  3. In the Okta Admin Console, go to CustomizationsEmail provider.
  4. Click Add custom email provider.
  5. Enter the details of your SMTP: Host, Port, SMTP username.
  6. Paste the app password in the SMTP password field.
  7. Click Save.
  8. Send a test email to ensure that it works correctly.
  9. Toggle on Use custom email provider.

See Google's support article Transition from less secure apps to OAuth.

Send a test email

Send a test email to confirm that your email provider has been configured correctly.

  1. In the Admin Console, go to CustomizationsEmail provider.
  2. Click Send test email under the SMTP server.
  3. Enter the From address. Use a valid, working email address. The SMTP server verifies it as part of this test.
  4. Enter the To address. This is the address where you're sending the test email. Ensure that you have access to this email address in an email client.
  5. Click Send test email.
  6. A notification appears when the email is sent.
  7. In an email client, access the To address and verify that the test email arrived.

Add a custom email domain to a brand

Add the custom email domain to each of your brands.

  1. In the Admin Console, go to Brands.
  2. Click the brand where you want to add the custom email domain.
  3. Go to BrandDomainsEmail domain.
  4. Click Add email domain next to the default okta.com domain.
  5. Add the email address and name of the email sender. Your users see this information in their inbox.
  6. Click Next.
  7. Configure an email provider if you haven't already. See Add a custom email provider (non-Google Workspace) or Add Google Workspace as a custom email provider.
  8. Click Verify. The email provider is added to the brand and appears in the list under DomainsEmail domain.
  9. Repeat for each brand.

Remove a custom email provider

Remove the custom email provider for your org. If you remove the provider, it's no longer used by any brands in the org. Emails are then sent from the default okta.com email provider.

  1. In the Admin Console, go to CustomizationsEmail provider.
  2. Click the Delete icon next to the email provider. The Remove email provider page appears.
  3. Click Remove email provider.

Edit a custom email provider

  1. In the Admin Console, go to CustomizationsEmail provider.
  2. Click the Edit icon next to the email provider. The Edit custom email provider page appears.
  3. Edit the email provider information.
  4. Click Save.

Related topics

Branding

Configure a custom domain