Setting Up a Mail Server for Notifications

Before Enterprise Manager can send email notifications, you must first specify the Outgoing Mail (SMTP) servers to be used by the notification system. Once set, you can then define email notifications for yourself or, if you have Super Administrator privileges, you can also define notifications for other Enterprise Manager administrators.

You specify the Outgoing Mail (SMTP) server on the Notification Methods page. To display the Notification Methods page, from the Setup menu, select Notifications, then select Mail Servers.

Starting with Oracle Enterprise Manager 24ai Release 1 Update 10 (24.1.0.10), Enterprise Manager supports OAuth 2.0 authentication for email notifications through Microsoft Exchange Online. To use this feature, you must have a Microsoft Exchange Online license and register Enterprise Manager as an application in Microsoft Entra ID with the appropriate privileges. OAuth 2.0 is supported only for Microsoft Exchange Online. On-premises Exchange servers are not supported.

Important: Use of Microsoft Exchange Online with OAuth 2.0 is not supported in Always-On Monitoring (AOM). If you plan to use AOM, do not configure Microsoft Exchange Online in your Enterprise Manager site until support for it is added in a future Enterprise Manager release.

Note:

You must have Super Administrator privileges in order to configure the Enterprise Manager notifications system. This includes:

• Setting up the SMTP server

• Defining notification methods

• Customizing notification email formats

This section covers the following:

• Configuring Sender Identity
• Configuring Mail to Use an SMTP Server with Password Authentication
• Configuring Mail to Use Microsoft Exchange Online Using OAuth 2.0
• Setting the Enterprise Manager Console URL when Using an SLB

Configuring Sender Identity

In the Sender Identity section, click Edit, and specify the following:

• Identify Sender As: The name you want to appear as the sender of email notifications from Enterprise Manager.
• Sender's Email Address: The email address that will be used to send email notifications. This email address must be a valid address on each mail server that you specify. A message will be sent to this email address if any problem is encountered during the sending of an email notification. If you are configuring Microsoft Exchange Online as your mail (SMTP) server, specify the email address of the mailbox that is added for sending emails, as described in step 1 d of Configuring Mail to Use Microsoft Exchange Online Using OAuth 2.0.

Note:

The email address you specify on this page is not the email address to which the notification is sent. You will have to specify the email address (where notifications will be sent) on the Enterprise Manager Password & Email page. To access this page, open the menu under your user name in the console and select Enterprise Manager Password & Email.

As a best practice, each user should have their own email address.

Configuring Mail to Use an SMTP Server with Password Authentication

In the Outgoing Mail (SMTP) Servers section, click Setup, and then select Outgoing Mail Server - Password Auth.

The Outgoing Mail (SMTP) Server dialog appears, where you can specify the following details for connecting to the SMTP server:

• Host: Host of the SMTP server.
• Port: Port used to connect to the SMTP server.
• User Name: User name used to authenticate with the SMTP server.
• Password and Confirm Password: Password associated with the user.
• Use Secure Connection: Indication if TLS or SSL/TLS will be used.

After configuring the mail server, click Test Mail Servers to verify your email setup. You should verify that an email message was received by the email account specified in the Sender's Email Address field. For information about this field, see Configuring Sender Identity.

Example Mail Server Settings with Password Authentication

• Host - smtp01.example.com
• Port - 25
• User Name - myadmin
• Password - ******
• Confirm Password - ******
• Use Secure Connection - No

Defining multiple mail servers will improve the reliability of email notification delivery. Email notifications will be delivered if at least one mail server is up. The notification load is balanced across multiple mail servers by the OMS, which switches through them (servers are allocated according to availability) after 20 emails have been sent. Switching is controlled by the oracle.sysman.core.notification.emails_per_connection emoms property.

Configuring Mail to Use Microsoft Exchange Online Using OAuth 2.0

If you use Microsoft Exchange Online for email notifications and want to configure Enterprise Manager to communicate with it using OAuth 2.0, follow the steps below:

1. Configure Enterprise Manager as an application in Microsoft Entra ID:
   1. Register Enterprise Manager as an application in Microsoft Entra ID. This step provides the Directory (Tenant) ID and Application (Client) ID required for the email configuration in Enterprise Manager.

      For information, see the Register an application in Microsoft Entra ID section in Microsoft documentation.

   2. Create a new client secret for the Enterprise Manager application registration. This step provides the Client Secret value required for email configuration in Enterprise Manager.

      Note:

      Important: As soon as you create the Client Secret, copy and save the Client Secret value in a safe place because it will not be displayed again after you leave the page.

      For information, see the Add and manage application credentials in Microsoft Entra ID section in Microsoft documentation.

      Note:

      Important: Microsoft client secrets have expiration dates. To prevent interruptions to Enterprise Manager email notifications, monitor the expiration date of your client secret and create a new one before it expires. Then update the client secret in your Enterprise Manager mail server configuration. For information about receiving client secret expiration notifications, see the How can I automate the certificates expiration notifications? section in Microsoft documentation.
   3. Register your application's service principal in Exchange.

      This step requires running PowerShell commands using a user account with the Exchange Administrator role or Global Administrator role. The PowerShell command requires the Application (Client) ID and Object ID associated with the Enterprise Manager application.

      • The Application (Client) ID is the same ID generated in step 1 a.
      • To obtain the Object ID, in Microsoft Entra ID, go to Enterprise applications, not App registrations. Copy the Object ID from the Properties section of the application that you created for Enterprise Manager.

      In a PowerShell window, connect to Microsoft Exchange Online and create a new service principal for your application.

      Sample Commands

      Connect-ExchangeOnline
      New-ServicePrincipal -AppId <your application/client ID> -ObjectId <your object ID>

      For information, see the New-ServicePrincipal section in Microsoft documentation.

   4. Add the mailbox for sending emails.

      In the same PowerShell window, add the mailbox that will be used to send emails.

      Sample Command

      Add-MailboxPermission -Identity "<email address>" -User <your objectID> -AccessRights FullAccess
      

      For information, see the Add-MailboxPermission section in Microsoft documentation.

2. Configure Microsoft Exchange Online as an SMTP server in Enterprise Manager.

   In the Outgoing Mail (SMTP) Servers section, click Setup, and then select Microsoft Exchange Server - OAuth2 Auth.

   The Microsoft Exchange Server - OAuth2 dialog appears, where you can specify the following details for connecting to Microsoft Exchange Online using OAuth 2.0:

   • Host: Microsoft Exchange Online SMTP server.
   • Port: Port used to connect to the SMTP server.
   • Microsoft ID (User Name): Microsoft Entra ID user account used to register Enterprise Manager as an application.
   • Directory (Tenant) ID: Microsoft Entra ID tenant where Enterprise Manager is registered.
   • Application (Client) ID: Application (Client) ID assigned to the Enterprise Manager app registration.
   • Client Secret: Secret generated for the Enterprise Manager app registration.
   • Use Secure Connection: Indication if TLS or SSL/TLS will be used to connect to Microsoft Exchange Online.

Example Mail Server Settings with Microsoft Exchange Online Using OAuth 2.0

• Host - smtp.office365.com
• Port - 587
• Microsoft ID (User Name) - myadmin@example.com
• Directory (Tenant) ID - <Tenant_ID>
• Application (Client) ID - <Client_ID>
• Client Secret - ******
• Use Secure Connection - TLS, if available

Setting the Enterprise Manager Console URL when Using an SLB

If you have a multi-OMS environment with a Server Load Balancer (SLB) configured for the OMS instances, you should update the console URL to ensure that any emails from Enterprise Manager direct you to the Enterprise Manager console through the SLB URL and not the specific OMS URL from which the email may have originated.

To change the console URL:

1. From the Setup menu, select Manage the Manager, and then Health Overview. The Management Services and Repository page displays.
2. On the Management Services and Repository page, in the Overview section, click Add or Edit against the Console URL label.
   
   

   

   
   

   The Console URL page displays.

   
   

   

   
   
3. Modify the Console URL to the SLB URL.

   Examples:

   http://www.example.com

   https://www.example.com:4443

   Note that path, typically /em, should not be specified.

4. Click OK.