Microsoft is ending support for Basic Authentication in Exchange Online login protocols in April 2026, which will impact customers using custom SMTP configurations in NERM. Read Microsoft’s announcement here: https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750
If you are sending emails from your Non-Employee Risk Management tenant via custom SMTP option, and using Microsoft Exchange Online as your email platform, you will need to update your SMTP configuration before March 1, 2026. We recommend that you update your SMTP configuration in NERM to the default SMTP settings, allowing SailPoint to send emails on your organization’s behalf.
Q: What exactly is changing?
NERM will not be deprecating custom SMTP configuration entirely. The custom SMTP configuration, found in the NERM Admin UI under Admin → System → SMTP, will continue to be available, supporting Basic Authentication.
Q: Will NERM be supporting OAuth 2.0 login protocols with custom SMTP servers?
No, SailPoint Non-Employee Risk Management will not be supporting OAuth 2.0 login protocols for custom SMTP servers. SailPoint’s email delivery service is a more secure, consistent method for email delivery.
Q: When will this change happen?
For affected customers, the deadline for switching to SailPoint’s built-in email delivery service (AWS Simple Email Service) within Non-Employee Risk Management is March 1, 2026.
Q: What actions do customers need to take?
-
Customers already using NERM-managed email delivery: No action is needed.
-
Customers currently using a custom SMTP configuration with an email provider who supports Basic Authentication: No action is needed at this time.
-
Customers currently using custom SMTP configuration with Microsoft Exchange Online: You must switch to SailPoint’s built-in email delivery service, as Microsoft will fully end support for Basic Authentication in April 2026.
Possible configuration settings:
-
No - “From:” address is noreply@nonemployee.com, with mail sent via NERM’s delivery service.
-
Yes - configure using an email service, other than Microsoft Exchange Online.
Q: What “From:” address will be used when “Use my own SMTP” is set to “No”?
Q: Can I maintain my custom “From:” address when using SailPoint’s email delivery service?
Yes, though this will need to be coordinated with SailPoint Support ahead of the March 1, 2026 deadline, to ensure email security (DMARC, DKIM, SPF) all are properly configured for your chosen address. When configured, “Use my own SMTP” will be set to “Yes”, and the configuration will use NERM’s email delivery service.
Q: Do I need to open a Support ticket to accomplish the above?
Support will reach out to impacted customers (those using Microsoft Exchange online as their custom SMTP server) to initiate this transition.
Q: If I have a custom “From:” address already set up in Identity Security Cloud, do I have to do anything?
Yes. Identity Security Cloud email configuration is similar, but distinct from NERM email configuration. You may use the same “From:” address in both if you wish, and must configure each separately.