Amazon SES configuration for an external SMTP provider with Auth0
Many organizations are using an external identity provider to manage user identities. With an identity provider (IdP), customers can manage their user identities outside of AWS and give these external user identities permissions to use AWS resources in customer AWS accounts. The most common requirement when setting up an external identity provider is sending outgoing emails, such as verification e-mails using a link or code, welcome e-mails, MFA enrollment, password changes and blocked account e-mails. This said, most external identity providers’ existing e-mail infrastructure is limited to testing e-mails only and customers need to set up an external SMTP provider for outgoing e-mails.
Managing and running e-mail servers on-premises or deploying an EC2 instance dedicated to run a SMTP server is costly and complex. Customers have to manage operational issues such as hardware, software installation, configuration, patching, and backups.
In this blog post, we will provide step-by-step guidance showing how you can set up Amazon SES as an external SMTP provider with Auth0 to take advantage of Amazon SES capabilities like sending email securely, globally, and at scale.
Amazon Simple Email Service (SES) is a cost-effective, flexible, and scalable email service that enables developers to send email from within any application. You can configure Amazon SES quickly to support several email use cases, including transactional, marketing, or mass email communications.
Auth0 is an identity provider that provides flexible, drop-in solution to add authentication and authorization services (Identity as a Service, or IDaaS) to customer applications. Auth0’s built-in email infrastructure should be used for testing emails only. Auth0 allows you to configure your own SMTP email provider so you can more completely manage, monitor, and troubleshoot your email communications.
Overview of solution
In this blog post, we’ll show you how to perform the below steps to complete the integration between Amazon SES and Auth0
- Amazon SES setup for sending emails with SMTP credentials and API credentials
- Auth0 setup to configure Amazon SES as an external SMTP provider
- Testing the Configuration
The following diagram shows the architecture of the solution.
- You must have an Auth0 account.
- To ensure that emails can be sent from Auth0 to your Amazon SES SMTP, open ports and allow inbound connections from specific IP addresses. To update the list of Ips and ports , navigate to Dashboard > Branding > Email Provider. See Add IP Addresses to Allow list for details.
Amazon SES Setup
As first step, you must configure a “Sandbox” account within Amazon SES and verify a sender email address for initial testing. Once all the setup steps are successful, you can convert this account into Production and the SES service will be accepting all emails and for more details on this topic, please see the Amazon SES documentation.
1. Log in to the Amazon SES console and choose the Verify a New Email Address button.
2. Once the verification is completed, the Verification Status will change to green under Verification Status
3. You need to create SMTP credentials which will be used by Auth0 for sending emails. To create the credentials, click on SMTP settings from left menu and press the Create My SMTP Credentials button.
Please note down the Server Name as it will be required during Auth0 setup.
4. Enter a meaningful username like autho-ses-user and click on Create bottom in the bottom-right page
5. You can see the SMTP username and password on the screen and also, you can download SMTP credentials into a csv file as shown below.
Please note the SMTP User name and SMTP Password as it will be required during Auth0 setup.
6. You need Access key ID and Secret access key of the SES IAM user autho-ses-user as created in step 3 for configuring Amazon SES with API credentials in Auth0.
- Navigate to the AWS IAM console and click on Users in left menu
- Double click on autho-ses-user IAM user and then, click on Security credentials
- Choose on Create access key button to create new Access key ID and Secret access key. You can see the Access key ID and Secret access key on the screen and also, you can download them into a csv file as shown below.
Please note down the Access key ID and Secret access key as it will be required during Auth0 setup.
To ensure that emails can be sent from Auth0 to your Amazon SES SMTP, you need to configure Amazon SES details into Auth0. There are two ways you can use Amazon SES credentials with Auth0, one with SMTP and the other with API credentials.
1. Navigate to auth0 Dashboard, Select Branding and then, Email Provider from left menu. Enable Use my own email provider button as shown below.
2. Let us start with Auth0 configuration with Amazon SES SMTP credentials.
- Click on SMTP Provider option as shown below
- Provide below SMTP Provider settings as shown below and then, click on Save button complete the setup.
- From: Your from email address.
- Host: Your Amazon SES Server name as created in step 2 of Amazon SES setup. For this example, it is email-smtp.us-west-1.amazonaws.com
- Port: 465
- User Name: Your Amazon SES SMTP user name as created in step 4 of Amazon SES setup.
- Password: Your Amazon SES SMTP password as created in step 4 of Amazon SES setup.
- Choose on Send test email button to test Auth0 configuration with Amazon SES SMTP credentials.
- You can look at Autho logs to validate your test as shown below.
- If you have configured it successfully, you should receive an email from auth0 as shown below.
3. Now, complete Auth0 configuration with Amazon SES API credentials.
- Click on Amazon SES as shown below
- Provide Amazon SES settings as shown below and then, click on Save button complete the setup.
- From: Your from email address.
- KeyKey Id: Your autho-ses-user IAM user’s Access key ID as created in step 5 of Amazon SES setup.
- Secret access key: Your autho-ses-user IAM user’s Secret access key as created in step 5 of Amazon SES setup.
- Region: For this example, choose us-west-1.
- Click on the Send test email button to test Auth0 configuration with Amazon SES API credentials.
- You can look at Auth0 logs and If you have configured successfully, you should receive an email from auth0 as illustrated in Auth0 configuration with Amazon SES SMTP credentials section.
In this blog post, we have demonstrated how to setup Amazon SES as an external SMTP email provider with Auth0 as Auth0’s built-in email infrastructure is limited for testing emails. We have also demonstrated how quickly and easily you can setup Amazon SES with SMTP credentials and API credentials. With this solution you can setup your own Amazon SES with Auth0 as an email provider. You can also get a JumpStart by checking the Amazon SES Developer guide, which provides guidance on Amazon SES that provides an easy, cost-effective way for you to send and receive email using your own email addresses and domains.