Set up Alert Emailing

When an alert is triggered, its details can be emailed. If multiple records are returned from the alert query, the alerts are sent to the configured users in a single email.

After saving the email settings, MineMarket encrypts and masks passwords (for EWS/SMTP) or the client secret (for OAuth) for confidentiality. See Configure the MineMarket Service.

Note: Alerts must be licensed to run.

Important for OAuth authentication: There are two ways to use OAuth authentication:

  1. Interactive authentication, which requires knowledge of individual account passwords
  2. Confidential authentication, which requires a client secret or a certificate

Only Microsoft email accounts that have been added to an Azure Active Directory on the domain that has access to the Azure OAuth application can be authenticated with OAuth. Authenticated accounts can be used as the From address for any alert email group, or for email notifications. See Configure Email Notifications.

For information about OAuth and registering your client application, see https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols and https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app (mobile and desktop applications). If you want to restrict the accounts that can use interactive authentication, see https://learn.microsoft.com/en-us/entra/identity-platform/howto-restrict-your-app-to-a-set-of-users. Datamine highly recommends that if you are using confidential authentication, that you set up the enterprise application in Azure Entra with a mail-enabled security group (see https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-mail-enabled-security-groups), and then limit the application to that group (see https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access).

The minimum API permission for use with MineMarket is Mail.Send. In order to list and validate accounts assigned to the enterprise application for confidential authentication, the Group.Read.All, and User.ReadAll API permissions are also required.

An alternative to using a client secret is to use the Subject value of a stored certificate. You can find this value in the Details tab of the Windows Certificate screen. The certificate must be located in the current user's certificate store and the public certificate must be uploaded to the Azure application registration for use.

Security Note: You need the Allow alert maintenance security right in the Alerts user group security rights group for this activity. For Azure OAuth configuration, you need the Allow the user to maintain OAuth accounts security right in the Options user group security rights group.

Activity Steps

  1. Open the Alert Editor.
  2. Select the Email Settings tab.
  3. Right-click in the Alert Email Groups field group and select Add from the menu.
  4. Triple-click the Email Group to edit the email group name.
  5. Select the Authentication Method from EWS Or SMTP and OAuth.

    Note: This field is read-only after making a selection. If you need to change the authentication method, set up a new alert email group.

  6. If the Authentication Method is EWS Or SMTP:
    1. Select whether to make Email Enabled.
    2. Select the Adaptor.
    3. If the Adaptor is Exchange Web Services:
      1. Complete the following fields.
        • Exchange Version
        • Exchange URL—Leave blank to use automatic discovery.
        • Use Default Credentials—Checked if the current AD account is associated with the required exchange account. The end user’s account may differ from the MineMarket Service’s account.
        • Username—Email address of the user account from which mails are sent.
      2. If Use Default Credentials is unchecked, enter the Password.
    4. If the Adaptor is SMTP Client:
      1. Complete the following fields.
        • Hostname—The name or Internet Protocol (IP) address of the host on which the mail server resides.
        • Port Number—To use the default SMTP port, enter 0 (zero).
        • Enable SSL/TLS—If checked, either SSL or TLS can be used.
        • Use Default Credentials
      2. If Use Default Credentials is unchecked, enter the Username and Password.

        Note: If using Gmail as the email client, the following configuration is recommended:

        • Use the hostnames smtp.gmail.com and imap.gmail.com as applicable.
        • Use the ports 587 (TLS) for SMTP and 993 for IMAP as applicable. Confirm that these ports are accessible (for example, by installing Telnet and running the command Telnet [hostname] [port number]).
        • Check Enable SSL/TLS.
        • Set up an app password on the Google account.
        • For IMAP, ensure IMAP access is enabled on the Google account.
    5. Complete the following fields.
      • Email To—Multiple addresses can be entered on separate lines or separated with commas.
      • From—This is a deprecated field. An email address must be entered; however, the sender's address is determined from the Account or Username.
    6. To test the email settings, click Test Email.

      A message displays the results of the test.

      Important: If an error message about a stored server name displays, see Configure the MMServerName to Enable Emailing.

  7. If the Authentication Method is OAuth:
    1. Click Azure OAuth Configuration.

      The Azure OAuth Configuration screen displays.

    2. Update the following fields as required:
      • Application Name—Default: MineMarketOAuthConfig. Configure additional applications only if you need to send or poll email from addresses on different domains.
      • Endpoint—Default: https://login.microsoftonline.com/{0}/oauth2/nativeclient.
      • Tenant—The tenant name is used as the {0} variable value in the Endpoint.
      • Client Application ID
      • Client Secret—Enter either the client secret or the value of the Subject of the certificate. Only applicable for confidential authentication.
    3. If you are using interactive authentication:
      1. Right-click in the Accounts table and select Add Account from the menu.

        An authentication dialog box displays.

      2. Follow the prompts to enter credentials for the account.

        MineMarket uses Azure AD OAuth 2.0 to request an access token so that MineMarket can send emails on behalf of the Authorised Account.

        The authentication result displays in the Status.

    4. If you are using confidential authentication:
      1. Right-click in the Accounts table and select Add Account from the menu.
      2. Select the Authorised Account from the accounts that have been assigned to the enterprise application.

        MineMarket uses Azure AD OAuth 2.0 to request an access token so that MineMarket can send emails on behalf of the Authorised Account.

        The authentication result displays in the Status.

        Note: An alternative is to enter the full email address of the user as the Authorised Account.

    5. Update the account Display Name if required.
    6. To change or clear the email account used for a listed Purpose, select the Client Name.
    7. To reauthenticate (or replace) an account, right-click the account name and select Reauthenticate from the menu and follow the prompts as required.

      Note: Accounts that need to be reauthenticated are highlighted. For interactive authentication, at the prompt to select the Microsoft account, if you select a different account, that account replaces the previous account. Any previously assigned purposes are assigned to the reauthenticated or new account. An account can only exist once in the Accounts table.

    8. To sign out of an account, right-click the account name and select Sign Out from the menu.

      Note: You can only sign out of an account if it is not currently assigned to any purpose.

    9. Click Save to save settings and close the Azure OAuth Configuration screen.
    10. Select whether to make Email Enabled.
    11. Select the email Priority from Normal, Low or High.
    12. Select the email address From which emails are sent. Select from addresses authenticated via the Azure OAuth Configuration screen.
    13. Enter the email addresses To which emails are sent. Enter multiple addresses on separate lines or separated with commas.

      Note: This field is only used for warehouse notifications. Recipient addresses are included in configuration for each Report Schedule, Billboard Schedule and Hedge Revaluation Stream.

    14. Enter a Test Subject and Test Content.
    15. Click Test Email.

      Important: If an error message about a stored server name displays, see Configure the MMServerName to Enable Emailing.

  8. Click Save.