Configure Bring Your Own SMTP

Last Updated: July 02, 2026

Configure your own Simple Mail Transfer Protocol (SMTP) server for Scan to Email in PrinterLogic so that scan traffic routes through your email infrastructure instead of Vasion's default SMTP service.

Requirements

Review the Requirements before configuring this feature.

Process Overview

You perform these high-level procedures:

  1. Configure Global SMTP Settings.
  2. Configure Authentication.
  3. Configure S/MIME Settings (Optional)
  4. Configure Exchange Online for OAuth 2.0 (Optional)
  5. Configure Service Client SMTP Settings (Optional)

1. Configure Global SMTP Settings

Follow these steps to configure your SMTP settings in Vasion:

  1. In the Admin Console, go to Tools then Settings then Scanning.
  2. Expand the Preset Scan Locations section.
  3. Select the Email tab.
  4. In the Outgoing Mail (SMTP) Settings section, select Use your own SMTP server.
  5. Select the Set Up SMTP button.

    Expanded Preset Scan Locations section, Email tab, Outgoing Mail SMTP Settings section, showing "Use your own SMTP" server selected.

  6. On the SMTP Settings page, enter the following details:
    1. "From" Address: Enter the email address that should appear as the sender.
    2. Server Host: Enter the fully qualified domain name (FQDN) of the SMTP server.
    3. Server Port: The default port is 587. Adjust as needed for your SMTP server.
    4. Security: Select from None, which is unencrypted; TLS; or STARTTLS.
  7. Adjust the attachment file size as needed. Up to 500 MB is supported.
  8. Select Next.

SMTP Settings page, showing information entered for address, host, port, security, and file size.

2. Configure Authentication

Follow the appropriate steps below to configure authentication to access your SMTP server.

Follow these steps to configure username and password authentication to your server or Google Workspace:

  1. From the Authentication Type dropdown menu, select the Username/Password option.
  2. In the Username field, enter the account name that your SMTP server uses for authentication.
  3. In the Password field, enter the password for the SMTP account.

    Authentication page, showing fields for Username/Password authentication.

  4. Select Save.
  5. On the Global Scan Settings page, ensure that the Status row in the Outgoing Mail (SMTP) Settings section is Active.

Follow these steps to configure OAuth 2.0 authentication for mail services using Microsoft Exchange.

  1. From the Authentication Type dropdown menu, select the OAuth 2.0: Exchange Online option.
  2. In the Username field, enter the account name that your SMTP server uses for authentication.

1. App Registration

In a separate browser tab, access your Entra ID (Azure AD) portal, and follow these steps:

  1. Expand the Entra ID option in the left-side navigation.
  2. Select App registrations.

    Entra ID this may take several minutes to complete. portal showing expanded Entra ID menu and "Enterprise apps" option.

  3. On the App Registrations page, select + New Registration in the upper-left.
  4. Do the following on the Register an application page:
    1. Enter a name for the app. This name is visible to end users.
    2. Leave Supported account types set to Accounts in this organizational directory only.
    3. Leave the Redirect URI (optional) section blank.
    4. Select Register.
  5. Do the following on the Overview tab:
    1. In the Essentials section, copy the Directory (tenant) ID, and paste it in the Admin Console Tenant Id field.
    2. Copy the Application (client) ID from the Essentials section, and paste it in the Admin Console Client Id field.
  6. In the Essentials section, select Add a certificate or secret next to Client credentials.
  7. Select + New client secret.
    1. Enter a description, and set the Expires field to the desired value.
    2. Select Add.
  8. Copy the Secret ID, and paste it in the Admin Console Client Secret field.
  9. Select Save in the Admin Console.

SMTP Settings page, showing fields for OAuth 2.0 authentication.

2. Application Programming Interface (API) Permissions

Follow these steps:

  1. In Entra ID select API permissions in the left-side navigation.
  2. Select Add a permission.

    Entra ID portal, API Permissions page, showing Add a Permission button.

  3. Select APIs my organization uses.
  4. Search for and select Office 365 Exchange Online or Outlook.
  5. Select Application permissions.
  6. Search for and select SMTP.SendAsApp.

    If the SMTP.SendAsApp option does not appear, add it to the manifest using the steps in the Troubleshooting Help section.

  7. Select Add Permissions.
  8. On the API Permissions page, select Grant admin consent for <tenant name>.
  9. In the modal, select Yes.

Entra ID portal showing "Request API permissions" dialog box.

3. Configure S/MIME Settings (Optional)

S/MIME adds another layer of security to your Scan to Email traffic through encryption. Review the S/MIME Email Encryption section for more information on these settings and paths. If you are not using S/MIME, these steps can be skipped and BYO SMTP will still function.

On the S/MIME tab, complete the following:

  1. To enable signing, select Sign enabled, then:
    1. Enter the Signing certificate path.
    2. Enter the Signing certificate password.
  2. To enable encryption, select Encryption enabled, then:
    1. Enter the Recipient certificates path.
  3. (Optional) Select Encryption at rest enabled.
  4. Enter the Trust store path.
  5. Adjust the CRL check enabled option as needed.
  6. Select Save.

S/MIME Settings tab, showing signing and encryption options.

4. Configure Exchange Online for OAuth 2.0 (Optional)

The following commands are for PowerShell and require the following information from the Overview page of the app registration that you created in the OAuth 2.0 section.

You need the following:

  • Application (client) ID.
  • Object ID.
  • Credentials to authenticate to the SMTP server.

Follow these steps:

  1. Install the Exchange Online PowerShell module, if it is not already installed.

    Copy Code
    # Install the module (if not already installed)
    Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber

    # Import the module
    Import-Module ExchangeOnlineManagement
  2. Connect to Exchange Online.

    Copy Code
    # Connect using your admin account
    Connect-ExchangeOnline -UserPrincipalName your-admin@yourdomain.com
  3. Turn on SMTP Authorization at the organization level.

    Copy Code
    # Check current setting
    Get-TransportConfig | Select-Object SmtpClientAuthenticationDisabled

    # Enable SMTP AUTH if disabled (SmtpClientAuthenticationDisabled should be False)
    Set-TransportConfig -SmtpClientAuthenticationDisabled $false
  4. Turn on SMTP Authorization for the mailbox.

    Copy Code
    # Replace with the email address you want to send from
    $mailbox = "sender@yourdomain.com"

    # Check current setting
    Get-CASMailbox -Identity $mailbox | Select-Object SmtpClientAuthenticationDisabled

    # Enable SMTP AUTH for the mailbox
    Set-CASMailbox -Identity $mailbox -SmtpClientAuthenticationDisabled $false
  5. Register the Service Principal in Exchange Online.

    Copy Code
    # Replace these values with your own
    $appId = "Application (client) ID"
    $servicePrincipalObjectId = "Object ID"
    $displayName = "SMTP OAuth App"

    # Register the service principal
    New-ServicePrincipal -AppId $appId -ServiceId $servicePrincipalObjectId -DisplayName $displayName

    # Verify registration
    Get-ServicePrincipal | Where-Object {$_.AppId -eq $appId}
  6. Grant Mailbox Permissions.

    Copy Code
    # Replace with your values
    $mailbox = "sender@yourdomain.com"
    $servicePrincipalObjectId = "Object ID"

    # Grant FullAccess permission (required for mailbox delivery)
    Add-MailboxPermission -Identity $mailbox -User $servicePrincipalObjectId -AccessRights FullAccess -InheritanceType All

    # Grant SendAs permission (required for SMTP submission)
    Add-RecipientPermission -Identity $mailbox -Trustee $servicePrincipalObjectId -AccessRights SendAs -Confirm:$false

    # Verify permissions
    Get-MailboxPermission -Identity $mailbox | Where-Object {$_.User -like "*$servicePrincipalObjectId*"}
    Get-RecipientPermission -Identity $mailbox | Where-Object {$_.Trustee -like "*$servicePrincipalObjectId*"}
  7. Wait for propagation, which takes about 5-15 minutes.

5. Configure Service Agent SMTP Settings (Optional)

In addition to the Global SMTP settings that you configured in the previous steps, you can configure Service Agent-specific SMTP settings to address remote sites that use a different mail server.

Follow these steps:

  1. In the Admin Console, select the Service Agent for the remote site.
  2. Select the Printer Apps tab.
  3. In the Outgoing Mail (SMTP) Settings section, select Use custom SMTP settings.

    Outgoing Mail SMTP Settings section, showing Use custom SMTP Settings option selected.

  4. Select the Set Up SMTP button.
  5. On the SMTP Settings page, enter the following details:
    1. "From" Address: Enter the email address that should appear as the sender.
    2. Server Host: Enter the fully qualified domain name (FQDN) of the SMTP server.
    3. Server Port: The default port is 587. Adjust as needed for your SMTP server.
    4. Security: Select from None, which is unencrypted; TLS; or STARTTLS.
    5. Adjust the attachment file size as needed. Up to 500 MB is supported.
  6. Select Next.
  7. Follow the steps starting in 2. Configure Authentication.

When printers managed by this Service Agent use the Scan to Email feature, the emails route through the SMTP server assigned on the Service Agent.

Troubleshooting Help