Settings

Configuring email

VerifyWise supports multiple email service providers through a provider abstraction layer, enabling administrators to choose the most suitable email service for their organization. The system includes security enhancements such as TLS enforcement, input validation, and credential rotation for supported providers.

The email service includes:

• Provider Abstraction: Factory pattern supporting 5 email providers

• Security Features: TLS 1.2 enforcement, input validation, path traversal protection

• Credential Management: Automatic rotation for AWS SES

• Connection Management: Connection pooling and timeout configurations

• Validation Engine: Enhanced email address validation with security checks

Quick start

All email configurations require these core environment variables:

EMAIL_PROVIDER=smtp                 # Choose: resend, smtp, exchange-online, exchange-onprem, amazon-ses
EMAIL_ID=[email protected]    # Must match verified domain in provider

Example setup

Here is an example setup for Resend.

EMAIL_PROVIDER=resend
EMAIL_ID=[email protected]
RESEND_API_KEY=re_your_development_api_key

Supported Email Providers

Provider configurations

1. Resend (Recommended for development)

This setup is best for development, testing, small to medium deployments

Setup Process:

1. Sign up at resend.com

2. Add and verify your domain

3. Generate API key in dashboard

4. Test with a simple email send

2. Exchange Online (Office 365)

Setup Process:

1. Create dedicated service account in Microsoft 365 admin center

2. Enable modern authentication for the account

3. Generate app password (this is not a regular password)

4. Assign Exchange sending permissions

5. Configure environment variables

App Password Generation:

1. Go to Microsoft 365 admin center

2. Navigate to Users → Active users → Select service account

3. Security info → Add method → App password

4. Use generated password (not account password)

3. On-Premises Exchange Server

Setup Process:

1. Create service account in Active Directory

2. Grant "Send As" permissions in Exchange

3. Configure Exchange to allow SMTP authentication

4. Set up TLS certificates (recommended for production)

5. Configure firewall rules for SMTP traffic

4. Amazon SES

Setup Process:

1. Create AWS account and enable SES in chosen region

2. Verify sending domain in SES console

3. Request production access (removes sandbox limitations)

4. Create IAM user with SES permissions

5. Generate access keys for service account

Required IAM Permissions:

Credential Rotation: AWS SES provider supports automatic credential refresh every hour (configurable)

5. Generic SMTP

Common Provider Settings:

Gmail Setup Example:

1. Enable 2-factor authentication on Gmail account

2. Generate app password (Security → App passwords)

3. Use app password in SMTP_PASS (not account password)

Security Features

Implemented Security Enhancements

The email service includes several security features:

1. TLS Enforcement

• Minimum TLS 1.2 enforced across all providers

• Strong cipher suites: HIGH:!aNULL:!MD5:!3DES

• Certificate validation in production environments

2. Input Validation & Sanitization

Enhanced email validation prevents common attacks:

3. Path Traversal Protection

For on-premises Exchange with custom certificates:

• Directory restrictions: Only allows files in specified directory

• File extension validation: Only .pem, .crt, .cer allowed

• Content validation: Verifies certificate format

• Path resolution: Prevents ../ traversal attacks

4. Credential Management

• AWS SES: Automatic credential rotation with configurable intervals

• Environment-based: No hardcoded credentials in code

• Validation: Startup configuration validation

5. Connection Security

• Connection pooling: Efficient connection reuse (SMTP providers)

• Timeout configurations: Prevents hanging connections

• Retry logic: Built-in retry with exponential backoff

• Rate limiting: Basic protection against abuse

Production Security Checklist

• Use TLS encryption: Enable SECURE=true for production SMTP

• App passwords: Use app passwords, not account passwords

• Dedicated accounts: Create service-specific email accounts

• Minimal permissions: Grant only necessary sending permissions

• Environment variables: Store all credentials in env vars

• Domain verification: Verify sending domains with providers

• Certificate validation: Use proper certificates for on-premises setups

Testing Email Configuration

Test your configuration with the built-in validation:

Example Migration: Resend to AWS SES

Slack Integration

Overview

VerifyWise integrates with Slack workspaces to deliver real-time notifications and alerts directly to your team's channels. The integration supports multiple workspaces, configurable notification routing, and both manual and scheduled notifications.

Our Slack integration uses OAuth 2.0 for secure, scoped access, then routes five notification types to the right channels with full multi-channel support. You get real-time alerts for system events, plus scheduled daily reminders powered by a job queue. It automatically detects and handles invalid or archived channels, and keeps everything locked down with encrypted credential storage and TLS.

Quick start

Prerequisites

Before setting up Slack integration, ensure you have:

1. Slack Workspace: Admin access to create and configure apps

2. VerifyWise Account: User account with appropriate permissions

3. Environment Variables: Required configuration in .env

Basic setup

Configure environment variables: Add these to Servers/.env

And then add these to Clients/.env

Now, create Slack App at https://api.slack.com/apps, configure OAuth scopes (detailed below) and add to workspace from VerifyWise settings.

Quick integration steps

1. Navigate to Settings → Slack in VerifyWise

2. Click "Add to Slack" button

3. Select your workspace and authorize the app

4. Choose a channel for notifications

5. Configure notification routing (optional)

6. Send a test message to verify connectivity

Features

Supported notification types

VerifyWise routes five types of notifications to Slack channels:

Channel configuration

• Multiple Channels: Connect multiple Slack channels from different workspaces

• Flexible Routing: Send different notification types to different channels

• Multi-Channel Routing: Route a single notification type to multiple channels

• Channel Verification: Test connectivity with "Send Test" button

• Auto-Deactivation: Automatically disable webhooks for archived/deleted channels

Scheduled notifications

VerifyWise sends automated notifications based on configured schedules:

• Policy Due Soon Reminders: Daily at 9:00 AM UTC

• Compliance Status Updates: Based on policy review dates

• Background Processing: Queue-based system ensures reliable delivery

User guide

Adding a Slack integration

Step 1: Navigate to Settings

• Go to Settings in VerifyWise

• Click on Slack tab

Step 2: Authorize workspace

• Click the "Add to Slack" button

• Select your Slack workspace from the dropdown

• Choose the channel where notifications will be sent

• Click "Allow" to authorize VerifyWise

Step 3: Verify integration

• Integration appears in the table with:

  • Team name (workspace)

  • Channel name

  • Creation date

  • Active status

• Click "Send Test" to verify connectivity

Step 4: Configure notification routing (optional)

• Click "Configure" button

• For each notification type, select destination channel(s)

• Click "Send Test" to verify routing

• Click "Save Changes"

Notes:

• A notification type can route to multiple channels

• A channel can receive multiple notification types

• Leaving a notification type empty means no routing for that type

• Changes take effect immediately

Managing integrations

View all integrations

• Table displays all connected workspaces and channels

• Columns: Team Name, Channel, Creation Date, Active status, Actions

Deactivate integration

• Integrations automatically deactivate if:

  • Channel is archived in Slack, is deleted or the bot is removed from channel

  • Status changes to "No" in Active column

  • No notifications sent to inactive integrations

Remove integration

• Currently requires manual deletion from workspace

• Contact system administrator

Slack app setup

Creating a Slack app

1. Go to https://api.slack.com/apps

2. Click "Create New App"

3. Choose "From scratch"

4. Enter app name: VerifyWise (or your preferred name)

5. Select workspace: Choose development workspace

6. Click "Create App"

Configuring OAuth & permissions

Step 1: Add redirect URLs

1. Navigate to OAuth & Permissions

2. Scroll to Redirect URLs

3. Add development URL: http://localhost:3000/setting/?activeTab=slack

4. Add production URL: https://your-domain.com/setting/?activeTab=slack

5. Click "Save URLs"

Step 2: Configure bot token scopes

1. Scroll to Scopes section

2. Under Bot Token Scopes, click "Add an OAuth Scope"

3. Add these scopes:

   • channels:read

   • channels:manage

   • chat:write

   • chat:write.public

   • groups:write

   • groups:read

   • im:read

   • mpim:read

Step 3: Configure user token scopes

1. Under User Token Scopes, click "Add an OAuth Scope"

2. Add these scopes:

   • channels:read

   • channels:write.invites

   • groups:read

   • groups:write.invites

   • channels:write

   • chat:write

   • im:read

   • mpim:read

Installing to workspace

1. Navigate to Install App in left sidebar

2. Click "Install to Workspace"

3. Review permissions and click "Allow"

4. Copy Bot User OAuth Token (starts with xoxb-)

5. Copy Signing Secret from Basic Information

Retrieving credentials

Client ID & Secret:

1. Navigate to Basic Information

2. Scroll to App Credentials

3. Copy Client ID → Add to SLACK_CLIENT_ID

4. Click Show next to Client Secret → Copy → Add to SLACK_CLIENT_SECRET

OAuth URLs:

• Authorization URL: https://slack.com/oauth/v2/authorize → SLACK_URL

• Token URL: https://slack.com/api/oauth.v2.access → SLACK_API_URL

Enabling incoming webhooks

1. Navigate to Incoming Webhooks

2. Toggle Activate Incoming Webhooks to On

3. This allows VerifyWise to send formatted messages

Enabling bots

1. Navigate to App Home

2. Under Your App's Presence in Slack:

   • Display Name: VerifyWise (or your preference)

   • Default Username: @verifywise

3. Enable Always Show My Bot as Online

Environment configuration

Required environment variables

Development vs production

Development:

Production:

Note: Use separate Slack apps for development and production environments, if required.