SPF(supported) (dedicated subdomain) DKIM(recommended)
This article covers the SPF and DKIM configuration process for Okta. Because this service leverages SendGrid's email infrastructure, it requires additions to your DNS records outside of the Valimail platform. Adding Okta as an authorized sender in the Valimail Enforce usually requires a dedicated subdomain to be pointed to the Okta infrastructure and typically the DKIM keys will be added in the Valimail platform.
TABLE OF CONTENTS
- Configuring DKIM authentication for your Okta emails
- Add an Okta DKIM key in Enforce
- Configuring SPF authentication for your Okta emails
Configuring DKIM authentication for your Okta emails
1. In the Admin Console, go to Customizations -> Emails. (If you enabled multibrand customization, go to Customizations -> Brands, and then select the brand you want. In the Domains tab -> Email section, click Add domain).
2. In the Email address field, enter the email address that you want to send the system notification emails from. This email address appears in the emails sent to your users.
3. In the Name of email sender field, enter the name of sender. This name appears as the sender in the emails sent to your users.
4. Click Continue.
5. Update your DNS records using the provided values.
Important: If you manage DKIM in Valimail, you will need to add the 2 CNAME DKIM keys (Those are s1 and s2 in the example below) in Valimail Enforce and then add the TXT and the first CNAME record to your DNS.
6. After you've updated your DNS records through your domain provider, click I've updated the DNS records. Okta begins polling your DNS records until it detects your updates (this may take up to 24 hours). Your configuration is pending until the DNS updates are detected.
Alternatively, you can click I will update the DNS records later. Your records aren't polled and your configuration is incomplete until you update the relevant DNS records and click I've updated the DNS records. You can view the list of records that require an update at any time.
7. Select a DNS update option:
- I've updated the DNS records — Okta begins polling your DNS records until it detects your updates (up to 24 hours). Your configuration is pending until the DNS updates are detected.
- I will update the DNS records later — Your records aren't polled. Your configuration is incomplete until you update the relevant DNS records and click I've updated the DNS records. You can update the records at any time.
You can also find the instructions on how to set up DKIM and SPF here.
Add an Okta DKIM key in Enforce
1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.
a. Scroll down and add the two DKIM keys in your configuration, by clicking on Add a DKIM key.
b. Enter the selector name, CNAME target value, associate the keys with Okta and then click Add.
You can find more detailed information on how to add a DKIM key in Valimail Enforce here.
Configuring SPF authentication for your Okta emails
Once you establish that Okta is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.
1. Please go to your domain's Configuration page in Enforce.
2. Click on the + sign from the Enabled Senders section:
3. Choose Okta from the list of configurable senders and then click Enable:
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.
As always, if you have any questions, please don't hesitate to submit a ticket.