SPF(supported) (dedicated subdomain)
DKIM(recommended)



This article covers the SPF and DKIM configuration process for Okta. Because this service leverages SendGrid's email infrastructure, it requires additions to your DNS records outside of the Valimail platform. Adding Okta as an authorized sender in the Valimail Enforce usually requires a dedicated subdomain to be pointed to the Okta infrastructure and typically the DKIM keys will be added in the Valimail platform.




TABLE OF CONTENTS




Configuring DKIM authentication for your Okta emails


1. In the Admin Console, go to Customizations -> Emails.


2. Click the Sender link.


3. Select a sender in the Configure Email Sender dialog box.


4. If you selected Custom email domain, enter or edit information in the following fields:

  • Email address to send from
  • Name of sender
  • Mail domain to send from. This must be a unique mail domain that your organization has dedicated for Okta to send mail from.


5. Save your changes.

  • The Save button appears if you chose noreply@okta.com, or if you chose a custom email domain and your org's DNS records don't need to be updated. You are finished after you click Save.
  • The Save & View Required DNS Records button appears if you chose a custom email domain and your org's DNS records need to be updated before your settings can take effect.


6. Add the 2 CNAME DKIM keys in Valimail Enforce - add the TXT and the first CNAME record to your DNS.



7. Select a DNS update option:

  • I've updated the DNS records — Okta begins polling your DNS records until it detects your updates (up to 24 hours). Your configuration is pending until the DNS updates are detected.
  • I will update the DNS records later — Your records aren't polled. Your configuration is incomplete until you update the relevant DNS records and click I've updated the DNS records. You can update the records at any time.


You can also find the instructions on how to set up DKIM and SPF here.






Add an Okta DKIM key in Enforce


1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.


    a. Scroll down and add the two DKIM keys in your configuration, by clicking on Add a DKIM key

    b. Enter the selector name, CNAME target value, associate the keys with Okta and then click Add.




You can find more detailed information on how to add a DKIM key in Valimail Enforce here.






Configuring SPF authentication for your Okta emails


Once you establish that Okta is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.


1. Please go to your domain's Configuration page in Enforce.

2. Click on the + sign from the Enabled Senders section:



3. Choose Okta from the list of configurable senders and then click Enable:




We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.





As always, if you have any questions, please don't hesitate to submit a ticket.