R82 DynamicID via Email (SMTP) – Configuration Tips and Key Considerations

israelfds95 — Tue, 28 Apr 2026 20:46:46 GMT

Configuring MFA is something essential nowadays, and its setup should be intuitive. When I tried to find where to configure the email string for SMTP Relay, I noticed that in SmartConsole R82 it is extremely hidden, and placed in a section that, in my opinion, does not make much sense. It should be simpler and ideally located within the Gateway properties under Authentication > Dynamic ID.

Below, I’ll show where this configuration is located. This can serve as a useful reference for others trying to configure it, and also as a suggestion for the Check Point team to improve this in future SmartConsole versions, making MFA settings more intuitive.

The “SMS provider and email” option is locked under DynamicID Settings. Below I will show where this configuration is located.

Go to “Manage & Settings” > Blades > Mobile Access > Capsule Workspace Settings

NOTE: In my opinion, it does not make sense for this configuration to be so hidden, especially within Capsule Workspace settings, which are expected to be deprecated.

Go to “Multiple Authentication”

In the “Client Authentication” window > DynamicID Settings, enable the option:
“Challenge users to provide the DynamicID one-time password sent to their email account or mobile device via SMS”

Add the SMTP information string in the “SMS provider and email” field.

NOTE:

Regarding this string, it is important to validate the following SMTP information:

For email-based multi-factor authentication, you will need the following SMTP details:

SMTP Server Address

Example:
smtp.office365.com

Connection Type

You need to determine:

SMTP without TLS → smtp://
SMTP with TLS (STARTTLS) → smtp:// + SSL_REQUIRED
SMTP with direct SSL → smtps://

Port

25 → Relay / no TLS or STARTTLS
587 → STARTTLS (most commonly used today)
465 → SMTPS

Authentication

Key question:

Does the SMTP server require a username and password?

If the SMTP server does not require authentication, you can use a string similar to the example below:

mail:TO=$EMAIL;SMTPSERVER=system.mail.com;FROM=no-reply@domain.com;BODY=$RAWMESSAGE

There is an older SK that can be used as a reference:
"sk144712 - How to enable SMTP authentication or TLS-SMTP for DynamicID", which mentions that:

"Dynamic ID with an SMTP server that requires username and password for authentication is supported."

Then go back to the Security Gateway or Cluster properties, navigate to VPN Clients or Mobile Access > Authentication, and configure Multiple Login Options, adding the first option and then DynamicID as the second.

Edit DynamicID as shown below if you want to use "Send Email" only.

Configure the “User Directories”

Re: R82 DynamicID via Email (SMTP) – Configuration Tips and Key Considerations

the_rock — Tue, 28 Apr 2026 21:12:29 GMT

Excellent!

Re: R82 DynamicID via Email (SMTP) – Configuration Tips and Key Considerations

WiliRGasparetto — Wed, 29 Apr 2026 14:03:59 GMT

Great content, I believe it's very relevant to the community.

Best.

Re: R82 DynamicID via Email (SMTP) – Configuration Tips and Key Considerations

PhoneBoy — Wed, 29 Apr 2026 20:27:47 GMT

Nicely done!

topic Re: R82 DynamicID via Email (SMTP) – Configuration Tips and Key Considerations in Firewall and Security Management

R82 DynamicID via Email (SMTP) – Configuration Tips and Key Considerations

Re: R82 DynamicID via Email (SMTP) – Configuration Tips and Key Considerations

Re: R82 DynamicID via Email (SMTP) – Configuration Tips and Key Considerations

Re: R82 DynamicID via Email (SMTP) – Configuration Tips and Key Considerations