- Products
- Learn
- Local User Groups
- Partners
- More
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Configuring MFA is something essential nowadays, and its setup should be intuitive. When I tried to find where to configure the email string for SMTP Relay, I noticed that in SmartConsole R82 it is extremely hidden, and placed in a section that, in my opinion, does not make much sense. It should be simpler and ideally located within the Gateway properties under Authentication > Dynamic ID.
Below, I’ll show where this configuration is located. This can serve as a useful reference for others trying to configure it, and also as a suggestion for the Check Point team to improve this in future SmartConsole versions, making MFA settings more intuitive.
The “SMS provider and email” option is locked under DynamicID Settings. Below I will show where this configuration is located.
Go to “Manage & Settings” > Blades > Mobile Access > Capsule Workspace Settings
NOTE: In my opinion, it does not make sense for this configuration to be so hidden, especially within Capsule Workspace settings, which are expected to be deprecated.
Go to “Multiple Authentication”
“Challenge users to provide the DynamicID one-time password sent to their email account or mobile device via SMS”
Add the SMTP information string in the “SMS provider and email” field.
NOTE:
Regarding this string, it is important to validate the following SMTP information:
For email-based multi-factor authentication, you will need the following SMTP details:
- SMTP Server Address
Example:
smtp.office365.com
- Connection Type
You need to determine:
- SMTP without TLS → smtp://
- SMTP with TLS (STARTTLS) → smtp:// + SSL_REQUIRED
- SMTP with direct SSL → smtps://
- Port
- 25 → Relay / no TLS or STARTTLS
- 587 → STARTTLS (most commonly used today)
- 465 → SMTPS
- Authentication
Key question:
Does the SMTP server require a username and password?
If the SMTP server does not require authentication, you can use a string similar to the example below:
mail:TO=$EMAIL;SMTPSERVER=system.mail.com;FROM=no-reply@domain.com;BODY=$RAWMESSAGE
There is an older SK that can be used as a reference:
"sk144712 - How to enable SMTP authentication or TLS-SMTP for DynamicID", which mentions that:
"Dynamic ID with an SMTP server that requires username and password for authentication is supported."
Then go back to the Security Gateway or Cluster properties, navigate to VPN Clients or Mobile Access > Authentication, and configure Multiple Login Options, adding the first option and then DynamicID as the second.
Edit DynamicID as shown below if you want to use "Send Email" only.
Configure the “User Directories”
| User | Count |
|---|---|
| 26 | |
| 13 | |
| 11 | |
| 10 | |
| 7 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 6 |
Tue 12 May 2026 @ 10:00 AM (CEST)
The Cloud Architects Series: Check Point Cloud Firewall delivered as a serviceWed 13 May 2026 @ 11:00 AM (EDT)
TechTalk: The State of Ransomware Q1 2026: Key Trends and Their ImpactThu 14 May 2026 @ 07:00 PM (EEST)
Under the Hood: Presentando Check Point Cloud Firewall como ServicioTue 12 May 2026 @ 10:00 AM (CEST)
The Cloud Architects Series: Check Point Cloud Firewall delivered as a service
