About Authentication Types
The following table lists the authentication types for each protocol based on the email component type that you selected for the Email Configuration workspace [either Basic (Default) or Advanced]. Refer to Configuring the Outgoing and Incoming Email Servers for information about the email component types.
Protocol | Basic (Default) | Advanced |
---|---|---|
Exchange Web Services |
Plain Password is not required for Exchange Web Services users. The login is based on client credentials (OAuth). |
AuthLogin |
Google Service Account |
AuthLogin |
- |
IMAP4 |
AuthLogin CramMD5 NTML Plain |
AuthLogin CramMD5 NTML Plain None Regular DigestMD5 Msn GssAPI Auto |
Microsoft Graph |
AuthLogin Password is not required for Microsoft Graph users. The login is based on client credentials (OAuth). |
- |
POP3 |
APOP AuthLogin CramMD5 NTML Plain |
DigestMD5 GssAPI Msn CramMD5 AuthLogin APOP Plain NTLM Regular Auto None |
The following table describes the Simple Authentication and Security Layer (SASL) authentication types:
Authentication Type | Description |
---|---|
None |
No authentication. Sometimes used with SMTP when the server allows relay for anonymous senders. |
Regular |
Standard authentication. Passwords are transmitted as clear text. Not supported by SMTP servers. |
APOP |
Secure APOP authentication. Supported by many POP3 servers but cannot be used with other servers like SMTP because APOP is POP3-specific. Disabled when FIPS mode is enabled. |
AuthLogin |
SASL LOGIN authentication. Not secure but widely supported. Passwords are transmitted as Base64 strings. Note for IMAP users: This is the AUTHENTICATE LOGIN command, not the LOGIN command (which corresponds to the Regular authentication type). |
Plain |
SASL PLAIN authentication. Not secure but widely supported. Passwords are transmitted as Base64 strings. |
CramMD5 |
Secure SASL CRAM-MD5 authentication. Might not be supported by particular server implementations. Disabled when FIPS mode is enabled. |
DigestMD5 |
Secure SASL DIGEST-MD5 authentication. Might not be supported by particular server implementations. Disabled when FIPS mode is enabled. |
NTLM |
Secure SASL NTLM authentication. Also known as Secure Password Authentication (SPA). In a Microsoft Windows domain environment such as Active Directory, you can also use NTLM to authenticate the current Microsoft Windows user. In this case, you should pass a null reference (or "Nothing" in Visual Basic) for the accountName and password values. Might not be supported by particular server implementations. |
Msn |
Secure SASL MSN authentication. Equivalent to NTLM. Not widely supported. |
GssAPI |
Secure SASL GSSAPI authentication (through Kerberos or NTLM). Like SASL NTLM, supports Integrated Windows Authentication mode. The internal implementation (Kerberos or NTLM) is selected depending on if the value of the targetName field of the Login method is an empty string (or for SMTP, the TargetName field). An empty string denotes NTLM, and all other values (including a null reference) denote Kerberos. The underlying implementation downgrades to NTLM from Kerberos if the targetName field is not empty but not valid (denotes non-existent SPN). |
Auto |
Tells the email service to automatically select the best supported authentication method and downgrade to insecure methods if the server does not support secure methods. |