A Simple Mail Transfer Protocol (SMTP) connection failure occurs because network settings, firewall rules, or authentication credentials prevent Okta from connecting to the SMTP server. Verify the server address, port, firewall rules, and credentials to resolve the connection failure.

When configuring an email provider, a connection to the specified SMTP server fails, and Okta generates the following error message:

Connection with the specified SMTP server failed.

• Okta Identity Engine (OIE)

• Okta Classic Engine
• Simple Mail Transfer Protocol (SMTP)
• Server Configuration
• Outbound Email

The connection failure occurs because network settings, firewall rules, or authentication credentials prevent Okta from connecting to the SMTP server.

How is the SMTP connection failure resolved?

Verify the server SMTP address, port, firewall rules, and credentials, and test the connectivity using a command-line tool.

How to verify that the SMTP server address and port number are correct?

Verify the SMTP server address and port number by navigating to the Custom SMTP Configuration settings in the Okta Admin Console and confirming the values match the email provider documentation.

1. Sign in to the Okta Admin Console.
2. Navigate to Customizations, then Email Provider, and select Custom SMTP Configuration.
3. Confirm the following values match the email provider documentation:
   • Host (for example, <smtp.office365.com>, <smtp.gmail.com>)
   • Port (typically 587 for TLS or 465 for SSL)
   • Username (sending email account)

What steps ensure the firewall allows outbound traffic on the recommended SMTP ports?

Ensure the firewall allows outbound traffic by allowing port 587 or 465, adding Okta IP ranges to the allowlist, and confirming no proxy or VPN rules intercept the traffic.

1. Configure the firewall to allow outbound traffic on port 587 or port 465.
2. Add Okta IP ranges to the firewall and SMTP server allowlist.
   • Reference: Okta IP Addresses to Allowlist for Inbound Traffic.
   • Reference: List of IP Addresses that Should be Allowlisted for Processing Email Delivery.
3. Confirm there are no proxy or VPN rules intercepting SMTP traffic.
4. Verify the SMTP server is reachable from the public internet if the server is on-premises.

What steps confirm the configuration contains valid authentication credentials?

Confirm the configuration contains valid authentication credentials by manually re-entering the username and password and verifying the account status.

1. Enter the username and password manually to avoid introducing hidden characters or trailing spaces.
2. Confirm the account is active, not locked, and the password has not expired.
3. Verify the account has permission to send mail via SMTP.

How to test connectivity using a command-line tool to verify that the host machine can reach the server?

Test connectivity using a command-line tool by running a basic TCP connectivity test or a TLS handshake test from a machine on the same network path that Okta uses.

# Basic TCP connectivity test
telnet smtp.example.com 587

# TLS handshake test (recommended)
openssl s_client -starttls smtp -connect smtp.example.com:587 -crlf

NOTE: If the connection times out or is refused, the issue lies at the network or firewall layer.

How to verify the fix?

Verify the resolution by testing the email server configuration in the Okta Admin Console, sending a test email, and checking the System Log for SMTP-related events.

1. Navigate to Customizations, then Email Provider in the Okta Admin Console.
2. Select Send test email or re-save the configuration.
3. Send a test email to a known inbox and confirm delivery.
4. Check the System Log by navigating to Reports, then System Log, for any remaining SMTP-related events.

Related References

• Troubleshooting Okta Email Delivery Issues