Posit Connect has a number of features that depend on sending emails. Some examples include delivering content via email, sending administrative notifications, reporting job failures or even additional security.
Notifications
By default, Connect sends email notifications for the following events:
Test messages to help validate email sending; sent to the email address of the requesting administrator.
New account creation; sent to the email address associated with the new account.
Account email address change; notification email sent to old address and confirmation email sent to new address.
Reset password requests; confirmation email sent to the address associated with the account.
Requests for additional account privileges (e.g., viewer => publisher); sent to administrators.
Requests for content access; sent to content collaborators.
Scheduled reports configured to email on completion; sent to targeted recipients.
On-demand report-emails; sent to target recipients.
Report rendering errors; sent to content collaborators.
Report environment restoration failures; sent to content collaborators.
Warnings about nearing license expiration; sent to administrators.
Additional recipients for some email notifications can be configured via the Notifications setting.
Post-install behavior
Connect installs with all email features disabled until an email provider is configured properly. Specifically, this is what to expect:
Built-in password authentication will not be able to send emails to users with new account confirmation or password reset links. An administrator will be responsible for obtaining these links from the user profile page in the dashboard and pass them along to the user via other means.
Notifications such as licensing limits, user requests for more privileges, or content errors will only be written to the logs. A list of Notifications is shown below.
Content delivery via email will be disabled.
Configuring an email provider
Connect supports two options for sending emails: SMTP or sendmail. These options can be configured via the setting Server.EmailProvider.
Sendmail
Sendmail is a mechanism for sending emails using the existing setup of the Linux installation that hosts Connect.
Different Linux distributions have their own implementation compatible with Sendmail. Refer to your server’s documentation to configure it.
SMTP
SMTP allows Connect to establish a direct connection to an email server for sending emails. In the Connect configuration file, you must provide the host and port of your SMTP server, user credentials if this server requires authentication, indication of whether the connection will be encrypted, and what encryption method will be used.
All SMTP options are described in the SMTP configuration appendix. The SMTP settings are reloadable. This means that Connect does not need to be restarted to use new settings. Learn more about reloadable settings in the Reloadable Properties configuration appendix.
When your email provider supports OAuth, prefer it over basic authentication (username and password) for stronger security.
The SMTP.Password can be encrypted to avoid credential leakage. See the Property Types configuration appendix for details.
OAuth authentication
Connect supports OAuth2 authentication for SMTP using the XOAUTH2 mechanism. This allows Connect to authenticate with email providers using OAuth access tokens instead of passwords, which provides improved security and is required by some email providers that have deprecated basic authentication.
To use OAuth authentication for SMTP, you must:
- Create a service account OAuth integration in Connect
- Configure your email provider to allow OAuth-based SMTP authentication
- Configure Connect to use the OAuth integration for SMTP
Creating the OAuth integration
Create an OAuth integration in Connect with the credentials from your email provider. Configure the integration as a service account type, which uses the client credentials flow to obtain access tokens.
When creating the OAuth integration, you will need the following from your email provider:
- Client ID: The application/client identifier
- Client secret: The application secret
- Token endpoint URL: The OAuth token endpoint for your provider
- Scopes: The OAuth scopes required for sending email (provider-specific)
See the OAuth Integrations documentation for details on creating integrations.
When creating the OAuth integration for SMTP, set the access control list (ACL) to restrict access to administrators only. This prevents publishers from accidentally associating the SMTP integration with published content.
Configuring Connect for SMTP OAuth
Once the OAuth integration is created, configure Connect to use it by setting the SMTP.OAuthIntegration setting to the name or GUID of your OAuth integration:
/etc/rstudio-connect/rstudio-connect.gcfg
[Server]
Address = "https://posit-connect.company.com"
EmailProvider = "SMTP"
SenderEmail = "account@company.com"
[SMTP]
Host = "smtp.example.com"
Port = 587
StartTLS = always
User = "account@company.com"
OAuthIntegration = "my-smtp-oauth-integration"When using OAuth authentication, do not set SMTP.Password. The SMTP.User setting is optional; if not set, it defaults to the value of Server.SenderEmail.
For a complete provider-specific example, see SMTP OAuth with Microsoft Entra ID and Exchange Online.
Example email settings
The example below shows a basic SMTP email configuration reference:
/etc/rstudio-connect/rstudio-connect.gcfg
[Server]
Address = "https://posit-connect.company.com"
EmailProvider = "SMTP"
SenderEmail = "account@company.com"
[SMTP]
Host = "smtp.example.com"
Port = 587
User = "service-user"
Password = "service-password"For more information about configuring email settings and additional sample configurations, see the Server Address section of this guide.
Testing the email settings
You can see and test your current email settings from the Connect dashboard in the System > Info panel, Email Settings section. By sending a test email from this page you can confirm that the email features work properly.
Configuring other email settings
Configure a few other settings to send emails from Connect.
Customizing the address on emails
Emails sent from Connect should come from a known email address within your organization. This address must be configured using Server.SenderEmail.
Customizing the display name on emails
The Server.SenderEmailDisplayName setting can be used to configure an alternate name for the server when sending system emails (e.g. “My Posit Connect Server”). If there is no alternate name provided, then “Posit Connect” will be used by default.
Customizing the subject prefix
The subject line of emails sent from Connect is prefixed with “[Posit Connect].” If you wish to change this prefix use the setting Server.EmailSubjectPrefix.
Allowing sending email to all users
When delivering content via email, initially there will be no option to send to all users. If there is need to do so, please enable that by using the setting Server.MailAll.
Configuring To fields to avoid spam false positives
By default, Connect sends emails to recipients as BCC (blind carbon copy) so recipients will not have knowledge of each other’s email addresses. In some situations the email provider of the recipients will detect that a number of users received a BCC copy of the same email and that will trigger the spam detection. If you see this behavior, the setting Server.EmailTo should be configured with a “no-reply” email address from your organization.
Sending email from user email addresses
If you would like emailed reports sent by Connect to appear as if they were sent by the content owner’s email address, then you can enable the setting Server.EmailFromUserAddresses. This will modify the message’s From header to use the content owner’s email address and the Sender header will use the configured Server.SenderEmail. This setting may not be compatible with all email servers. Check with your email administrator to find out if your email server can support messages sent on behalf of other users via the Sender header.
Using the Server.EmailFromUserAddresses configuration may require some additional configuration on the part of your email administrator. Some email providers require additional verification proving that you own the addresses used to send emails. Check with your email administrator about limitations of the From and Sender headers.
If you need additional privacy of the email addresses within your own organization, the setting Server.HideEmailAddresses can be used to hide all email addresses in the dashboard. Users will not be able to see each other’s emails. Only administrators will be allowed to see all emails.
License expiration email
Emails related to license expiration can be disabled. See the instructions on the License Management page and the Licensing configuration appendix for details.
Customizing email to contain HTML
Connect can send HTML-based emails. Complete documentation for how this is accomplished can be found in the Posit Connect User Guide.
SMTP OAuth with Microsoft Entra ID and Exchange Online
Microsoft Entra ID (formerly Azure AD) with Exchange Online is one email service that supports OAuth for SMTP. The following steps outline how to configure this integration.
For complete details, see Microsoft’s documentation on authenticating SMTP connections using OAuth.
1. Register an application in Entra ID
Create an app registration in the Azure portal with the following API permission:
- Microsoft Graph → Application permissions → SMTP.SendAsApp
Request admin consent for this permission.
2. Capture required values
From your app registration, note the following values:
- Tenant ID
- Client ID (Application ID)
- Client secret (create one under “Certificates & secrets”)
- Enterprise application object ID (this is the service principal ID, found under “Enterprise applications”, not the app registration object ID)
3. Register the service principal with Exchange Online
Using PowerShell with the Exchange Online PowerShell module, grant the service principal access to the mailbox that will send emails:
# Connect to Exchange Online
Connect-ExchangeOnline
# Add mailbox access to the service principal
Add-MailboxPermission -Identity "<your-email>" -User "<service-principal-object-id>" -AccessRights FullAccess
# Add SendAs permission to the service principal
Add-RecipientPermission -Identity "<your-email>" -Trustee "<service-principal-object-id>" -AccessRights SendAs4. Enable SMTP OAuth on Exchange Online
Ensure SMTP client authentication is enabled for the mailbox and tenant:
# Enable for the specific mailbox
Set-CASMailbox -Identity "<your-email>" -SmtpClientAuthenticationDisabled $false
# Enable for the tenant (if not already enabled)
Set-TransportConfig -SmtpClientAuthenticationDisabled $false5. Create the OAuth integration in Connect
Create a service account OAuth integration in Connect with:
- Token URL:
https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token - Client ID: Your application’s client ID
- Client secret: Your application’s client secret
- Scopes:
https://outlook.office365.com/.default
6. Configure Connect
Update your Connect configuration:
/etc/rstudio-connect/rstudio-connect.gcfg
[Server]
EmailProvider = "SMTP"
SenderEmail = "<your-email>"
[SMTP]
Host = "smtp.office365.com"
Port = 587
StartTLS = always
User = "<your-email>"
OAuthIntegration = "<your-oauth-integration-name>"7. Test the configuration
Restart Connect and send a test email from the System > Info panel to verify the configuration.