Author: Eric Vasbinder
To ensure reliable delivery of emailed notifications from Vista in our Viewpoint ERP Cloud, we need to update Vista's SMTP settings such that it points to an Internet accessible SMTP system that is set up to relay messages to various destinations when sent those messages from Vista in our cloud.
There are two major steps to setting up proper SMTP settings for email notifications in our cloud:
Determining and setting up the appropriate SMTP sending infrastructure.
Inputting the settings from step 1 into Vista.
NOTE: THESE SETTINGS CANNOT, AT THIS TIME, BE ENTERED BY A CUSTOMER IN OUR CLOUD. INSTEAD, A CLOUD SUPPORT TICKET MUST BE CREATED WITH THE APPROPRIATE SETTINGS INCLUDED. TRIMBLE SUPPORT STAFF WILL THEN UPDATE YOUR CLOUD VISTA INSTALLATION TO USE THE PROPER SMTP SETTINGS.
There are three main methods that can be used for sending notifiers via SMTP email in our Vista cloud:
Option A: SMTP Relay with Allowed Sending (i.e. SPF and DKIM) with Static,. Public IP.) (Preferred).
Option B: SMTP relay with Whitelist IP Over IPSEC VPN Tunnel.
Viewpoint's Relay Systems (DURING PRE-GO-LIVE TESTING ONLY).
Email account with SendAs Privileges.
See below for more details on each method and how to set up the infrastructure for each method.
With this method, a customer attempts to allow Vista to relay through their SMTP server, directly over the Internet. Now that our environments can be configured to have a static, public IP for outgoing SMTP traffic, this option is viable. As such, DKIM and SPF settings can now be updated to allow for SMTP traffic from the Viewpoint server through your SMTP relay, locked to a single static IP.
Please use this Microsoft KB article for instructions on how to set up this option: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365#option-3-configure-a-connector-to-send-mail-using-microsoft-365-or-office-365-smtp-relay
In order to finalize the setup for this on our end however, we do ALSO need to have the customer submit a cloud support case requesting that Viewpoint stand up a NAT Gateway with a Standard IP SKU (for a static IP) in your cloud environment.
THE REQUEST FOR A NAT GATEWAY WITH A STANDARD STATIC IP SKU SHOULD BE SUBMITTED AS A CLOUD SUPPORT CASE AS SOON AS POSSIBLE IN ORDER FOR OUTGOING SMTP TRAFFIC TO COME FROM A STATIC IP ADDRESS SUITABLE FOR WHITELISTING
This method sends SMTP traffic from the viewpoint environment over your IPSEC VPN tunnel to an on premise, or cloud hosted, SMTP relay server. This relay server then allows for email messages to be sent through it from the Vista server. In order to ensure that messages sent in this fashion are not lost due to antispam measures, you should configure your relay server to accept SMTP traffic from the internal IP address of the Vista server in the cloud (whitelist).
To ensure Vista can authenticate to your SMTP server, please ensure that it supports AUTH PLAIN and/or AUTH LOGIN methods for authentication. Your email server should support TLS 1.2 if you wish to configure it to use TLS encryption for email traffic.
Please note that, long term, maintaining this option does require continuing to manage your own SMTP Relay server. Though this method does provide more control for a customer's IT organization, it also requires the maintenance of an SMTP relay in your environment.
Viewpoint uses a relay system during the testing phase of a cloud environment, prior to going live. This solution, today known as TurboSMTP, is not designed for production use and as such, customers should switch to one of the above two methods either prior to or just after go live.
Hosted at your cloud email provider (e.g. Microsoft Office 365 / Microsoft 365, Google GSuite, etc.), this method requires creating a dedicated account in the cloud email system. This account is usually set up to be something like, "Vista.Notifications@YourDomain.com". The account, "Vista.Notifications" is then given the ability to send email on behalf of any user account that will be sending messages from Vista. Depending on your Vista settings, this may be as small as a few user accounts, or as large as the entire organization. Once this account is created and the appropriate Send As privileges given to this account, you will need to coordinate with Viewpoint to send the credentials for this account to us in a secure fashion. MFA must not be turned on for this account due to Vista limitations. In addition, as Vista often sends emails as a "relay" requestor rather than an actual user account, you may need to allow SMTP relaying. To mitigate the potential security impact of this situation, we recommend implementing an IP whitelist, blocking SMTP traffic through this method, save that SMTP traffic that originates from your Viewpoint cloud environment (see below for detailed steps).
IMPORTANT: MICROSOFT WILL NO LONGER BE SUPPORTING THIS METHOD IN A SHORT PERIOD OF TIME. AS SUCH WE WILL BE DEPRECATING THIS OPTION IN THE NEAR FUTURE
IMPORTANT: The account created for Vista to use must NOT be set up to use Multi-Factor Authentication (MFA). Vista's server does not support connecting to SMTP Email accounts with MFA active: username and password authentication only is supported by Vista.
Once the credentials for this account have been added into your Vista cloud implementation, all notifications will then be sent from Vista through this account.
As it requires no changes to your DNS settings for SPF or DKIM, this method is the easiest to set up, verify, and maintain. Thus, this method is greatly preferred by viewpoint for enabling notifications from Vista.
Please see the following link with Microsoft on how to enable a newly created account with send as privileges:
CRITICAL NOTE:
As of September 2025, customers who use Option "B" with Microsoft Office 365 will be unable to continue to send email notifications from Vista as Microsoft is discontinuing Basic SMTP authentication support.
Vista ONLY supports Basic SMTP authentication at this time and does not support OAuth. As such, we highly recommend switching to another option on this page prior to September 2025.
See the following Microsoft article for more information about Microsoft's discontinuing support for the method Vista uses to send emails directly: https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-to-retire-basic-auth-for-client-submission-smtp/ba-p/4114750#:~:text=Exchange%20Online%20to%20retire%20Basic%20auth%20for%20Client%20Submission%20(SMTP%20AUTH),-%E2%80%8EApr%2015&text=Today%2C%20we%20are%20announcing%20that,SMTP%20AUTH)%20in%20September%202025
Log in to your email provider
Create an account and make a note of the credentials
Assign it "Send As" privileges for any account that may be sending emails from Vista.
Ensure this account has an APP PASSWORD dedicated for Vista's use
Multi-Factor Authentication (MFA) / 2 Factor Auth is NOT supported by Vista itself to authenticate to email accounts.
Create a cloud support case (or if pre-go-live, create a transformation support case) to have this updated in your Vista Configuration Settings
Exchange the credentials and server name in a secure fashion (e.g. SFTP, SMIME or GPG Encrypted email, Encrypted Meeting Chat, LastPass, etc.)
Our cloud engineers will update Vista's configuration to point to the new SMTP server and account.
NOTE: You may need to enable "relay" permissions using a hosted Exchange (Office 365) connector to allow for emails to be properly sent from Vista. Many customers when doing this require that the IP address from where SMTP traffic is coming be a static IP for whitelisting purposes. This means that your Vista single tenant environment in our cloud needs to be converted to use a static, public IP at the egress point for all SMTP traffic.
The following steps must be followed to enable a static, public IP for your cloud environment:
Create a cloud engineering support case to convert all web site IPs from Azure Basic to Azure Standard.
Note: After doing so, your IPSEC VPN may need to be rebuilt if you use one. Please contact your Viewpoint rep for more details.
Once your IPs have been converted, please put in another cloud engineering support case to add a NAT gateway.
Once these two steps are complete, our team will then supply you with the static IP for your company to add to the pre-approved whitelist.
ONCE THE INFRASTRUCTURE HAS BEEN SET UP TO ENABLE ONE OF THE FOUR METHODS ABOVE, A SUPPORT CASE MUST BE CREATED IN ORDER FOR THE ACTUAL SETTINGS TO BE UPDATED ON THE VISTA SERVER ITSELF.
changelog
Tuesday, 12 November 2024 at 06:16PM:
Moved the SendAs Option to Deprecated at the bottom.
Tuesday, 07 May 2024 at 12:51PM:
Added note about upcoming demise of SMTP Basic auth by Microsoft. Highly recommended for customers to switch to option "A" - exchange connector relay ASAP.
Monday, 29 January 2024 at 11:27PM:
Reminder that the customer needs to submit a cloud engineering support case for a NAT Gateway with a Standard Static IP SKU.
Monday, 29 January 2024 at 10:41AM:
Reminder that customer needs to set up support case in order to have the actual Vista SMTP settings updated - after the customer determines what those should be.
Wednesday, 19 April 2023 at 12:12PM:
Added Microsoft KB article link on how to set up SMTP Relay from within Microsoft hosted email in Azure.
Friday, 26 August 2022 at 10:42AM:
Updated hyperlinks to use blue text font. Come on Google - seriously? Blue text font to signify hypertext links is one of the best ways to visually denote the difference between underlined static text in white or black and an active hyperlink. Why not have it be by default? Some misguided attempt to have a "clean visual design language" I suppose.
Wednesday, 17 August 2022 at 12:24PM:
Added link to instructions on how to set up Office 365 NON-TLS Connector for relaying SMTP Traffic
Thursday, 04 August 2022 at 03:42PM:
updated to add in process for getting a static IP for the Viewpoint cloud single tenant environment for whitelisting.
Added in changes to show that full SMTP relay now is supported with the advent of static IPs being available for SMTP traffic.
Wednesday, 08 June 2022 at 08:42AM
Added notice that MFA is not supported for accounts used by Vista's SMTP settings.
Updated: Tuesday, 12 October 2021 at 12:39PM