Credential Management

There are different ways to authenticate to Mailsac services depending on the service being consumed.

Standard Login: Used to authenticate to Mailsac.com Website
Sub-Account User Login: Used to authenticate to Mailsac.com (available to Business and Enterprise Plans)
API Key: Used to authenticate to the REST API, Email Capture, POP3.
POP3 Password: Used to authenticate to POP3 Service

Password Change

An account password can be changed on the Website under Manage Account Details. If you have forgotten your password use the Password Reset Form to send a password reset email.

Sub-Account Users will need to contact the Primary Account Holder to reset their password.

API Key Management

API keys are used to authenticate to the REST API, Email Capture, POP3.

API Keys can be created , regenerated, and deleted in the API Keys and Users section of the Dashboard.

Multiple API Keys

For accounts on Business or Enterprise plans, multiple API keys may be created, each with a unique name.

Having multiple API keys enables:

restricted access control
usage monitoring
separate API Keys for different testing environments

To create an API key, go to API Keys and Users and select “Manage Keys” from the Dashboard. Enter a name for the API Key and select Generate new API key. API Keys may only be viewed once and are not retrievable by the system. API Keys should be treated with the same security considerations as a password.

../../../_images/add_named_key.png — Create new API key

Sub-Account Users

Sub-Account User accounts may access a subset of Mailsac functionality - almost everything except managing the account, billing, and API keys or user logins. This feature is available on Business and Enterprise Plans.

A Sub-Account User’s password serves both as the password to the Mailsac.com website and the REST API

Create User Login

User accounts can be created from the Dashboard under API Keys and Users by selecting “Manage Users”

The password for the user login is automatically created. It can only be viewed once.

../../../_images/user_login_credentials.png — User Login Credentials

When logged into the website using an user login, the user session is restricted from:

viewing and modifying payment information
adding or removing API keys
managing account features
adding or removing custom domains

Login Using an Sub-Account User

Use the Sub-Account User Login to sign into Mailsac to login user a Sub-Account User

Primary Account ID: The primary account name used to sign up for Mailsac
User Name: The name of the user login
Password: The password for the user

../../../_images/login_using_sub_account_user.png — Login using a Sub-Account User.

Reset Sub-Account User Password

Sub-Account User passwords are generated automatically because they also serve as an API key. In order to reset the Sub-Account password the user can be recreated by selecting “Regenerate Password”. This can be done from API Keys and Users

../../../_images/regenerate_sub_account_password.png — Regenerate Sub-Account password.

Remove Sub-Account User

Sub-Account users can can be removed by clicking on the “Delete” button next to the user login on the API Keys and Users page.

../../../_images/remove_sub_account.png — Remove Sub-Account user.

SAML/SSO Integration

SAML provides a way for sub-account users to authenticate using a third party identity provider. Mailsac has been tested with Okta, Google Workspace, and Microsoft Cloud based Active Directory products. Other SAML identity providers may work since SAML is based on a standard framework.

Microsoft Azure Active Directory SAML/SSO Configuration

SAML Setup

Select SAML/SSO from the Dashboard. Then click the button “Generate SAML Service Provider”.

../../../_images/generate_saml.png — Generate SAML Service Provider

The next screen will contain “Service Provider Info”, which will be required by your identity provider. The section “Identity Provider Settings” will be filled in with information generated by your identity provider.

../../../_images/saml_sso_settings.png — SAML/SSO Settings

The process for configuring your identity provider will vary depending on the identity provider.

Adding SAML Users

In order to login using SSO a sub-account user must be created with a username that matches the name ID returned from the SAML SSO provider. This is typically the username used to authenticate to the identity provider.

After the user is added as a sub account user they will be able to login using SAML SSO.

../../../_images/saml_sub_account.png — Add a sub-account user with the same name as returned by the identity provider

Removing SAML SSO Users

SAML SSO sub-account users can be removed by clicking on the “Delete” button next to the user login on the API Keys and Users page.

Login As a SAML SSO User

The SSO login page, which can be accessed directly or found via the Standard Login, is used for SAML SSO logins.

../../../_images/sso_standard_login.png — Select “SSO Login” to login using SSO

Enter the Primary Account ID, which is the Mailsac username used to configure SAML SSO, and the SSO email or User ID of the SSO user. Select “Generate SSO link” to be redirected to the SSO provider’s login page.

../../../_images/saml_login_page.png — Enter primary Mailsac account ID and SSO email or User ID and select “Generate SSO link”

Once the identity provider has authenticated the user, the user will be redirected back the Dashboard completing the SAML SSO login process.