====== On-Premises Notification Setup ====== This guide outlines the system requirements and supported technologies for configuring alerts and notifications (Push and Email) within a Mervis SCADA On-Premises environment. ===== Push Notifications ===== To enable mobile push notifications in an on-premises deployment, please note the following architectural requirements: * **Separate Component Installation:** The push notification service is currently not included in the main Mervis SCADA installation package. It must be installed as a separate system component. * **Dedicated Account Routing:** You must configure a separate, dedicated account to route these notifications. This account **must not** be connected to your standard Mervis account. * **Network Access (Firebase):** The server hosting the notification service requires an active outbound internet connection to communicate securely with the **Firebase API**. ===== Email Notifications (SMTP) ===== Mervis SCADA supports both standard and modern authentication methods for sending automated email alerts. ==== Standard Authentication ==== * **Basic SMTP Auth:** Traditional SMTP authentication using a standard ''username'' and ''password'' is fully supported out of the box. ==== OAuth 2.0 Authentication (Modern Auth) ==== For IT environments that mandate strict modern security standards, Mervis supports OAuth 2.0. This is specifically required for modern cloud email providers like **Microsoft Office 365** and **Google Workspace**. === Microsoft Office 365 Setup === To use OAuth 2.0 with Office 365, you must register Mervis as an application in the Microsoft Entra ID (formerly Azure AD) portal. - **1. Enable SMTP Auth:** First, ensure that authenticated client SMTP submission is enabled for the specific mailbox you intend to send emails from. - **2. App Registration:** Register a new application in the Microsoft identity platform. - **3. Configure Redirect URIs:** Navigate to the **Authentication** tab and add the appropriate Redirect URIs (Note: ''localhost'' is required for .NET core): * **.NET desktop:** ''https://login.microsoftonline.com/common/oauth2/nativeclient'' * **.NET core / .NET 5+:** ''http://localhost'' {{ms_oauth_setup1.png?600|Adding Redirect URIs in the Authentication tab}} - **4. Configure API Permissions:** Navigate to the **API permissions** tab. Click **Add a permission**, select **Microsoft Graph**, choose **Delegated permissions**, and add the following required scopes: * ''email'' (View users' email address) * ''offline_access'' (Maintain access to data you have given it access to) * ''IMAP.AccessAsUser.All'' (Read and write access to mailboxes via IMAP) * ''POP.AccessAsUser.All'' (Read and write access to mailboxes via POP) * ''SMTP.Send'' (Send emails from mailboxes using SMTP AUTH) * ''User.Read'' (Sign in and read user profile) - **5. Grant Admin Consent:** Once the permissions are added, you **must** click the **Grant admin consent** button for your domain to fully authorize the application. {{ms_oauth_setup2.png?600|Adding the required API permissions and clicking Grant admin consent}} Once consent is granted, ensure that all the required permissions show a green "Granted" status: {{ms_oauth_setup3.png?600|Verifying all API permissions have been granted successfully}} === Google Setup === Google accounts are also supported via OAuth 2.0. Similar to Microsoft, this requires setting up an OAuth Client ID in the Google Cloud Console and generating the appropriate tokens to allow Mervis to send emails on behalf of the Gmail account.