account-notification {activation deletion expiration registration-confirmation reset-confirmation}

Enter the type(s) of account notifications that you want to send to users.

Separate multiple options with a space.

auth-mode {password | token | two-factor}

Select the IBE user authentication mode.

custom-user-control-status {enable | disable}

If your corporation has its own user authentication tools, enable this option and enter the URL.

Also configure url-custom-user-control <user-check_url> and url-forgot-pwd <forgot-password_url>.

expire-alert <days_int>

Enter the number of days before the user account's expiry date to send an alert email notification to the user. The valid range is 0 to 7, where 0 means the account is expired.

Optionally, for multiple alert email intervals, separate each entry with a space. For example, the default value (1 7) will send an alert email seven days and one day before the expiry date.

expire-emails <days_int>

Enter the number of days that the secured mail will be saved on the FortiMail unit.

expire-inactivity <days_int>

Enter the number of days the secured mail recipient can access the FortiMail unit without registration.
For example, if you set the value to 30 days and if the mail recipient did not access the FortiMail unit for 30 days after they registers on the unit, the recipient will need to register again if another secured mail is sent to them. If the recipient accessed the FortiMail unit on the 15th days, the 30-day limit will be recalculated from the 15th day onwards.

expire-passwd-reset <hours_int>

Enter the password reset expiry time in hours.
This is for the recipients who have forgotten their login passwords and request for new ones. The secured mail recipient must reset their password within this time limit to access the FortiMail unit.

expire-registration <days_int>

Enter the number of days that the secured mail recipient has to register on the FortiMail unit to view the mail before the registration expires. The starting date is the date when the FortiMail unit sends out the first notification to a mail recipient.

read-notification {enable | disable}

Enable to send the read notification the first time the mail is read.

secure-compose {enable | disable}

Select to allow the secure mail recipient to compose an email. The FortiMail unit will use policies and mail delivery rules to determine if this mail needs to be encrypted.

For encrypted email, the domain of the composed mail’s recipient must be a protected one, otherwise an error message will appear and the mail will not be delivered.

secure-reply {enable | disable}

Allow the secured mail recipient to reply to the email with encryption.

secure-forward {enable | disable}

Allow the secured mail recipient to forward the email with encryption

secure-token-ttl <minutes>

Enter the secure token timeout value in minutes. Valid range is 1-1440.

service-name <name_str>

Enter the name for the IBE service. This is the name the secured mail recipients will see once they access the FortiMail unit to view the mail.

sms-account-id <account-id_str>

Enter the account or service plan ID provided by your SMS provider.

sms-auth-key <key_str>

The authentication token, or API key, provided by your SMS provider.

sms-from-number <number>

Enter the phone number from which to send SMS messages.

sms-provider <sms-provider_name>

SMS provider for two-factor authentication.

status {enable | disable}

Enable the IBE service you have configured.

two-factor-auth-max-attempt <attempts_int>

Enter the maximum number of attempts a user is allowed for a two-factor authenticated session.

two-factor-auth-method {email | sms}

Note: This option is only available when auth-mode {password | token | two-factor} iseither token or two-factor.

Enter the verification method for two-factor authentication: email or SMS.

unread-days <days_int>

Note: This option is only available when unread-notification {enable | disable} is enable.

Enter the unread notification days.

unread-notif-rcpt <to_email>

Note: This option is only available when unread-notification {enable | disable} is enable.

Enable to send the unread notification to the recipient.

unread-notif-sender <from_email>

Note: This option is only available when unread-notification {enable | disable} is enable.

Enable to send the unread notification to the sender.

unread-notification {enable | disable}

Enable to send the unread notification if the message remains unread for 14 days by default.

url-about <about_url>

You can create a file about the FortiMail IBE encryption and enter the URL for the file. The mail recipient can click the "About" link from the secure mail notification to view the file.

If you leave this option empty, a link for a default file about the FortiMail IBE encryption will be added to the secure mail notification.

url-base <base_url>

Enter the FortiMail unit URL (for example, https://mail.example.com) where a mail recipient can register or authenticate to access the secured mail.

url-custom-user-control <user-check_url>

Enter the URL where you can check for user existence.

This command is available only if custom-user-control-status {enable | disable} is enable.

url-forgot-pwd <forgot-password_url>

Enter the URL where users get authenticated.

This command is available only if custom-user-control-status {enable | disable} is enable