# Configuring email OTP To configure sending OTPs via email: 1. Configure an SMTP server as described in [**Configuring SMTP server connection for event notifications**](/landing/ras-admin-guide/v20-en-us/parallels-ras-20-administrators-guide/common-management-tasks/system-event-notifications/configuring-smtp-server-connection-for-event-notifications.md). 2. Specify the following: * **Name:** The name that will appear in RAS Console. * **(Optional) Description:** The description of MFA. * **Themes:** The Themes that use the MFA. * **Display name:** The name that will appear in Parallels Client. * **OTP Lenght:** The length of an OTP. Can be between 4 and 20 numbers. * **OTP Validity:** The time period when an OTP is valid. Can be between 30 and 240 seconds. * **User Prompt:** Specify the text the user will see when prompted with an OTP dialog. * **E-mail subject:** The subject of an email containing an OTP. * **E-mail content:** The content of an email containing an OTP. * **Allow users to enroll using external emails:** Select this option if you want users to enroll using external email addresses. You can store external emails in RAS Storage or an AD Attribute. If you want to store emails in an Active Directory Custom attribute, you must specify the name of the attribute in the field **AD Custom Attribute**. You can make sure that you have the permission necessary for storing email addresses in an AD attribute by clicking **Validate**. * The **User enrollment** section allows you to limit user enrollment if needed. You can allow all users to enroll without limitations (the **Allow** option), allow enrollment until the specified date and time (**Allow until**), or completely disable enrollment (the **Do not allow** option). If enrollment is disabled due to an expired time frame or because the **Do not allow option** is selected, a user trying to log in will see an error message saying that enrollment is disabled and advising the user to contact the system administrator. When you restrict or disable enrollment, Google authenticator or other TOTP provider can still be used, but with added security which would not allow further user enrollment. This is a security measure to mitigate users with compromised credentials to enroll in MFA. * **Show information to unenrolled users**: Select whether unenrolled users can see the **The user name or password is incorrect** error when they enter incorrect credentials: * **Never (most secure)**: Unenrolled users see a TOTP prompt instead of the error. * **If enrollment is allowed:** Unenrolled users see the error if user enrollment is allowed. Otherwise, they see a TOTP prompt. * **Always**: Unenrolled users always see the error. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.parallels.com/landing/ras-admin-guide/v20-en-us/parallels-ras-20-administrators-guide/connection-and-authentication-settings/multi-factor-authentication/configuring-email-otp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.