Configure SMTP to send mails
Keycloak has the capacity to send emails on certain user events (registration validation, reset credentials, usage alerts for example). This is really suitable to create a nice and smooth workflow to welcome and help the registered users.
In order to send emails, the customer needs to properly configure the SMTP server settings at the realm level.
Cloud-IAM do not offer a generic SMTP service to send those emails. The main reason is that emails trust level is related to the IP that is used to send the email. Sharing this IP with other customer could lead to neighborhood problems that would degrade your service.
Cloud-IAM recommend to use the customer's SMTP server.
If the customer wants to secure the connection between the Cloud-IAM deployment and the SMTP server, it could be achieved by setting an allow list. The Cloud-IAM deployments have a gateway public IP that should be added to the allow list of the SMTP server.
Cloud-IAM discourages the use of a VPN connection between the deployment and the SMTP server. This kind of connection is hard to maintain always up and running and to monitor.