#Migrate from Microsoft to Username + Password

To transition from Microsoft SSO authentication back to email + password + MFA, you need to:

Step 1: Disable Microsoft SSO

Go to Settings → Admin Panel → Configuration Variables and set:

• AUTH_MICROSOFT_ENABLED=false

Or if you're using environment-only configuration (IS_CONFIG_VARIABLES_IN_DB_ENABLED=false), update your .env file and restart the container.

Step 2: Enable Password Authentication

In the same Configuration Variables section, ensure password authentication is enabled. Look for password-related settings in the Authentication section.

Step 3: Enable MFA for Users

Once users can log in with email + password, they can enable 2FA individually:

1. Go to Settings → Profile
2. Find the 2FA section
3. Click Enable 2FA
4. Scan the QR code with an authenticator app
5. Enter the verification code

Important Notes

• Since you're using the 1-step Docker method, configuration changes made through the Admin Panel take effect immediately (within 15 seconds)
• Users who were created via Microsoft SSO will need to set a password. They can use the "Forgot Password" flow to create one
• Make sure you have email configured (SMTP settings) so password reset emails can be sent

If you need to configure SMTP for password reset emails, go to Settings → Admin Panel → Configuration Variables → Email section and set up your SMTP provider.

These pages may help:

• Self-Host Setup
• Settings FAQ

Furthermore, I am trying to send emails from the platform using postmark. How do I set this up correctly?

For Postmark, you'll configure it as an SMTP provider. Go to Settings → Admin Panel → Configuration Variables and find the Email section.

Set these variables for Postmark:

• EMAIL_DRIVER=smtp
• EMAIL_SMTP_HOST=smtp.postmarkapp.com
• EMAIL_SMTP_PORT=587
• EMAIL_SMTP_USER={your-postmark-server-api-token}
• EMAIL_SMTP_PASSWORD={your-postmark-server-api-token}

Note: Postmark uses your Server API Token for both the username and password fields.

Since you're using the 1-step Docker method with the default configuration (IS_CONFIG_VARIABLES_IN_DB_ENABLED=true), changes made through the Admin Panel take effect immediately (within 15 seconds).

If you've set IS_CONFIG_VARIABLES_IN_DB_ENABLED=false, add these variables to your .env file instead and restart the container.

This email configuration is used for system emails like password resets, email verification, and other platform notifications - which ties back to your earlier question about enabling password + MFA authentication.

Do I want a transactional stream or a broadcast, or outbound?

The documentation doesn't specifically cover Postmark stream types. However, based on how Twenty uses email:

Use a Transactional Stream.

Twenty sends system emails like:

• Password reset emails
• Email verification
• Workflow-triggered emails (e.g., welcome emails, follow-ups, notifications)

These are all one-to-one, triggered emails - which is exactly what transactional streams are designed for.

Broadcast streams are for bulk marketing emails (newsletters, promotions) sent to many recipients at once - not what Twenty uses.

Outbound is typically a Postmark term for their outbound SMTP relay, which is what you're configuring anyway.

So in your Postmark dashboard, create a Transactional Message Stream and use that Server API Token in your Twenty SMTP configuration.

How do I test if it's working?

The documentation doesn't have a built-in email test feature, but here are a few ways to verify your Postmark configuration is working:

Option 1: Trigger a Password Reset

1. Log out of Twenty
2. Go to the login page and click "Forgot Password"
3. Enter your email address
4. Check if you receive the password reset email

This is the simplest way to confirm the SMTP configuration is working end-to-end.

Option 2: Check Postmark Activity

After triggering a password reset (or any system email):

1. Log into your Postmark dashboard
2. Go to Activity on your Transactional stream
3. You should see the email attempt logged there with delivery status

Option 3: Check Container Logs

If emails aren't arriving, check your Docker container logs for SMTP errors:

docker logs <your-twenty-container-name>

Look for any SMTP connection errors or authentication failures.

Common Issues

If emails aren't sending:

• Verify your Server API Token is correct (used for both EMAIL_SMTP_USER and EMAIL_SMTP_PASSWORD)
• Confirm your sender domain is verified in Postmark
• Check that port 587 is not blocked by your firewall/hosting provider

I don't see any logs

With the 1-step Docker install, you need to first find your container name. Run:

docker ps

This will list your running containers. Look for the Twenty server container (likely named something like twenty-server or similar).

Then view the logs with:

docker logs twenty-server

Or to follow logs in real-time:

docker logs -f twenty-server

If you used the one-line install script, the container names are typically:

• twenty-server - main application
• twenty-postgres - database

If you still don't see any logs, the container might not be running. Check the status with docker ps -a to see all containers including stopped ones.

For email-specific issues, the logs should show SMTP connection attempts or errors when an email is triggered (like a password reset).

Still no logs