To access the Valimail platform, users should navigate to the official login portal located at https://app.valimail.com/. This is the primary gateway for managing DMARC, SPF, and DKIM configurations, ensuring that organizational email domains remain secure and authenticated.

The login process for Valimail varies depending on the organization's security configuration, ranging from standard email-and-password credentials to complex Enterprise Single Sign-On (SSO) integrations. Understanding these different access methods is essential for IT administrators and security professionals who rely on Valimail for domain protection.

Overview of Valimail Login Portals

Valimail provides distinct environments for different user needs. Identifying which portal to use is the first step in a successful login experience.

The Standard Management Portal

Most users searching for a Valimail login are looking for the main application interface. This portal is used for real-time insights into email traffic, authorizing sending services, and automating DMARC enforcement. The URL for this environment is consistently hosted on the app.valimail.com subdomain.

The Valimail Customer Portal

New customers or those undergoing specific onboarding projects may need to access the Valimail Customer Portal. This is distinct from the main product dashboard. Access to this portal is typically initiated via a specific link provided by a Valimail Professional Services (PS) engineer during the initial kickoff meeting. Unlike the main portal, which often uses persistent passwords or SSO, the Customer Portal frequently utilizes email-based verification codes for secure, project-specific access.

Standard Login Procedures

For organizations that have not yet implemented a centralized identity provider for Valimail, the standard login method remains the default.

Step-by-Step Credentials Entry

  1. Navigate to the official Valimail application page.
  2. Enter the registered corporate email address associated with the account.
  3. Enter the secure password.
  4. If prompted, complete the Multi-Factor Authentication (MFA) step, which may involve a code sent to a mobile device or generated by an authenticator app.

Verification Codes and One-Time Passwords

In certain scenarios—particularly when accessing the Customer Portal—the system does not require a traditional password. Instead:

  • A user enters their email address on the portal's landing page.
  • Valimail's system automatically generates a unique verification code.
  • The code is delivered to the user's inbox (typically within seconds).
  • The user inputs this code to complete the authentication session.

This method ensures that access is tied directly to the continued control of the corporate email account, providing an inherent layer of security for onboarding tasks.

Deep Dive: Enterprise Single Sign-On (SSO)

In enterprise environments, managing individual passwords for every security tool is inefficient and poses a security risk. Valimail supports Single Sign-On (SSO) using the SAML 2.0 protocol, allowing users to authenticate through their existing Identity Provider (IdP).

How SSO Works with Valimail

When SSO is enabled, Valimail offloads the authentication process to an IdP such as Microsoft Azure Active Directory (now Entra ID), Okta, or OneLogin. There are two primary flows for this:

1. SP-Initiated SSO (Service Provider Initiated)

In this flow, a user starts at app.valimail.com. Once the user enters their email address, the Valimail system recognizes the domain as an SSO-enabled organization. The password field is typically disabled, and a "Sign in with SSO" button appears. Clicking this redirects the user to the company’s internal login page (e.g., the Microsoft 365 or Okta login screen). After successful authentication there, the IdP sends a SAML assertion back to Valimail, granting access.

2. IDP-Initiated SSO (Identity Provider Initiated)

Users can also log in directly from their company's internal application dashboard. For example, a user logs into their Okta dashboard, clicks the Valimail icon, and is automatically redirected and signed into Valimail without ever visiting the login page directly.

Technical Configuration for Administrators

For a successful SSO login, the connection between the IdP and Valimail must be meticulously configured. During our testing of various integrations, we have found that even small discrepancies in attribute naming can cause authentication failures.

Essential SAML Parameters

When setting up a custom SAML 2.0 provider, the following parameters are mandatory:

  • Assertion Consumer Service (ACS) URL: https://app.valimail.com/sso/consume
  • Recipient URL: https://app.valimail.com/sso/consume
  • Destination: https://app.valimail.com/sso/consume
  • Audience URI (SP Entity ID): https://app.valimail.com
  • Name ID Format: This must be set to "Email Address".

Attribute Mapping and Claims

Valimail requires specific user attributes to be passed in the SAML assertion. These are case-sensitive and must be configured exactly as follows:

  • first_name: The user's given name.
  • last_name: The user's surname.

If these attributes are sent with different names (e.g., "FirstName" instead of "first_name"), the login will fail, or the user profile will not be correctly populated within the Valimail dashboard.

Integrating with Specific Identity Providers

Microsoft Azure AD (Entra ID) Integration

For organizations using the Microsoft ecosystem, integrating Valimail involves creating a "Non-Gallery" application within the Azure Portal.

  1. Application Setup: In the Azure Portal, navigate to Enterprise Applications and select "New Application."
  2. SAML Configuration: Use the Basic SAML Configuration section to input the Entity ID and ACS URL mentioned previously.
  3. Claim Management: Microsoft Azure adds several claims by default. Admins must ensure that the specific first_name and last_name claims are included.
  4. Metadata Exchange: The admin must download the Federation Metadata XML from Azure and upload it into the Valimail Account Settings under the "Account Security" tile.
  5. User Assignment: Crucially, users will not be able to log in via SSO unless they are specifically assigned to the Valimail application within Azure AD and have also been invited to the Valimail platform via their email address.

Okta and OneLogin

The process for Okta or OneLogin follows a similar logic. These providers often have pre-built connectors that simplify the process. However, the manual upload of the IdP Metadata file into the Valimail platform is still required to establish the trust relationship between the two services.

Navigating the Valimail Customer Portal

The Customer Portal serves a different purpose than the Enforce or Monitor products. It is a collaborative space where Valimail engineers share onboarding presentations and task lists.

Accessing Project Tasks

Upon logging into the Customer Portal, users will find a left-hand navigation menu containing:

  • Onboarding Kickoff Presentation: A reference for the strategy discussed during the initial call.
  • Pointing DNS Records: Step-by-step instructions for the specific DNS changes (like SPF macros or DKIM keys) required for the organization.
  • Onboarding Services Tasks: A comprehensive list of detected third-party vendors (e.g., Salesforce, Marketo, Zendesk) that need to be authorized.

Collaborative Login Features

One unique aspect of the Customer Portal login is the ability to communicate directly with Valimail engineers. Within the portal, once a user is authenticated, they can add comments, upload documents, or share URLs directly within active tasks. This eliminates the need for long email chains and ensures all login-related or configuration-related data is centralized.

Troubleshooting Common Login Problems

Despite a robust infrastructure, users may occasionally encounter hurdles when trying to access their accounts.

1. Forgotten Passwords

If an organization uses standard password-based authentication, users can reset their credentials by clicking the "Forgot Password" link on the app.valimail.com page.

  • Action: Enter the registered email address.
  • Outcome: A password reset link will be sent to the inbox. This link is typically time-sensitive for security reasons.

2. SSO Authentication Errors

SSO failures are usually the result of a configuration mismatch or user permission issues.

  • Message: "User not found": This occurs if the user has been authenticated by the IdP (e.g., Azure) but has not yet been invited to the Valimail platform. An administrator must add the user under Account Settings > Users.
  • Message: "Invalid SAML Response": This typically points to a certificate mismatch or an incorrect ACS URL. Admins should re-verify that the Metadata XML uploaded to Valimail is current.
  • Looping Redirects: If a user is stuck in a loop between the IdP and Valimail, clearing browser cookies and cache or using an Incognito/Private window often resolves the issue.

3. Verification Code Not Received

For users accessing the Customer Portal or using MFA:

  • Check the "Spam" or "Junk" folder.
  • Ensure that the organizational email gateway is not blocking automated messages from the valimail.com domain.
  • Wait at least 5 minutes before requesting a new code to avoid "invalidating" previous codes that might still be in transit.

4. Account Lockouts

After multiple failed login attempts, Valimail may temporarily lock an account to protect against brute-force attacks.

  • Resolution: Users should wait for the lockout period to expire (usually 15-30 minutes) or contact their internal IT helpdesk. Valimail support can also assist in unlocking accounts after verifying the user's identity.

Best Practices for Secure Account Access

Maintaining the integrity of a Valimail account is paramount, as this tool controls the reputation of the organization's email domains.

Verify the Domain

Always ensure that the browser's address bar displays https://app.valimail.com/ before entering any credentials. Phishing attempts often use look-alike domains to steal administrative credentials for security platforms.

Use a Password Manager

For organizations not using SSO, a robust password manager should be used to generate and store complex, unique passwords for Valimail. This prevents credential stuffing attacks.

Regular Permission Audits

Administrators should perform quarterly audits of the user list within the Valimail platform. Users who have left the company or changed roles should have their access revoked immediately to prevent unauthorized changes to DMARC policies.

Browser Compatibility

Valimail is optimized for modern web browsers. For the best login and navigation experience, users should use the latest versions of:

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Apple Safari

Avoid using outdated versions of Internet Explorer, as many of the modern SAML and CSS components of the Valimail dashboard may not render or function correctly.

Summary

Logging into Valimail is a straightforward process when the user understands their organization's specific authentication requirements. Whether using the primary management portal at app.valimail.com or the project-specific Customer Portal, the key is maintaining secure credentials and ensuring that SSO configurations are correctly mapped. By following the detailed steps for Azure AD, SAML 2.0, and standard credential management, users can ensure uninterrupted access to the tools they need to protect their organization's email identity.

FAQ

What is the official Valimail login URL?

The official login URL for the Valimail application is https://app.valimail.com/.

Can I log in to Valimail using my Microsoft 365 account?

Yes, if your IT administrator has configured Single Sign-On (SSO) integration with Microsoft Azure AD (Entra ID), you can log in using your Microsoft credentials.

Why am I being asked for a verification code?

Verification codes are used for the Valimail Customer Portal or as a second layer of security (MFA) to ensure that only authorized users can access sensitive email authentication settings.

How do I access the Valimail Customer Portal?

You will receive a unique link to the Customer Portal from your Valimail Professional Services engineer during your onboarding process.

What should I do if my SSO login is failing?

First, try opening an Incognito or Private browser window. If the problem persists, contact your internal IT administrator to ensure your user account is assigned to the Valimail app in your Identity Provider (like Okta or Azure) and that you have been invited to the Valimail platform.

Is there a separate login for Valimail Monitor and Valimail Enforce?

No, both Valimail Monitor and Enforce are accessed through the same primary login portal at app.valimail.com. Your specific permissions and subscription level will determine which features you see once logged in.

How do I reset my Valimail password?

On the login page (app.valimail.com), click the "Forgot Password" link and enter your email address to receive a reset link. Note that this option is only available for accounts using standard password authentication, not those using SSO.