feat: SMTP Templates (#6932)

* feat: smtp templates poc * feat: add isActive & ProviderType to SMTP backend * feat: change providertype to uint32 and fix tests * feat: minimal smtp provider component * feat: woking on diiferent providers * feat: keep working on providers * feat: initial stepper for new provider * fix: settings list and working on stepper * feat: step 1 and 2 form inputs * feat: starter for smtp test step * fix: misspelled SMPT * fix: remove tests for now * feat: add tls toggle remove old google provider * feat: working on add smtp and table * fix: duplicated identifiers * fix: settings list * fix: add missing smtp config properties * fix: add configID to smtp config table * fix: working on listproviders * feat: working in listSMTPConfigs * fix: add count to listsmtpconfigs * fix: getting empty results from listSMTPConfigs * feat: table now shows real data * fix: remaining styles for smtp-table * fix: remove old notification-smtp-provider-component * feat: delete smtp configuration * feat: deactivate smtp config * feat: replace isActive with state for smtp config * feat: activate smtp config * fix: remaining errors after main merge * fix: list smtp providers panic and material mdc * feat: refactor to only one provider component * feat: current provider details view * fix: refactor AddSMTPConfig and ChangeSMTPConfig * fix: smtp config reduce issue * fix: recover domain in NewIAMSMTPConfigWriteModel * fix: add code needed by SetUpInstance * fix: go tests and warn about passing context to InstanceAggregateFromWriteModel * fix: i18n and add missing trans for fr, it, zh * fix: add e2e tests * docs: add smtp templates * fix: remove provider_type, add description * fix: remaining error from merge main * fix: add @stebenz change for primary key * fix: inactive placed after removed to prevent deleted configs to show as inactive * fix: smtp provider id can be empty (migrated) * feat: add mailchimp transactional template * feat: add Brevo (Sendinblue) template * feat: change brevo logo, add color to tls icon * fix: queries use resourceowner, id must not be empty * fix: deal with old smtp settings and tests * fix: resourceOwner is the instanceID * fix: remove aggregate_id, rename SMTPConfigByAggregateID with SMTPConfigActive * fix: add tests for multiple configs with different IDs * fix: conflict * fix: remove notification-smtp-provider * fix: add @peintnermax suggestions, rename module and fix e2e tests * fix: remove material legacy modules * fix: remove ctx as parameter for InstanceAggregateFromWriteModel * fix: add Id to SMTPConfigToPb * fix: change InstanceAggregateFromWriteModel to avoid linter errors * fix import * rm unused package-lock * update yarn lock --------- Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-13 02:58:11 +00:00 · 2024-04-11 09:16:10 +02:00
parent e2f0cd034a
commit d229da6af7
93 changed files with 6359 additions and 6132 deletions
--- a/internal/api/grpc/admin/iam_settings.go
+++ b/internal/api/grpc/admin/iam_settings.go
@@ -3,7 +3,6 @@ package admin
 import (
 	"context"

-	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/object"
 	admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin"
 )
@@ -46,68 +45,6 @@ func (s *Server) UpdateSecretGenerator(ctx context.Context, req *admin_pb.Update
 	}, nil
 }

-func (s *Server) GetSMTPConfig(ctx context.Context, req *admin_pb.GetSMTPConfigRequest) (*admin_pb.GetSMTPConfigResponse, error) {
-	smtp, err := s.query.SMTPConfigByAggregateID(ctx, authz.GetInstance(ctx).InstanceID())
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.GetSMTPConfigResponse{
-		SmtpConfig: SMTPConfigToPb(smtp),
-	}, nil
-}
-
-func (s *Server) AddSMTPConfig(ctx context.Context, req *admin_pb.AddSMTPConfigRequest) (*admin_pb.AddSMTPConfigResponse, error) {
-	details, err := s.command.AddSMTPConfig(ctx, AddSMTPToConfig(req))
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.AddSMTPConfigResponse{
-		Details: object.ChangeToDetailsPb(
-			details.Sequence,
-			details.EventDate,
-			details.ResourceOwner),
-	}, nil
-}
-
-func (s *Server) UpdateSMTPConfig(ctx context.Context, req *admin_pb.UpdateSMTPConfigRequest) (*admin_pb.UpdateSMTPConfigResponse, error) {
-	details, err := s.command.ChangeSMTPConfig(ctx, UpdateSMTPToConfig(req))
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.UpdateSMTPConfigResponse{
-		Details: object.ChangeToDetailsPb(
-			details.Sequence,
-			details.EventDate,
-			details.ResourceOwner),
-	}, nil
-}
-
-func (s *Server) RemoveSMTPConfig(ctx context.Context, _ *admin_pb.RemoveSMTPConfigRequest) (*admin_pb.RemoveSMTPConfigResponse, error) {
-	details, err := s.command.RemoveSMTPConfig(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.RemoveSMTPConfigResponse{
-		Details: object.ChangeToDetailsPb(
-			details.Sequence,
-			details.EventDate,
-			details.ResourceOwner),
-	}, nil
-}
-
-func (s *Server) UpdateSMTPConfigPassword(ctx context.Context, req *admin_pb.UpdateSMTPConfigPasswordRequest) (*admin_pb.UpdateSMTPConfigPasswordResponse, error) {
-	details, err := s.command.ChangeSMTPConfigPassword(ctx, req.Password)
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.UpdateSMTPConfigPasswordResponse{
-		Details: object.ChangeToDetailsPb(
-			details.Sequence,
-			details.EventDate,
-			details.ResourceOwner),
-	}, nil
-}
-
 func (s *Server) GetSecurityPolicy(ctx context.Context, req *admin_pb.GetSecurityPolicyRequest) (*admin_pb.GetSecurityPolicyResponse, error) {
 	policy, err := s.query.SecurityPolicy(ctx)
 	if err != nil {
--- a/internal/api/grpc/admin/iam_settings_converter.go
+++ b/internal/api/grpc/admin/iam_settings_converter.go
@@ -133,6 +133,7 @@ func SecretGeneratorTypeToDomain(generatorType settings_pb.SecretGeneratorType)

 func AddSMTPToConfig(req *admin_pb.AddSMTPConfigRequest) *smtp.Config {
 	return &smtp.Config{
+		Description:    req.Description,
 		Tls:            req.Tls,
 		From:           req.SenderAddress,
 		FromName:       req.SenderName,
@@ -147,26 +148,30 @@ func AddSMTPToConfig(req *admin_pb.AddSMTPConfigRequest) *smtp.Config {

 func UpdateSMTPToConfig(req *admin_pb.UpdateSMTPConfigRequest) *smtp.Config {
 	return &smtp.Config{
+		Description:    req.Description,
 		Tls:            req.Tls,
 		From:           req.SenderAddress,
 		FromName:       req.SenderName,
 		ReplyToAddress: req.ReplyToAddress,
 		SMTP: smtp.SMTP{
-			Host: req.Host,
-			User: req.User,
+			Host:     req.Host,
+			User:     req.User,
+			Password: req.Password,
 		},
 	}
 }

 func SMTPConfigToPb(smtp *query.SMTPConfig) *settings_pb.SMTPConfig {
 	mapped := &settings_pb.SMTPConfig{
+		Description:    smtp.Description,
 		Tls:            smtp.TLS,
 		SenderAddress:  smtp.SenderAddress,
 		SenderName:     smtp.SenderName,
 		ReplyToAddress: smtp.ReplyToAddress,
 		Host:           smtp.Host,
 		User:           smtp.User,
-		Details:        obj_grpc.ToViewDetailsPb(smtp.Sequence, smtp.CreationDate, smtp.ChangeDate, smtp.AggregateID),
+		Details:        obj_grpc.ToViewDetailsPb(smtp.Sequence, smtp.CreationDate, smtp.ChangeDate, smtp.ResourceOwner),
+		Id:             smtp.ID,
 	}
 	return mapped
 }
--- a/internal/api/grpc/admin/smtp.go
+++ b/internal/api/grpc/admin/smtp.go
@@ -0,0 +1,130 @@
+package admin
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/grpc/object"
+	admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) GetSMTPConfig(ctx context.Context, req *admin_pb.GetSMTPConfigRequest) (*admin_pb.GetSMTPConfigResponse, error) {
+	smtp, err := s.query.SMTPConfigActive(ctx, authz.GetInstance(ctx).InstanceID())
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetSMTPConfigResponse{
+		SmtpConfig: SMTPConfigToPb(smtp),
+	}, nil
+}
+
+func (s *Server) GetSMTPConfigById(ctx context.Context, req *admin_pb.GetSMTPConfigByIdRequest) (*admin_pb.GetSMTPConfigByIdResponse, error) {
+	instanceID := authz.GetInstance(ctx).InstanceID()
+	resourceOwner := instanceID // Will be replaced when orgs have smtp configs
+
+	smtp, err := s.query.SMTPConfigByID(ctx, instanceID, resourceOwner, req.Id)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetSMTPConfigByIdResponse{
+		SmtpConfig: SMTPConfigToPb(smtp),
+	}, nil
+}
+
+func (s *Server) AddSMTPConfig(ctx context.Context, req *admin_pb.AddSMTPConfigRequest) (*admin_pb.AddSMTPConfigResponse, error) {
+	id, details, err := s.command.AddSMTPConfig(ctx, authz.GetInstance(ctx).InstanceID(), AddSMTPToConfig(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.AddSMTPConfigResponse{
+		Details: object.ChangeToDetailsPb(
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner),
+		Id: id,
+	}, nil
+}
+
+func (s *Server) UpdateSMTPConfig(ctx context.Context, req *admin_pb.UpdateSMTPConfigRequest) (*admin_pb.UpdateSMTPConfigResponse, error) {
+	details, err := s.command.ChangeSMTPConfig(ctx, authz.GetInstance(ctx).InstanceID(), req.Id, UpdateSMTPToConfig(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateSMTPConfigResponse{
+		Details: object.ChangeToDetailsPb(
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner),
+	}, nil
+}
+
+func (s *Server) RemoveSMTPConfig(ctx context.Context, req *admin_pb.RemoveSMTPConfigRequest) (*admin_pb.RemoveSMTPConfigResponse, error) {
+	details, err := s.command.RemoveSMTPConfig(ctx, authz.GetInstance(ctx).InstanceID(), req.Id)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.RemoveSMTPConfigResponse{
+		Details: object.ChangeToDetailsPb(
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner),
+	}, nil
+}
+
+func (s *Server) UpdateSMTPConfigPassword(ctx context.Context, req *admin_pb.UpdateSMTPConfigPasswordRequest) (*admin_pb.UpdateSMTPConfigPasswordResponse, error) {
+	details, err := s.command.ChangeSMTPConfigPassword(ctx, authz.GetInstance(ctx).InstanceID(), req.Id, req.Password)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateSMTPConfigPasswordResponse{
+		Details: object.ChangeToDetailsPb(
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner),
+	}, nil
+}
+
+func (s *Server) ListSMTPConfigs(ctx context.Context, req *admin_pb.ListSMTPConfigsRequest) (*admin_pb.ListSMTPConfigsResponse, error) {
+	queries, err := listSMTPConfigsToModel(req)
+	if err != nil {
+		return nil, err
+	}
+	result, err := s.query.SearchSMTPConfigs(ctx, queries)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.ListSMTPConfigsResponse{
+		Details: object.ToListDetails(result.Count, result.Sequence, result.LastRun),
+		Result:  SMTPConfigsToPb(result.Configs),
+	}, nil
+}
+
+func (s *Server) ActivateSMTPConfig(ctx context.Context, req *admin_pb.ActivateSMTPConfigRequest) (*admin_pb.ActivateSMTPConfigResponse, error) {
+	// Get the ID of current SMTP active provider if any
+	currentActiveProviderID := ""
+	smtp, err := s.query.SMTPConfigActive(ctx, authz.GetInstance(ctx).InstanceID())
+	if err == nil {
+		currentActiveProviderID = smtp.ID
+	}
+
+	result, err := s.command.ActivateSMTPConfig(ctx, authz.GetInstance(ctx).InstanceID(), req.Id, currentActiveProviderID)
+	if err != nil {
+		return nil, err
+
+	}
+
+	return &admin_pb.ActivateSMTPConfigResponse{
+		Details: object.DomainToAddDetailsPb(result),
+	}, nil
+}
+
+func (s *Server) DeactivateSMTPConfig(ctx context.Context, req *admin_pb.DeactivateSMTPConfigRequest) (*admin_pb.DeactivateSMTPConfigResponse, error) {
+	result, err := s.command.DeactivateSMTPConfig(ctx, authz.GetInstance(ctx).InstanceID(), req.Id)
+	if err != nil {
+		return nil, err
+
+	}
+	return &admin_pb.DeactivateSMTPConfigResponse{
+		Details: object.DomainToAddDetailsPb(result),
+	}, nil
+}
--- a/internal/api/grpc/admin/smtp_converters.go
+++ b/internal/api/grpc/admin/smtp_converters.go
@@ -0,0 +1,41 @@
+package admin
+
+import (
+	"github.com/zitadel/zitadel/internal/api/grpc/object"
+	"github.com/zitadel/zitadel/internal/query"
+	admin_pb "github.com/zitadel/zitadel/pkg/grpc/admin"
+	settings_pb "github.com/zitadel/zitadel/pkg/grpc/settings"
+)
+
+func listSMTPConfigsToModel(req *admin_pb.ListSMTPConfigsRequest) (*query.SMTPConfigsSearchQueries, error) {
+	offset, limit, asc := object.ListQueryToModel(req.Query)
+	return &query.SMTPConfigsSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
+	}, nil
+}
+
+func SMTPConfigToProviderPb(config *query.SMTPConfig) *settings_pb.SMTPConfig {
+	return &settings_pb.SMTPConfig{
+		Details:       object.ToViewDetailsPb(config.Sequence, config.CreationDate, config.ChangeDate, config.ResourceOwner),
+		Id:            config.ID,
+		Description:   config.Description,
+		Tls:           config.TLS,
+		Host:          config.Host,
+		User:          config.User,
+		State:         settings_pb.SMTPConfigState(config.State),
+		SenderAddress: config.SenderAddress,
+		SenderName:    config.SenderName,
+	}
+}
+
+func SMTPConfigsToPb(configs []*query.SMTPConfig) []*settings_pb.SMTPConfig {
+	c := make([]*settings_pb.SMTPConfig, len(configs))
+	for i, config := range configs {
+		c[i] = SMTPConfigToProviderPb(config)
+	}
+	return c
+}
--- a/internal/command/instance.go
+++ b/internal/command/instance.go
@@ -391,6 +391,7 @@ func setupSMTPSettings(commands *Commands, validations *[]preparation.Validation
 	*validations = append(*validations,
 		commands.prepareAddSMTPConfig(
 			instanceAgg,
+			smtpConfig.Description,
 			smtpConfig.From,
 			smtpConfig.FromName,
 			smtpConfig.ReplyToAddress,
--- a/internal/command/instance_model.go
+++ b/internal/command/instance_model.go
@@ -82,5 +82,11 @@ func (wm *InstanceWriteModel) Query() *eventstore.SearchQueryBuilder {
 }

 func InstanceAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
-	return eventstore.AggregateFromWriteModel(wm, instance.AggregateType, instance.AggregateVersion)
+	return &eventstore.Aggregate{
+		ID:            wm.AggregateID,
+		Type:          instance.AggregateType,
+		ResourceOwner: wm.ResourceOwner,
+		InstanceID:    wm.InstanceID,
+		Version:       instance.AggregateVersion,
+	}
 }
--- a/internal/command/instance_smtp_config_model.go
+++ b/internal/command/instance_smtp_config_model.go
@@ -9,16 +9,18 @@ import (
 	"github.com/zitadel/zitadel/internal/repository/instance"
 )

-type InstanceSMTPConfigWriteModel struct {
+type IAMSMTPConfigWriteModel struct {
 	eventstore.WriteModel

-	SenderAddress  string
-	SenderName     string
-	ReplyToAddress string
+	ID             string
+	Description    string
 	TLS            bool
 	Host           string
 	User           string
 	Password       *crypto.CryptoValue
+	SenderAddress  string
+	SenderName     string
+	ReplyToAddress string
 	State          domain.SMTPConfigState

 	domain                                 string
@@ -26,17 +28,19 @@ type InstanceSMTPConfigWriteModel struct {
 	smtpSenderAddressMatchesInstanceDomain bool
 }

-func NewInstanceSMTPConfigWriteModel(instanceID, domain string) *InstanceSMTPConfigWriteModel {
-	return &InstanceSMTPConfigWriteModel{
+func NewIAMSMTPConfigWriteModel(instanceID, id, domain string) *IAMSMTPConfigWriteModel {
+	return &IAMSMTPConfigWriteModel{
 		WriteModel: eventstore.WriteModel{
 			AggregateID:   instanceID,
 			ResourceOwner: instanceID,
+			InstanceID:    instanceID,
 		},
+		ID:     id,
 		domain: domain,
 	}
 }

-func (wm *InstanceSMTPConfigWriteModel) AppendEvents(events ...eventstore.Event) {
+func (wm *IAMSMTPConfigWriteModel) AppendEvents(events ...eventstore.Event) {
 	for _, event := range events {
 		switch e := event.(type) {
 		case *instance.DomainAddedEvent:
@@ -56,46 +60,34 @@ func (wm *InstanceSMTPConfigWriteModel) AppendEvents(events ...eventstore.Event)
 	}
 }

-func (wm *InstanceSMTPConfigWriteModel) Reduce() error {
+func (wm *IAMSMTPConfigWriteModel) Reduce() error {
 	for _, event := range wm.Events {
 		switch e := event.(type) {
 		case *instance.SMTPConfigAddedEvent:
-			wm.TLS = e.TLS
-			wm.SenderAddress = e.SenderAddress
-			wm.SenderName = e.SenderName
-			wm.ReplyToAddress = e.ReplyToAddress
-			wm.Host = e.Host
-			wm.User = e.User
-			wm.Password = e.Password
-			wm.State = domain.SMTPConfigStateActive
+			if wm.ID != e.ID {
+				continue
+			}
+			wm.reduceSMTPConfigAddedEvent(e)
 		case *instance.SMTPConfigChangedEvent:
-			if e.TLS != nil {
-				wm.TLS = *e.TLS
-			}
-			if e.FromAddress != nil {
-				wm.SenderAddress = *e.FromAddress
-			}
-			if e.FromName != nil {
-				wm.SenderName = *e.FromName
-			}
-			if e.ReplyToAddress != nil {
-				wm.ReplyToAddress = *e.ReplyToAddress
-			}
-			if e.Host != nil {
-				wm.Host = *e.Host
-			}
-			if e.User != nil {
-				wm.User = *e.User
+			if wm.ID != e.ID {
+				continue
 			}
+			wm.reduceSMTPConfigChangedEvent(e)
 		case *instance.SMTPConfigRemovedEvent:
-			wm.State = domain.SMTPConfigStateRemoved
-			wm.TLS = false
-			wm.SenderName = ""
-			wm.SenderAddress = ""
-			wm.ReplyToAddress = ""
-			wm.Host = ""
-			wm.User = ""
-			wm.Password = nil
+			if wm.ID != e.ID {
+				continue
+			}
+			wm.reduceSMTPConfigRemovedEvent(e)
+		case *instance.SMTPConfigActivatedEvent:
+			if wm.ID != e.ID {
+				continue
+			}
+			wm.State = domain.SMTPConfigStateActive
+		case *instance.SMTPConfigDeactivatedEvent:
+			if wm.ID != e.ID {
+				continue
+			}
+			wm.State = domain.SMTPConfigStateInactive
 		case *instance.DomainAddedEvent:
 			wm.domainState = domain.InstanceDomainStateActive
 		case *instance.DomainRemovedEvent:
@@ -111,7 +103,13 @@ func (wm *InstanceSMTPConfigWriteModel) Reduce() error {
 	return wm.WriteModel.Reduce()
 }

-func (wm *InstanceSMTPConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
+func (wm *IAMSMTPConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
+	// If ID equals ResourceOwner we're dealing with the old and unique smtp settings
+	// Let's set the empty ID for the query
+	if wm.ID == wm.ResourceOwner {
+		wm.ID = ""
+	}
+
 	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
 		ResourceOwner(wm.ResourceOwner).
 		AddQuery().
@@ -122,6 +120,9 @@ func (wm *InstanceSMTPConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
 			instance.SMTPConfigRemovedEventType,
 			instance.SMTPConfigChangedEventType,
 			instance.SMTPConfigPasswordChangedEventType,
+			instance.SMTPConfigActivatedEventType,
+			instance.SMTPConfigDeactivatedEventType,
+			instance.SMTPConfigRemovedEventType,
 			instance.InstanceDomainAddedEventType,
 			instance.InstanceDomainRemovedEventType,
 			instance.DomainPolicyAddedEventType,
@@ -129,10 +130,16 @@ func (wm *InstanceSMTPConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
 		Builder()
 }

-func (wm *InstanceSMTPConfigWriteModel) NewChangedEvent(ctx context.Context, aggregate *eventstore.Aggregate, tls bool, fromAddress, fromName, replyToAddress, smtpHost, smtpUser string) (*instance.SMTPConfigChangedEvent, bool, error) {
+func (wm *IAMSMTPConfigWriteModel) NewChangedEvent(ctx context.Context, aggregate *eventstore.Aggregate, id, description string, tls bool, fromAddress, fromName, replyToAddress, smtpHost, smtpUser string, smtpPassword *crypto.CryptoValue) (*instance.SMTPConfigChangedEvent, bool, error) {
 	changes := make([]instance.SMTPConfigChanges, 0)
 	var err error

+	if wm.ID != id {
+		changes = append(changes, instance.ChangeSMTPConfigID(id))
+	}
+	if wm.Description != description {
+		changes = append(changes, instance.ChangeSMTPConfigDescription(description))
+	}
 	if wm.TLS != tls {
 		changes = append(changes, instance.ChangeSMTPConfigTLS(tls))
 	}
@@ -151,13 +158,87 @@ func (wm *InstanceSMTPConfigWriteModel) NewChangedEvent(ctx context.Context, agg
 	if wm.User != smtpUser {
 		changes = append(changes, instance.ChangeSMTPConfigSMTPUser(smtpUser))
 	}
-
+	if smtpPassword != nil {
+		changes = append(changes, instance.ChangeSMTPConfigSMTPPassword(smtpPassword))
+	}
 	if len(changes) == 0 {
 		return nil, false, nil
 	}
-	changeEvent, err := instance.NewSMTPConfigChangeEvent(ctx, aggregate, changes)
+	changeEvent, err := instance.NewSMTPConfigChangeEvent(ctx, aggregate, id, changes)
 	if err != nil {
 		return nil, false, err
 	}
 	return changeEvent, true, nil
 }
+
+func (wm *IAMSMTPConfigWriteModel) reduceSMTPConfigAddedEvent(e *instance.SMTPConfigAddedEvent) {
+	wm.Description = e.Description
+	wm.TLS = e.TLS
+	wm.Host = e.Host
+	wm.User = e.User
+	wm.Password = e.Password
+	wm.SenderAddress = e.SenderAddress
+	wm.SenderName = e.SenderName
+	wm.ReplyToAddress = e.ReplyToAddress
+	wm.State = domain.SMTPConfigStateInactive
+	// If ID has empty value we're dealing with the old and unique smtp settings
+	// These would be the default values for ID and State
+	if e.ID == "" {
+		wm.Description = "generic"
+		wm.ID = e.Aggregate().ResourceOwner
+		wm.State = domain.SMTPConfigStateActive
+	}
+}
+
+func (wm *IAMSMTPConfigWriteModel) reduceSMTPConfigChangedEvent(e *instance.SMTPConfigChangedEvent) {
+	if e.Description != nil {
+		wm.Description = *e.Description
+	}
+	if e.TLS != nil {
+		wm.TLS = *e.TLS
+	}
+	if e.Host != nil {
+		wm.Host = *e.Host
+	}
+	if e.User != nil {
+		wm.User = *e.User
+	}
+	if e.Password != nil {
+		wm.Password = e.Password
+	}
+	if e.FromAddress != nil {
+		wm.SenderAddress = *e.FromAddress
+	}
+	if e.FromName != nil {
+		wm.SenderName = *e.FromName
+	}
+	if e.ReplyToAddress != nil {
+		wm.ReplyToAddress = *e.ReplyToAddress
+	}
+
+	// If ID has empty value we're dealing with the old and unique smtp settings
+	// These would be the default values for ID and State
+	if e.ID == "" {
+		wm.Description = "generic"
+		wm.ID = e.Aggregate().ResourceOwner
+		wm.State = domain.SMTPConfigStateActive
+	}
+}
+
+func (wm *IAMSMTPConfigWriteModel) reduceSMTPConfigRemovedEvent(e *instance.SMTPConfigRemovedEvent) {
+	wm.Description = ""
+	wm.TLS = false
+	wm.SenderName = ""
+	wm.SenderAddress = ""
+	wm.ReplyToAddress = ""
+	wm.Host = ""
+	wm.User = ""
+	wm.Password = nil
+	wm.State = domain.SMTPConfigStateRemoved
+
+	// If ID has empty value we're dealing with the old and unique smtp settings
+	// These would be the default values for ID and State
+	if e.ID == "" {
+		wm.ID = e.Aggregate().ResourceOwner
+	}
+}
--- a/internal/command/smtp.go
+++ b/internal/command/smtp.go
@@ -15,51 +15,153 @@ import (
 	"github.com/zitadel/zitadel/internal/zerrors"
 )

-func (c *Commands) AddSMTPConfig(ctx context.Context, config *smtp.Config) (*domain.ObjectDetails, error) {
-	instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
-	validation := c.prepareAddSMTPConfig(instanceAgg, config.From, config.FromName, config.ReplyToAddress, config.SMTP.Host, config.SMTP.User, []byte(config.SMTP.Password), config.Tls)
-	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
+func (c *Commands) AddSMTPConfig(ctx context.Context, instanceID string, config *smtp.Config) (string, *domain.ObjectDetails, error) {
+	id, err := c.idGenerator.Next()
 	if err != nil {
-		return nil, err
+		return "", nil, err
 	}
-	events, err := c.eventstore.Push(ctx, cmds...)
+
+	from := strings.TrimSpace(config.From)
+	if from == "" {
+		return "", nil, zerrors.ThrowInvalidArgument(nil, "INST-ASv2d", "Errors.Invalid.Argument")
+	}
+	fromSplitted := strings.Split(from, "@")
+	senderDomain := fromSplitted[len(fromSplitted)-1]
+	description := strings.TrimSpace(config.Description)
+	replyTo := strings.TrimSpace(config.ReplyToAddress)
+	hostAndPort := strings.TrimSpace(config.SMTP.Host)
+
+	if _, _, err := net.SplitHostPort(hostAndPort); err != nil {
+		return "", nil, zerrors.ThrowInvalidArgument(nil, "INST-9JdRe", "Errors.Invalid.Argument")
+	}
+
+	var smtpPassword *crypto.CryptoValue
+	if config.SMTP.Password != "" {
+		smtpPassword, err = crypto.Encrypt([]byte(config.SMTP.Password), c.smtpEncryption)
+		if err != nil {
+			return "", nil, err
+		}
+	}
+
+	smtpConfigWriteModel, err := c.getSMTPConfig(ctx, instanceID, id, senderDomain)
 	if err != nil {
-		return nil, err
+		return "", nil, err
 	}
-	return &domain.ObjectDetails{
-		Sequence:      events[len(events)-1].Sequence(),
-		EventDate:     events[len(events)-1].CreatedAt(),
-		ResourceOwner: events[len(events)-1].Aggregate().InstanceID,
-	}, nil
+
+	err = checkSenderAddress(smtpConfigWriteModel)
+	if err != nil {
+		return "", nil, err
+	}
+
+	iamAgg := InstanceAggregateFromWriteModel(&smtpConfigWriteModel.WriteModel)
+	pushedEvents, err := c.eventstore.Push(ctx, instance.NewSMTPConfigAddedEvent(
+		ctx,
+		iamAgg,
+		id,
+		description,
+		config.Tls,
+		config.From,
+		config.FromName,
+		replyTo,
+		hostAndPort,
+		config.SMTP.User,
+		smtpPassword,
+	))
+	if err != nil {
+		return "", nil, err
+	}
+
+	err = AppendAndReduce(smtpConfigWriteModel, pushedEvents...)
+	if err != nil {
+		return "", nil, err
+	}
+	return id, writeModelToObjectDetails(&smtpConfigWriteModel.WriteModel), nil
 }

-func (c *Commands) ChangeSMTPConfig(ctx context.Context, config *smtp.Config) (*domain.ObjectDetails, error) {
-	instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
-	validation := c.prepareChangeSMTPConfig(instanceAgg, config.From, config.FromName, config.ReplyToAddress, config.SMTP.Host, config.SMTP.User, config.Tls)
-	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
+func (c *Commands) ChangeSMTPConfig(ctx context.Context, instanceID string, id string, config *smtp.Config) (*domain.ObjectDetails, error) {
+	if id == "" {
+		return nil, zerrors.ThrowInvalidArgument(nil, "SMTP-x8vo9", "Errors.IDMissing")
+	}
+
+	from := strings.TrimSpace(config.From)
+	if from == "" {
+		return nil, zerrors.ThrowInvalidArgument(nil, "INST-HSv2d", "Errors.Invalid.Argument")
+	}
+	fromSplitted := strings.Split(from, "@")
+	senderDomain := fromSplitted[len(fromSplitted)-1]
+	description := strings.TrimSpace(config.Description)
+	replyTo := strings.TrimSpace(config.ReplyToAddress)
+	hostAndPort := strings.TrimSpace(config.SMTP.Host)
+	if _, _, err := net.SplitHostPort(hostAndPort); err != nil {
+		return nil, zerrors.ThrowInvalidArgument(nil, "INST-Kv875", "Errors.Invalid.Argument")
+	}
+
+	var smtpPassword *crypto.CryptoValue
+	var err error
+	if config.SMTP.Password != "" {
+		smtpPassword, err = crypto.Encrypt([]byte(config.SMTP.Password), c.smtpEncryption)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	smtpConfigWriteModel, err := c.getSMTPConfig(ctx, instanceID, id, senderDomain)
 	if err != nil {
 		return nil, err
 	}
-	events, err := c.eventstore.Push(ctx, cmds...)
+
+	if !smtpConfigWriteModel.State.Exists() {
+		return nil, zerrors.ThrowNotFound(nil, "COMMAND-7j8gv", "Errors.SMTPConfig.NotFound")
+	}
+
+	err = checkSenderAddress(smtpConfigWriteModel)
 	if err != nil {
 		return nil, err
 	}
-	return &domain.ObjectDetails{
-		Sequence:      events[len(events)-1].Sequence(),
-		EventDate:     events[len(events)-1].CreatedAt(),
-		ResourceOwner: events[len(events)-1].Aggregate().InstanceID,
-	}, nil
+
+	iamAgg := InstanceAggregateFromWriteModel(&smtpConfigWriteModel.WriteModel)
+
+	changedEvent, hasChanged, err := smtpConfigWriteModel.NewChangedEvent(
+		ctx,
+		iamAgg,
+		id,
+		description,
+		config.Tls,
+		from,
+		config.FromName,
+		replyTo,
+		hostAndPort,
+		config.SMTP.User,
+		smtpPassword,
+	)
+	if err != nil {
+		return nil, err
+	}
+	if !hasChanged {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-lh3op", "Errors.NoChangesFound")
+	}
+
+	pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(smtpConfigWriteModel, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+	return writeModelToObjectDetails(&smtpConfigWriteModel.WriteModel), nil
 }

-func (c *Commands) ChangeSMTPConfigPassword(ctx context.Context, password string) (*domain.ObjectDetails, error) {
+func (c *Commands) ChangeSMTPConfigPassword(ctx context.Context, instanceID, id string, password string) (*domain.ObjectDetails, error) {
 	instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
-	smtpConfigWriteModel, err := getSMTPConfigWriteModel(ctx, c.eventstore.Filter, "")
+	smtpConfigWriteModel, err := c.getSMTPConfig(ctx, instanceID, id, "")
 	if err != nil {
 		return nil, err
 	}
 	if smtpConfigWriteModel.State != domain.SMTPConfigStateActive {
 		return nil, zerrors.ThrowNotFound(nil, "COMMAND-3n9ls", "Errors.SMTPConfig.NotFound")
 	}
+
 	var smtpPassword *crypto.CryptoValue
 	if password != "" {
 		smtpPassword, err = crypto.Encrypt([]byte(password), c.smtpEncryption)
@@ -67,39 +169,144 @@ func (c *Commands) ChangeSMTPConfigPassword(ctx context.Context, password string
 			return nil, err
 		}
 	}
-	events, err := c.eventstore.Push(ctx, instance.NewSMTPConfigPasswordChangedEvent(
+
+	pushedEvents, err := c.eventstore.Push(ctx, instance.NewSMTPConfigPasswordChangedEvent(
 		ctx,
 		&instanceAgg.Aggregate,
+		id,
 		smtpPassword))
 	if err != nil {
 		return nil, err
 	}
-	return &domain.ObjectDetails{
-		Sequence:      events[len(events)-1].Sequence(),
-		EventDate:     events[len(events)-1].CreatedAt(),
-		ResourceOwner: events[len(events)-1].Aggregate().InstanceID,
-	}, nil
-}
-
-func (c *Commands) RemoveSMTPConfig(ctx context.Context) (*domain.ObjectDetails, error) {
-	instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
-	validation := c.prepareRemoveSMTPConfig(instanceAgg)
-	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
+	err = AppendAndReduce(smtpConfigWriteModel, pushedEvents...)
 	if err != nil {
 		return nil, err
 	}
-	events, err := c.eventstore.Push(ctx, cmds...)
+
+	return writeModelToObjectDetails(&smtpConfigWriteModel.WriteModel), nil
+}
+
+func (c *Commands) ActivateSMTPConfig(ctx context.Context, instanceID, id, activatedId string) (*domain.ObjectDetails, error) {
+	if id == "" {
+		return nil, zerrors.ThrowInvalidArgument(nil, "SMTP-nm56k", "Errors.IDMissing")
+	}
+
+	if len(activatedId) > 0 {
+		_, err := c.DeactivateSMTPConfig(ctx, instanceID, activatedId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	smtpConfigWriteModel, err := c.getSMTPConfig(ctx, instanceID, id, "")
 	if err != nil {
 		return nil, err
 	}
-	return &domain.ObjectDetails{
-		Sequence:      events[len(events)-1].Sequence(),
-		EventDate:     events[len(events)-1].CreatedAt(),
-		ResourceOwner: events[len(events)-1].Aggregate().InstanceID,
-	}, nil
+
+	if !smtpConfigWriteModel.State.Exists() {
+		return nil, zerrors.ThrowNotFound(nil, "COMMAND-kg8yr", "Errors.SMTPConfig.NotFound")
+	}
+
+	if smtpConfigWriteModel.State == domain.SMTPConfigStateActive {
+		return nil, zerrors.ThrowNotFound(nil, "COMMAND-ed3lr", "Errors.SMTPConfig.AlreadyActive")
+	}
+
+	iamAgg := InstanceAggregateFromWriteModel(&smtpConfigWriteModel.WriteModel)
+	pushedEvents, err := c.eventstore.Push(ctx, instance.NewSMTPConfigActivatedEvent(
+		ctx,
+		iamAgg,
+		id))
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(smtpConfigWriteModel, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+	return writeModelToObjectDetails(&smtpConfigWriteModel.WriteModel), nil
 }

-func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation {
+func (c *Commands) DeactivateSMTPConfig(ctx context.Context, instanceID, id string) (*domain.ObjectDetails, error) {
+	if id == "" {
+		return nil, zerrors.ThrowInvalidArgument(nil, "SMTP-98ikl", "Errors.IDMissing")
+	}
+
+	smtpConfigWriteModel, err := c.getSMTPConfig(ctx, instanceID, id, "")
+	if err != nil {
+		return nil, err
+	}
+	if !smtpConfigWriteModel.State.Exists() {
+		return nil, zerrors.ThrowNotFound(nil, "COMMAND-k39PJ", "Errors.SMTPConfig.NotFound")
+	}
+	if smtpConfigWriteModel.State == domain.SMTPConfigStateInactive {
+		return nil, zerrors.ThrowNotFound(nil, "COMMAND-km8g3", "Errors.SMTPConfig.AlreadyDeactivated")
+	}
+
+	iamAgg := InstanceAggregateFromWriteModel(&smtpConfigWriteModel.WriteModel)
+	pushedEvents, err := c.eventstore.Push(ctx, instance.NewSMTPConfigDeactivatedEvent(
+		ctx,
+		iamAgg,
+		id))
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(smtpConfigWriteModel, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+	return writeModelToObjectDetails(&smtpConfigWriteModel.WriteModel), nil
+}
+
+func (c *Commands) RemoveSMTPConfig(ctx context.Context, instanceID, id string) (*domain.ObjectDetails, error) {
+	if id == "" {
+		return nil, zerrors.ThrowInvalidArgument(nil, "SMTP-7f5cv", "Errors.IDMissing")
+	}
+
+	smtpConfigWriteModel, err := c.getSMTPConfig(ctx, instanceID, id, "")
+	if err != nil {
+		return nil, err
+	}
+	if !smtpConfigWriteModel.State.Exists() {
+		return nil, zerrors.ThrowNotFound(nil, "COMMAND-kg8rt", "Errors.SMTPConfig.NotFound")
+	}
+
+	iamAgg := InstanceAggregateFromWriteModel(&smtpConfigWriteModel.WriteModel)
+	pushedEvents, err := c.eventstore.Push(ctx, instance.NewSMTPConfigRemovedEvent(
+		ctx,
+		iamAgg,
+		id))
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(smtpConfigWriteModel, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+	return writeModelToObjectDetails(&smtpConfigWriteModel.WriteModel), nil
+}
+
+func checkSenderAddress(writeModel *IAMSMTPConfigWriteModel) error {
+	if !writeModel.smtpSenderAddressMatchesInstanceDomain {
+		return nil
+	}
+	if !writeModel.domainState.Exists() {
+		return zerrors.ThrowInvalidArgument(nil, "INST-83nl8", "Errors.SMTPConfig.SenderAdressNotCustomDomain")
+	}
+	return nil
+}
+
+func (c *Commands) getSMTPConfig(ctx context.Context, instanceID, id, domain string) (writeModel *IAMSMTPConfigWriteModel, err error) {
+	writeModel = NewIAMSMTPConfigWriteModel(instanceID, id, domain)
+	err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
+	if err != nil {
+		return nil, err
+	}
+
+	return writeModel, nil
+}
+
+// TODO: SetUpInstance still uses this and would be removed as soon as deprecated PrepareCommands is removed
+func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, description, from, name, replyTo, hostAndPort, user string, password []byte, tls bool) preparation.Validation {
 	return func() (preparation.CreateCommands, error) {
 		if from = strings.TrimSpace(from); from == "" {
 			return nil, zerrors.ThrowInvalidArgument(nil, "INST-mruNY", "Errors.Invalid.Argument")
@@ -112,9 +319,14 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, reply
 			return nil, zerrors.ThrowInvalidArgument(nil, "INST-9JdRe", "Errors.Invalid.Argument")
 		}
 		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
+			id, err := c.idGenerator.Next()
+			if err != nil {
+				return nil, zerrors.ThrowInternal(nil, "INST-9JdRe", "Errors.Invalid.Argument")
+			}
+
 			fromSplitted := strings.Split(from, "@")
 			senderDomain := fromSplitted[len(fromSplitted)-1]
-			writeModel, err := getSMTPConfigWriteModel(ctx, filter, senderDomain)
+			writeModel, err := getSMTPConfigWriteModel(ctx, filter, id, senderDomain)
 			if err != nil {
 				return nil, err
 			}
@@ -136,6 +348,8 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, reply
 				instance.NewSMTPConfigAddedEvent(
 					ctx,
 					&a.Aggregate,
+					id,
+					description,
 					tls,
 					from,
 					name,
@@ -149,83 +363,8 @@ func (c *Commands) prepareAddSMTPConfig(a *instance.Aggregate, from, name, reply
 	}
 }

-func (c *Commands) prepareChangeSMTPConfig(a *instance.Aggregate, from, name, replyTo, hostAndPort, user string, tls bool) preparation.Validation {
-	return func() (preparation.CreateCommands, error) {
-		if from = strings.TrimSpace(from); from == "" {
-			return nil, zerrors.ThrowInvalidArgument(nil, "INST-ASv2d", "Errors.Invalid.Argument")
-		}
-
-		replyTo = strings.TrimSpace(replyTo)
-		hostAndPort = strings.TrimSpace(hostAndPort)
-		if _, _, err := net.SplitHostPort(hostAndPort); err != nil {
-			return nil, zerrors.ThrowInvalidArgument(nil, "INST-Kv875", "Errors.Invalid.Argument")
-		}
-		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
-			fromSplitted := strings.Split(from, "@")
-			senderDomain := fromSplitted[len(fromSplitted)-1]
-			writeModel, err := getSMTPConfigWriteModel(ctx, filter, senderDomain)
-			if err != nil {
-				return nil, err
-			}
-			if writeModel.State != domain.SMTPConfigStateActive {
-				return nil, zerrors.ThrowNotFound(nil, "INST-Svq1a", "Errors.SMTPConfig.NotFound")
-			}
-			err = checkSenderAddress(writeModel)
-			if err != nil {
-				return nil, err
-			}
-			changedEvent, hasChanged, err := writeModel.NewChangedEvent(
-				ctx,
-				&a.Aggregate,
-				tls,
-				from,
-				name,
-				replyTo,
-				hostAndPort,
-				user,
-			)
-			if err != nil {
-				return nil, err
-			}
-			if !hasChanged {
-				return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-m0o3f", "Errors.NoChangesFound")
-			}
-			return []eventstore.Command{
-				changedEvent,
-			}, nil
-		}, nil
-	}
-}
-
-func (c *Commands) prepareRemoveSMTPConfig(a *instance.Aggregate) preparation.Validation {
-	return func() (preparation.CreateCommands, error) {
-		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
-			writeModel, err := getSMTPConfigWriteModel(ctx, filter, "")
-			if err != nil {
-				return nil, err
-			}
-			if writeModel.State != domain.SMTPConfigStateActive {
-				return nil, zerrors.ThrowNotFound(nil, "INST-Sfefg", "Errors.SMTPConfig.NotFound")
-			}
-			return []eventstore.Command{
-				instance.NewSMTPConfigRemovedEvent(ctx, &a.Aggregate),
-			}, nil
-		}, nil
-	}
-}
-
-func checkSenderAddress(writeModel *InstanceSMTPConfigWriteModel) error {
-	if !writeModel.smtpSenderAddressMatchesInstanceDomain {
-		return nil
-	}
-	if !writeModel.domainState.Exists() {
-		return zerrors.ThrowInvalidArgument(nil, "INST-83nl8", "Errors.SMTPConfig.SenderAdressNotCustomDomain")
-	}
-	return nil
-}
-
-func getSMTPConfigWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer, domain string) (_ *InstanceSMTPConfigWriteModel, err error) {
-	writeModel := NewInstanceSMTPConfigWriteModel(authz.GetInstance(ctx).InstanceID(), domain)
+func getSMTPConfigWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer, id, domain string) (_ *IAMSMTPConfigWriteModel, err error) {
+	writeModel := NewIAMSMTPConfigWriteModel(authz.GetInstance(ctx).InstanceID(), id, domain)
 	events, err := filter(ctx, writeModel.Query())
 	if err != nil {
 		return nil, err
--- a/internal/command/smtp_test.go
+++ b/internal/command/smtp_test.go
@@ -11,6 +11,8 @@ import (
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/id"
+	id_mock "github.com/zitadel/zitadel/internal/id/mock"
 	"github.com/zitadel/zitadel/internal/notification/channels/smtp"
 	"github.com/zitadel/zitadel/internal/repository/instance"
 	"github.com/zitadel/zitadel/internal/zerrors"
@@ -18,12 +20,14 @@ import (

 func TestCommandSide_AddSMTPConfig(t *testing.T) {
 	type fields struct {
-		eventstore *eventstore.Eventstore
-		alg        crypto.EncryptionAlgorithm
+		eventstore  *eventstore.Eventstore
+		idGenerator id.Generator
+		alg         crypto.EncryptionAlgorithm
 	}
 	type args struct {
-		ctx  context.Context
-		smtp *smtp.Config
+		ctx        context.Context
+		instanceID string
+		smtp       *smtp.Config
 	}
 	type res struct {
 		want *domain.ObjectDetails
@@ -51,13 +55,13 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 						),
 					),
 				),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "configid"),
+				alg:         crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@domain.ch",
-					FromName: "name",
+					From: "from@domain.ch",
 					SMTP: smtp.SMTP{
 						Host:     "host:587",
 						User:     "user",
@@ -69,58 +73,6 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 				err: zerrors.IsErrorInvalidArgument,
 			},
 		},
-		{
-			name: "smtp config, error already exists",
-			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-					expectFilter(
-						eventFromEventPusher(
-							instance.NewDomainAddedEvent(context.Background(),
-								&instance.NewAggregate("INSTANCE").Aggregate,
-								"domain.ch",
-								false,
-							),
-						),
-						eventFromEventPusher(
-							instance.NewDomainPolicyAddedEvent(context.Background(),
-								&instance.NewAggregate("INSTANCE").Aggregate,
-								true, true, false,
-							),
-						),
-						eventFromEventPusher(
-							instance.NewSMTPConfigAddedEvent(context.Background(),
-								&instance.NewAggregate("INSTANCE").Aggregate,
-								true,
-								"from@domain.ch",
-								"name",
-								"",
-								"host:587",
-								"user",
-								&crypto.CryptoValue{},
-							),
-						),
-					),
-				),
-			},
-			args: args{
-				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
-				smtp: &smtp.Config{
-					Tls:            true,
-					From:           "from@domain.ch",
-					FromName:       "name",
-					ReplyToAddress: "",
-					SMTP: smtp.SMTP{
-						Host:     "host:587",
-						User:     "user",
-						Password: "password",
-					},
-				},
-			},
-			res: res{
-				err: zerrors.IsErrorAlreadyExists,
-			},
-		},
 		{
 			name: "add smtp config, ok",
 			fields: fields{
@@ -145,6 +97,8 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 						instance.NewSMTPConfigAddedEvent(
 							context.Background(),
 							&instance.NewAggregate("INSTANCE").Aggregate,
+							"configid",
+							"test",
 							true,
 							"from@domain.ch",
 							"name",
@@ -160,14 +114,16 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 						),
 					),
 				),
-				alg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "configid"),
+				alg:         crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@domain.ch",
-					FromName: "name",
+					Description: "test",
+					Tls:         true,
+					From:        "from@domain.ch",
+					FromName:    "name",
 					SMTP: smtp.SMTP{
 						Host:     "host:587",
 						User:     "user",
@@ -205,6 +161,8 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 						instance.NewSMTPConfigAddedEvent(
 							context.Background(),
 							&instance.NewAggregate("INSTANCE").Aggregate,
+							"configid",
+							"test",
 							true,
 							"from@domain.ch",
 							"name",
@@ -220,11 +178,13 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 						),
 					),
 				),
-				alg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "configid"),
+				alg:         crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
+					Description:    "test",
 					Tls:            true,
 					From:           "from@domain.ch",
 					FromName:       "name",
@@ -245,14 +205,17 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 		{
 			name: "smtp config, port is missing",
 			fields: fields{
-				eventstore: eventstoreExpect(t),
+				eventstore:  eventstoreExpect(t),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "configid"),
+				alg:         crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@domain.ch",
-					FromName: "name",
+					Description: "test",
+					Tls:         true,
+					From:        "from@domain.ch",
+					FromName:    "name",
 					SMTP: smtp.SMTP{
 						Host:     "host",
 						User:     "user",
@@ -267,14 +230,17 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 		{
 			name: "smtp config, host is empty",
 			fields: fields{
-				eventstore: eventstoreExpect(t),
+				eventstore:  eventstoreExpect(t),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "configid"),
+				alg:         crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@domain.ch",
-					FromName: "name",
+					Description: "test",
+					Tls:         true,
+					From:        "from@domain.ch",
+					FromName:    "name",
 					SMTP: smtp.SMTP{
 						Host:     "   ",
 						User:     "user",
@@ -310,6 +276,8 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 						instance.NewSMTPConfigAddedEvent(
 							context.Background(),
 							&instance.NewAggregate("INSTANCE").Aggregate,
+							"configid",
+							"test",
 							true,
 							"from@domain.ch",
 							"name",
@@ -325,14 +293,16 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 						),
 					),
 				),
-				alg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+				alg:         crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "configid"),
 			},
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@domain.ch",
-					FromName: "name",
+					Description: "test",
+					Tls:         true,
+					From:        "from@domain.ch",
+					FromName:    "name",
 					SMTP: smtp.SMTP{
 						Host:     "[2001:db8::1]:2525",
 						User:     "user",
@@ -351,9 +321,10 @@ func TestCommandSide_AddSMTPConfig(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			r := &Commands{
 				eventstore:     tt.fields.eventstore,
+				idGenerator:    tt.fields.idGenerator,
 				smtpEncryption: tt.fields.alg,
 			}
-			got, err := r.AddSMTPConfig(tt.args.ctx, tt.args.smtp)
+			_, got, err := r.AddSMTPConfig(tt.args.ctx, tt.args.instanceID, tt.args.smtp)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -372,8 +343,10 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 		eventstore *eventstore.Eventstore
 	}
 	type args struct {
-		ctx  context.Context
-		smtp *smtp.Config
+		ctx        context.Context
+		instanceID string
+		id         string
+		smtp       *smtp.Config
 	}
 	type res struct {
 		want *domain.ObjectDetails
@@ -385,6 +358,21 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 		args   args
 		res    res
 	}{
+		{
+			name: "id empty, precondition error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+				),
+			},
+			args: args{
+				ctx:  authz.WithInstanceID(context.Background(), "INSTANCE"),
+				smtp: &smtp.Config{},
+			},
+			res: res{
+				err: zerrors.IsErrorInvalidArgument,
+			},
+		},
 		{
 			name: "empty config, invalid argument error",
 			fields: fields{
@@ -395,6 +383,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 			args: args{
 				ctx:  authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{},
+				id:   "configID",
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -411,14 +400,17 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@domain.ch",
-					FromName: "name",
+					Description: "test",
+					Tls:         true,
+					From:        "from@domain.ch",
+					FromName:    "name",
 					SMTP: smtp.SMTP{
 						Host: "host:587",
 						User: "user",
 					},
 				},
+				instanceID: "INSTANCE",
+				id:         "ID",
 			},
 			res: res{
 				err: zerrors.IsNotFound,
@@ -447,6 +439,8 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 							instance.NewSMTPConfigAddedEvent(
 								context.Background(),
 								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+								"test",
 								true,
 								"from@domain.ch",
 								"name",
@@ -460,11 +454,14 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 				),
 			},
 			args: args{
-				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
+				ctx:        authz.WithInstanceID(context.Background(), "INSTANCE"),
+				instanceID: "INSTANCE",
+				id:         "ID",
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@wrongdomain.ch",
-					FromName: "name",
+					Description: "test",
+					Tls:         true,
+					From:        "from@wrongdomain.ch",
+					FromName:    "name",
 					SMTP: smtp.SMTP{
 						Host: "host:587",
 						User: "user",
@@ -498,6 +495,8 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 							instance.NewSMTPConfigAddedEvent(
 								context.Background(),
 								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+								"test",
 								true,
 								"from@domain.ch",
 								"name",
@@ -513,14 +512,17 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@domain.ch",
-					FromName: "name",
+					Description: "test",
+					Tls:         true,
+					From:        "from@domain.ch",
+					FromName:    "name",
 					SMTP: smtp.SMTP{
 						Host: "host:587",
 						User: "user",
 					},
 				},
+				instanceID: "INSTANCE",
+				id:         "ID",
 			},
 			res: res{
 				err: zerrors.IsPreconditionFailed,
@@ -549,6 +551,8 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 							instance.NewSMTPConfigAddedEvent(
 								context.Background(),
 								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+								"",
 								true,
 								"from@domain.ch",
 								"name",
@@ -562,6 +566,8 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 					expectPush(
 						newSMTPConfigChangedEvent(
 							context.Background(),
+							"ID",
+							"test",
 							false,
 							"from2@domain.ch",
 							"name2",
@@ -575,6 +581,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
+					Description:    "test",
 					Tls:            false,
 					From:           "from2@domain.ch",
 					FromName:       "name2",
@@ -584,6 +591,8 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 						User: "user2",
 					},
 				},
+				id:         "ID",
+				instanceID: "INSTANCE",
 			},
 			res: res{
 				want: &domain.ObjectDetails{
@@ -599,15 +608,18 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@domain.ch",
-					FromName: "name",
+					Description: "test",
+					Tls:         true,
+					From:        "from@domain.ch",
+					FromName:    "name",
 					SMTP: smtp.SMTP{
 						Host:     "host",
 						User:     "user",
 						Password: "password",
 					},
 				},
+				instanceID: "INSTANCE",
+				id:         "ID",
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -621,15 +633,18 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
-					Tls:      true,
-					From:     "from@domain.ch",
-					FromName: "name",
+					Description: "test",
+					Tls:         true,
+					From:        "from@domain.ch",
+					FromName:    "name",
 					SMTP: smtp.SMTP{
 						Host:     "   ",
 						User:     "user",
 						Password: "password",
 					},
 				},
+				instanceID: "INSTANCE",
+				id:         "ID",
 			},
 			res: res{
 				err: zerrors.IsErrorInvalidArgument,
@@ -658,6 +673,8 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 							instance.NewSMTPConfigAddedEvent(
 								context.Background(),
 								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+								"",
 								true,
 								"from@domain.ch",
 								"name",
@@ -671,6 +688,8 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 					expectPush(
 						newSMTPConfigChangedEvent(
 							context.Background(),
+							"ID",
+							"test",
 							false,
 							"from2@domain.ch",
 							"name2",
@@ -684,6 +703,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 			args: args{
 				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
 				smtp: &smtp.Config{
+					Description:    "test",
 					Tls:            false,
 					From:           "from2@domain.ch",
 					FromName:       "name2",
@@ -693,6 +713,8 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 						User: "user2",
 					},
 				},
+				instanceID: "INSTANCE",
+				id:         "ID",
 			},
 			res: res{
 				want: &domain.ObjectDetails{
@@ -706,7 +728,7 @@ func TestCommandSide_ChangeSMTPConfig(t *testing.T) {
 			r := &Commands{
 				eventstore: tt.fields.eventstore,
 			}
-			got, err := r.ChangeSMTPConfig(tt.args.ctx, tt.args.smtp)
+			got, err := r.ChangeSMTPConfig(tt.args.ctx, tt.args.instanceID, tt.args.id, tt.args.smtp)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -726,8 +748,10 @@ func TestCommandSide_ChangeSMTPConfigPassword(t *testing.T) {
 		alg        crypto.EncryptionAlgorithm
 	}
 	type args struct {
-		ctx      context.Context
-		password string
+		ctx        context.Context
+		instanceID string
+		id         string
+		password   string
 	}
 	type res struct {
 		want *domain.ObjectDetails
@@ -750,6 +774,7 @@ func TestCommandSide_ChangeSMTPConfigPassword(t *testing.T) {
 			args: args{
 				ctx:      context.Background(),
 				password: "",
+				id:       "ID",
 			},
 			res: res{
 				err: zerrors.IsNotFound,
@@ -765,6 +790,8 @@ func TestCommandSide_ChangeSMTPConfigPassword(t *testing.T) {
 							instance.NewSMTPConfigAddedEvent(
 								context.Background(),
 								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+								"test",
 								true,
 								"from",
 								"name",
@@ -774,11 +801,19 @@ func TestCommandSide_ChangeSMTPConfigPassword(t *testing.T) {
 								&crypto.CryptoValue{},
 							),
 						),
+						eventFromEventPusher(
+							instance.NewSMTPConfigActivatedEvent(
+								context.Background(),
+								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+							),
+						),
 					),
 					expectPush(
 						instance.NewSMTPConfigPasswordChangedEvent(
 							context.Background(),
 							&instance.NewAggregate("INSTANCE").Aggregate,
+							"ID",
 							&crypto.CryptoValue{
 								CryptoType: crypto.TypeEncryption,
 								Algorithm:  "enc",
@@ -791,8 +826,10 @@ func TestCommandSide_ChangeSMTPConfigPassword(t *testing.T) {
 				alg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
-				ctx:      authz.WithInstanceID(context.Background(), "INSTANCE"),
-				password: "password",
+				ctx:        authz.WithInstanceID(context.Background(), "INSTANCE"),
+				password:   "password",
+				id:         "ID",
+				instanceID: "INSTANCE",
 			},
 			res: res{
 				want: &domain.ObjectDetails{
@@ -807,7 +844,246 @@ func TestCommandSide_ChangeSMTPConfigPassword(t *testing.T) {
 				eventstore:     tt.fields.eventstore,
 				smtpEncryption: tt.fields.alg,
 			}
-			got, err := r.ChangeSMTPConfigPassword(tt.args.ctx, tt.args.password)
+			got, err := r.ChangeSMTPConfigPassword(tt.args.ctx, tt.args.instanceID, tt.args.id, tt.args.password)
+			if tt.res.err == nil {
+				assert.NoError(t, err)
+			}
+			if tt.res.err != nil && !tt.res.err(err) {
+				t.Errorf("got wrong err: %v ", err)
+			}
+			if tt.res.err == nil {
+				assert.Equal(t, tt.res.want, got)
+			}
+		})
+	}
+}
+
+func TestCommandSide_ActivateSMTPConfig(t *testing.T) {
+	type fields struct {
+		eventstore *eventstore.Eventstore
+		alg        crypto.EncryptionAlgorithm
+	}
+	type args struct {
+		ctx         context.Context
+		instanceID  string
+		id          string
+		activatedId string
+	}
+	type res struct {
+		want *domain.ObjectDetails
+		err  func(error) bool
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		res    res
+	}{
+		{
+			name: "id empty, precondition error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+				),
+			},
+			args: args{
+				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
+			},
+			res: res{
+				err: zerrors.IsErrorInvalidArgument,
+			},
+		},
+		{
+			name: "smtp not existing, not found error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(),
+				),
+			},
+			args: args{
+				ctx:        context.Background(),
+				instanceID: "INSTANCE",
+				id:         "id",
+			},
+			res: res{
+				err: zerrors.IsNotFound,
+			},
+		},
+		{
+			name: "activate smtp config, ok",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(
+						eventFromEventPusher(
+							instance.NewSMTPConfigAddedEvent(
+								context.Background(),
+								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+								"test",
+								true,
+								"from",
+								"name",
+								"",
+								"host:587",
+								"user",
+								&crypto.CryptoValue{},
+							),
+						),
+					),
+					expectPush(
+						instance.NewSMTPConfigActivatedEvent(
+							context.Background(),
+							&instance.NewAggregate("INSTANCE").Aggregate,
+							"ID",
+						),
+					),
+				),
+			},
+			args: args{
+				ctx:         authz.WithInstanceID(context.Background(), "INSTANCE"),
+				id:          "ID",
+				instanceID:  "INSTANCE",
+				activatedId: "",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "INSTANCE",
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := &Commands{
+				eventstore:     tt.fields.eventstore,
+				smtpEncryption: tt.fields.alg,
+			}
+			got, err := r.ActivateSMTPConfig(tt.args.ctx, tt.args.instanceID, tt.args.id, tt.args.activatedId)
+			if tt.res.err == nil {
+				assert.NoError(t, err)
+			}
+			if tt.res.err != nil && !tt.res.err(err) {
+				t.Errorf("got wrong err: %v ", err)
+			}
+			if tt.res.err == nil {
+				assert.Equal(t, tt.res.want, got)
+			}
+		})
+	}
+}
+
+func TestCommandSide_DeactivateSMTPConfig(t *testing.T) {
+	type fields struct {
+		eventstore *eventstore.Eventstore
+		alg        crypto.EncryptionAlgorithm
+	}
+	type args struct {
+		ctx         context.Context
+		instanceID  string
+		id          string
+		activatedId string
+	}
+	type res struct {
+		want *domain.ObjectDetails
+		err  func(error) bool
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		res    res
+	}{
+		{
+			name: "id empty, precondition error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+				),
+			},
+			args: args{
+				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
+			},
+			res: res{
+				err: zerrors.IsErrorInvalidArgument,
+			},
+		},
+		{
+			name: "smtp not existing, not found error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(),
+				),
+			},
+			args: args{
+				ctx:        context.Background(),
+				instanceID: "INSTANCE",
+				id:         "id",
+			},
+			res: res{
+				err: zerrors.IsNotFound,
+			},
+		},
+		{
+			name: "deactivate smtp config, ok",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(
+						eventFromEventPusher(
+							instance.NewSMTPConfigAddedEvent(
+								context.Background(),
+								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+								"test",
+								true,
+								"from",
+								"name",
+								"",
+								"host:587",
+								"user",
+								&crypto.CryptoValue{},
+							),
+						),
+						eventFromEventPusher(
+							instance.NewSMTPConfigActivatedEvent(
+								context.Background(),
+								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+							),
+						),
+					),
+					expectPush(
+						instance.NewSMTPConfigDeactivatedEvent(
+							context.Background(),
+							&instance.NewAggregate("INSTANCE").Aggregate,
+							"ID",
+						),
+					),
+				),
+			},
+			args: args{
+				ctx:         authz.WithInstanceID(context.Background(), "INSTANCE"),
+				id:          "ID",
+				instanceID:  "INSTANCE",
+				activatedId: "",
+			},
+			res: res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "INSTANCE",
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := &Commands{
+				eventstore:     tt.fields.eventstore,
+				smtpEncryption: tt.fields.alg,
+			}
+			got, err := r.DeactivateSMTPConfig(tt.args.ctx, tt.args.instanceID, tt.args.id)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -827,7 +1103,9 @@ func TestCommandSide_RemoveSMTPConfig(t *testing.T) {
 		alg        crypto.EncryptionAlgorithm
 	}
 	type args struct {
-		ctx context.Context
+		ctx        context.Context
+		instanceID string
+		id         string
 	}
 	type res struct {
 		want *domain.ObjectDetails
@@ -849,6 +1127,7 @@ func TestCommandSide_RemoveSMTPConfig(t *testing.T) {
 			},
 			args: args{
 				ctx: context.Background(),
+				id:  "ID",
 			},
 			res: res{
 				err: zerrors.IsNotFound,
@@ -864,6 +1143,8 @@ func TestCommandSide_RemoveSMTPConfig(t *testing.T) {
 							instance.NewSMTPConfigAddedEvent(
 								context.Background(),
 								&instance.NewAggregate("INSTANCE").Aggregate,
+								"ID",
+								"test",
 								true,
 								"from",
 								"name",
@@ -878,12 +1159,15 @@ func TestCommandSide_RemoveSMTPConfig(t *testing.T) {
 						instance.NewSMTPConfigRemovedEvent(
 							context.Background(),
 							&instance.NewAggregate("INSTANCE").Aggregate,
+							"ID",
 						),
 					),
 				),
 			},
 			args: args{
-				ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
+				ctx:        authz.WithInstanceID(context.Background(), "INSTANCE"),
+				id:         "ID",
+				instanceID: "INSTANCE",
 			},
 			res: res{
 				want: &domain.ObjectDetails{
@@ -898,7 +1182,7 @@ func TestCommandSide_RemoveSMTPConfig(t *testing.T) {
 				eventstore:     tt.fields.eventstore,
 				smtpEncryption: tt.fields.alg,
 			}
-			got, err := r.RemoveSMTPConfig(tt.args.ctx)
+			got, err := r.RemoveSMTPConfig(tt.args.ctx, tt.args.instanceID, tt.args.id)
 			if tt.res.err == nil {
 				assert.NoError(t, err)
 			}
@@ -912,8 +1196,9 @@ func TestCommandSide_RemoveSMTPConfig(t *testing.T) {
 	}
 }

-func newSMTPConfigChangedEvent(ctx context.Context, tls bool, fromAddress, fromName, replyTo, host, user string) *instance.SMTPConfigChangedEvent {
+func newSMTPConfigChangedEvent(ctx context.Context, id, description string, tls bool, fromAddress, fromName, replyTo, host, user string) *instance.SMTPConfigChangedEvent {
 	changes := []instance.SMTPConfigChanges{
+		instance.ChangeSMTPConfigDescription(description),
 		instance.ChangeSMTPConfigTLS(tls),
 		instance.ChangeSMTPConfigFromAddress(fromAddress),
 		instance.ChangeSMTPConfigFromName(fromName),
@@ -923,6 +1208,7 @@ func newSMTPConfigChangedEvent(ctx context.Context, tls bool, fromAddress, fromN
 	}
 	event, _ := instance.NewSMTPConfigChangeEvent(ctx,
 		&instance.NewAggregate("INSTANCE").Aggregate,
+		id,
 		changes,
 	)
 	return event
--- a/internal/domain/smtp.go
+++ b/internal/domain/smtp.go
@@ -6,4 +6,9 @@ const (
 	SMTPConfigStateUnspecified SMTPConfigState = iota
 	SMTPConfigStateActive
 	SMTPConfigStateRemoved
+	SMTPConfigStateInactive
 )
+
+func (s SMTPConfigState) Exists() bool {
+	return s != SMTPConfigStateUnspecified && s != SMTPConfigStateRemoved
+}
--- a/internal/notification/channels/smtp/channel.go
+++ b/internal/notification/channels/smtp/channel.go
@@ -91,9 +91,9 @@ func (smtpConfig SMTP) connectToSMTP(tlsRequired bool) (client *smtp.Client, err
 	}

 	if !tlsRequired {
-		client, err = smtpConfig.getSMPTClient()
+		client, err = smtpConfig.getSMTPClient()
 	} else {
-		client, err = smtpConfig.getSMPTClientWithTls(host)
+		client, err = smtpConfig.getSMTPClientWithTls(host)
 	}
 	if err != nil {
 		return nil, err
@@ -106,7 +106,7 @@ func (smtpConfig SMTP) connectToSMTP(tlsRequired bool) (client *smtp.Client, err
 	return client, nil
 }

-func (smtpConfig SMTP) getSMPTClient() (*smtp.Client, error) {
+func (smtpConfig SMTP) getSMTPClient() (*smtp.Client, error) {
 	client, err := smtp.Dial(smtpConfig.Host)
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "EMAIL-skwos", "could not make smtp dial")
@@ -114,12 +114,12 @@ func (smtpConfig SMTP) getSMPTClient() (*smtp.Client, error) {
 	return client, nil
 }

-func (smtpConfig SMTP) getSMPTClientWithTls(host string) (*smtp.Client, error) {
+func (smtpConfig SMTP) getSMTPClientWithTls(host string) (*smtp.Client, error) {
 	conn, err := tls.Dial("tcp", smtpConfig.Host, &tls.Config{})

 	if errors.As(err, &tls.RecordHeaderError{}) {
 		logging.Log("MAIN-xKIzT").OnError(err).Warn("could not connect using normal tls. trying starttls instead...")
-		return smtpConfig.getSMPTClientWithStartTls(host)
+		return smtpConfig.getSMTPClientWithStartTls(host)
 	}

 	if err != nil {
@@ -133,8 +133,8 @@ func (smtpConfig SMTP) getSMPTClientWithTls(host string) (*smtp.Client, error) {
 	return client, err
 }

-func (smtpConfig SMTP) getSMPTClientWithStartTls(host string) (*smtp.Client, error) {
-	client, err := smtpConfig.getSMPTClient()
+func (smtpConfig SMTP) getSMTPClientWithStartTls(host string) (*smtp.Client, error) {
+	client, err := smtpConfig.getSMTPClient()
 	if err != nil {
 		return nil, err
 	}
--- a/internal/notification/channels/smtp/config.go
+++ b/internal/notification/channels/smtp/config.go
@@ -1,6 +1,7 @@
 package smtp

 type Config struct {
+	Description    string
 	SMTP           SMTP
 	Tls            bool
 	From           string
--- a/internal/notification/handlers/config_smtp.go
+++ b/internal/notification/handlers/config_smtp.go
@@ -10,7 +10,7 @@ import (

 // GetSMTPConfig reads the iam SMTP provider config
 func (n *NotificationQueries) GetSMTPConfig(ctx context.Context) (*smtp.Config, error) {
-	config, err := n.SMTPConfigByAggregateID(ctx, authz.GetInstance(ctx).InstanceID())
+	config, err := n.SMTPConfigActive(ctx, authz.GetInstance(ctx).InstanceID())
 	if err != nil {
 		return nil, err
 	}
@@ -19,6 +19,7 @@ func (n *NotificationQueries) GetSMTPConfig(ctx context.Context) (*smtp.Config,
 		return nil, err
 	}
 	return &smtp.Config{
+		Description:    config.Description,
 		From:           config.SenderAddress,
 		FromName:       config.SenderName,
 		ReplyToAddress: config.ReplyToAddress,
--- a/internal/notification/handlers/mock/queries.mock.go
+++ b/internal/notification/handlers/mock/queries.mock.go
@@ -181,19 +181,19 @@ func (mr *MockQueriesMockRecorder) SMSProviderConfig(arg0 any, arg1 ...any) *gom
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SMSProviderConfig", reflect.TypeOf((*MockQueries)(nil).SMSProviderConfig), varargs...)
 }

-// SMTPConfigByAggregateID mocks base method.
-func (m *MockQueries) SMTPConfigByAggregateID(arg0 context.Context, arg1 string) (*query.SMTPConfig, error) {
+// SMTPConfigActive mocks base method.
+func (m *MockQueries) SMTPConfigActive(arg0 context.Context, arg1 string) (*query.SMTPConfig, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SMTPConfigByAggregateID", arg0, arg1)
+	ret := m.ctrl.Call(m, "SMTPConfigActive", arg0, arg1)
 	ret0, _ := ret[0].(*query.SMTPConfig)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// SMTPConfigByAggregateID indicates an expected call of SMTPConfigByAggregateID.
-func (mr *MockQueriesMockRecorder) SMTPConfigByAggregateID(arg0, arg1 any) *gomock.Call {
+// SMTPConfigActive indicates an expected call of SMTPConfigActive.
+func (mr *MockQueriesMockRecorder) SMTPConfigActive(arg0, arg1 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SMTPConfigByAggregateID", reflect.TypeOf((*MockQueries)(nil).SMTPConfigByAggregateID), arg0, arg1)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SMTPConfigActive", reflect.TypeOf((*MockQueries)(nil).SMTPConfigActive), arg0, arg1)
 }

 // SearchInstanceDomains mocks base method.
--- a/internal/notification/handlers/queries.go
+++ b/internal/notification/handlers/queries.go
@@ -22,7 +22,7 @@ type Queries interface {
 	SearchMilestones(ctx context.Context, instanceIDs []string, queries *query.MilestonesSearchQueries) (*query.Milestones, error)
 	NotificationProviderByIDAndType(ctx context.Context, aggID string, providerType domain.NotificationProviderType) (*query.DebugNotificationProvider, error)
 	SMSProviderConfig(ctx context.Context, queries ...query.SearchQuery) (*query.SMSConfig, error)
-	SMTPConfigByAggregateID(ctx context.Context, aggregateID string) (*query.SMTPConfig, error)
+	SMTPConfigActive(ctx context.Context, resourceOwner string) (*query.SMTPConfig, error)
 	GetDefaultLanguage(ctx context.Context) language.Tag
 	GetInstanceRestrictions(ctx context.Context) (restrictions query.Restrictions, err error)
 }
--- a/internal/query/projection/smtp.go
+++ b/internal/query/projection/smtp.go
@@ -3,6 +3,7 @@ package projection
 import (
 	"context"

+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	old_handler "github.com/zitadel/zitadel/internal/eventstore/handler"
 	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
@@ -11,14 +12,13 @@ import (
 )

 const (
-	SMTPConfigProjectionTable = "projections.smtp_configs1"
-
-	SMTPConfigColumnAggregateID    = "aggregate_id"
+	SMTPConfigProjectionTable      = "projections.smtp_configs2"
+	SMTPConfigColumnInstanceID     = "instance_id"
+	SMTPConfigColumnResourceOwner  = "resource_owner"
+	SMTPConfigColumnID             = "id"
 	SMTPConfigColumnCreationDate   = "creation_date"
 	SMTPConfigColumnChangeDate     = "change_date"
 	SMTPConfigColumnSequence       = "sequence"
-	SMTPConfigColumnResourceOwner  = "resource_owner"
-	SMTPConfigColumnInstanceID     = "instance_id"
 	SMTPConfigColumnTLS            = "tls"
 	SMTPConfigColumnSenderAddress  = "sender_address"
 	SMTPConfigColumnSenderName     = "sender_name"
@@ -26,6 +26,8 @@ const (
 	SMTPConfigColumnSMTPHost       = "host"
 	SMTPConfigColumnSMTPUser       = "username"
 	SMTPConfigColumnSMTPPassword   = "password"
+	SMTPConfigColumnState          = "state"
+	SMTPConfigColumnDescription    = "description"
 )

 type smtpConfigProjection struct{}
@@ -41,7 +43,7 @@ func (*smtpConfigProjection) Name() string {
 func (*smtpConfigProjection) Init() *old_handler.Check {
 	return handler.NewTableCheck(
 		handler.NewTable([]*handler.InitColumn{
-			handler.NewColumn(SMTPConfigColumnAggregateID, handler.ColumnTypeText),
+			handler.NewColumn(SMTPConfigColumnID, handler.ColumnTypeText),
 			handler.NewColumn(SMTPConfigColumnCreationDate, handler.ColumnTypeTimestamp),
 			handler.NewColumn(SMTPConfigColumnChangeDate, handler.ColumnTypeTimestamp),
 			handler.NewColumn(SMTPConfigColumnSequence, handler.ColumnTypeInt64),
@@ -54,8 +56,10 @@ func (*smtpConfigProjection) Init() *old_handler.Check {
 			handler.NewColumn(SMTPConfigColumnSMTPHost, handler.ColumnTypeText),
 			handler.NewColumn(SMTPConfigColumnSMTPUser, handler.ColumnTypeText),
 			handler.NewColumn(SMTPConfigColumnSMTPPassword, handler.ColumnTypeJSONB, handler.Nullable()),
+			handler.NewColumn(SMTPConfigColumnState, handler.ColumnTypeEnum),
+			handler.NewColumn(SMTPConfigColumnDescription, handler.ColumnTypeText),
 		},
-			handler.NewPrimaryKey(SMTPConfigColumnInstanceID, SMTPConfigColumnAggregateID),
+			handler.NewPrimaryKey(SMTPConfigColumnInstanceID, SMTPConfigColumnResourceOwner, SMTPConfigColumnID),
 		),
 	)
 }
@@ -77,6 +81,14 @@ func (p *smtpConfigProjection) Reducers() []handler.AggregateReducer {
 					Event:  instance.SMTPConfigPasswordChangedEventType,
 					Reduce: p.reduceSMTPConfigPasswordChanged,
 				},
+				{
+					Event:  instance.SMTPConfigActivatedEventType,
+					Reduce: p.reduceSMTPConfigActivated,
+				},
+				{
+					Event:  instance.SMTPConfigDeactivatedEventType,
+					Reduce: p.reduceSMTPConfigDeactivated,
+				},
 				{
 					Event:  instance.SMTPConfigRemovedEventType,
 					Reduce: p.reduceSMTPConfigRemoved,
@@ -95,15 +107,26 @@ func (p *smtpConfigProjection) reduceSMTPConfigAdded(event eventstore.Event) (*h
 	if !ok {
 		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-sk99F", "reduce.wrong.event.type %s", instance.SMTPConfigAddedEventType)
 	}
+
+	// Deal with old and unique SMTP settings (empty ID)
+	id := e.ID
+	description := e.Description
+	state := domain.SMTPConfigStateInactive
+	if e.ID == "" {
+		id = e.Aggregate().ResourceOwner
+		description = "generic"
+		state = domain.SMTPConfigStateActive
+	}
+
 	return handler.NewCreateStatement(
 		e,
 		[]handler.Column{
-			handler.NewCol(SMTPConfigColumnAggregateID, e.Aggregate().ID),
 			handler.NewCol(SMTPConfigColumnCreationDate, e.CreationDate()),
 			handler.NewCol(SMTPConfigColumnChangeDate, e.CreationDate()),
 			handler.NewCol(SMTPConfigColumnResourceOwner, e.Aggregate().ResourceOwner),
 			handler.NewCol(SMTPConfigColumnInstanceID, e.Aggregate().InstanceID),
 			handler.NewCol(SMTPConfigColumnSequence, e.Sequence()),
+			handler.NewCol(SMTPConfigColumnID, id),
 			handler.NewCol(SMTPConfigColumnTLS, e.TLS),
 			handler.NewCol(SMTPConfigColumnSenderAddress, e.SenderAddress),
 			handler.NewCol(SMTPConfigColumnSenderName, e.SenderName),
@@ -111,6 +134,8 @@ func (p *smtpConfigProjection) reduceSMTPConfigAdded(event eventstore.Event) (*h
 			handler.NewCol(SMTPConfigColumnSMTPHost, e.Host),
 			handler.NewCol(SMTPConfigColumnSMTPUser, e.User),
 			handler.NewCol(SMTPConfigColumnSMTPPassword, e.Password),
+			handler.NewCol(SMTPConfigColumnState, state),
+			handler.NewCol(SMTPConfigColumnDescription, description),
 		},
 	), nil
 }
@@ -124,6 +149,13 @@ func (p *smtpConfigProjection) reduceSMTPConfigChanged(event eventstore.Event) (
 	columns := make([]handler.Column, 0, 8)
 	columns = append(columns, handler.NewCol(SMTPConfigColumnChangeDate, e.CreationDate()),
 		handler.NewCol(SMTPConfigColumnSequence, e.Sequence()))
+
+	// Deal with old and unique SMTP settings (empty ID)
+	id := e.ID
+	if e.ID == "" {
+		id = e.Aggregate().ResourceOwner
+	}
+
 	if e.TLS != nil {
 		columns = append(columns, handler.NewCol(SMTPConfigColumnTLS, *e.TLS))
 	}
@@ -142,11 +174,18 @@ func (p *smtpConfigProjection) reduceSMTPConfigChanged(event eventstore.Event) (
 	if e.User != nil {
 		columns = append(columns, handler.NewCol(SMTPConfigColumnSMTPUser, *e.User))
 	}
+	if e.Password != nil {
+		columns = append(columns, handler.NewCol(SMTPConfigColumnSMTPPassword, *e.Password))
+	}
+	if e.Description != nil {
+		columns = append(columns, handler.NewCol(SMTPConfigColumnDescription, *e.Description))
+	}
 	return handler.NewUpdateStatement(
 		e,
 		columns,
 		[]handler.Condition{
-			handler.NewCond(SMTPConfigColumnAggregateID, e.Aggregate().ID),
+			handler.NewCond(SMTPConfigColumnID, id),
+			handler.NewCond(SMTPConfigColumnResourceOwner, e.Aggregate().ResourceOwner),
 			handler.NewCond(SMTPConfigColumnInstanceID, e.Aggregate().InstanceID),
 		},
 	), nil
@@ -158,6 +197,12 @@ func (p *smtpConfigProjection) reduceSMTPConfigPasswordChanged(event eventstore.
 		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-fk02f", "reduce.wrong.event.type %s", instance.SMTPConfigChangedEventType)
 	}

+	// Deal with old and unique SMTP settings (empty ID)
+	id := e.ID
+	if e.ID == "" {
+		id = e.Aggregate().ResourceOwner
+	}
+
 	return handler.NewUpdateStatement(
 		e,
 		[]handler.Column{
@@ -166,7 +211,62 @@ func (p *smtpConfigProjection) reduceSMTPConfigPasswordChanged(event eventstore.
 			handler.NewCol(SMTPConfigColumnSMTPPassword, e.Password),
 		},
 		[]handler.Condition{
-			handler.NewCond(SMTPConfigColumnAggregateID, e.Aggregate().ID),
+			handler.NewCond(SMTPConfigColumnID, id),
+			handler.NewCond(SMTPConfigColumnResourceOwner, e.Aggregate().ResourceOwner),
+			handler.NewCond(SMTPConfigColumnInstanceID, e.Aggregate().InstanceID),
+		},
+	), nil
+}
+
+func (p *smtpConfigProjection) reduceSMTPConfigActivated(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*instance.SMTPConfigActivatedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-fq92r", "reduce.wrong.event.type %s", instance.SMTPConfigActivatedEventType)
+	}
+
+	// Deal with old and unique SMTP settings (empty ID)
+	id := e.ID
+	if e.ID == "" {
+		id = e.Aggregate().ResourceOwner
+	}
+
+	return handler.NewUpdateStatement(
+		e,
+		[]handler.Column{
+			handler.NewCol(SMTPConfigColumnChangeDate, e.CreationDate()),
+			handler.NewCol(SMTPConfigColumnSequence, e.Sequence()),
+			handler.NewCol(SMTPConfigColumnState, domain.SMTPConfigStateActive),
+		},
+		[]handler.Condition{
+			handler.NewCond(SMTPConfigColumnID, id),
+			handler.NewCond(SMTPConfigColumnResourceOwner, e.Aggregate().ResourceOwner),
+			handler.NewCond(SMTPConfigColumnInstanceID, e.Aggregate().InstanceID),
+		},
+	), nil
+}
+
+func (p *smtpConfigProjection) reduceSMTPConfigDeactivated(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*instance.SMTPConfigDeactivatedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-hv89j", "reduce.wrong.event.type %s", instance.SMTPConfigDeactivatedEventType)
+	}
+
+	// Deal with old and unique SMTP settings (empty ID)
+	id := e.ID
+	if e.ID == "" {
+		id = e.Aggregate().ResourceOwner
+	}
+
+	return handler.NewUpdateStatement(
+		e,
+		[]handler.Column{
+			handler.NewCol(SMTPConfigColumnChangeDate, e.CreationDate()),
+			handler.NewCol(SMTPConfigColumnSequence, e.Sequence()),
+			handler.NewCol(SMTPConfigColumnState, domain.SMTPConfigStateInactive),
+		},
+		[]handler.Condition{
+			handler.NewCond(SMTPConfigColumnID, id),
+			handler.NewCond(SMTPConfigColumnResourceOwner, e.Aggregate().ResourceOwner),
 			handler.NewCond(SMTPConfigColumnInstanceID, e.Aggregate().InstanceID),
 		},
 	), nil
@@ -177,10 +277,18 @@ func (p *smtpConfigProjection) reduceSMTPConfigRemoved(event eventstore.Event) (
 	if err != nil {
 		return nil, err
 	}
+
+	// Deal with old and unique SMTP settings (empty ID)
+	id := e.ID
+	if e.ID == "" {
+		id = e.Aggregate().ResourceOwner
+	}
+
 	return handler.NewDeleteStatement(
 		e,
 		[]handler.Condition{
-			handler.NewCond(SMTPConfigColumnAggregateID, e.Aggregate().ID),
+			handler.NewCond(SMTPConfigColumnID, id),
+			handler.NewCond(SMTPConfigColumnResourceOwner, e.Aggregate().ResourceOwner),
 			handler.NewCond(SMTPConfigColumnInstanceID, e.Aggregate().InstanceID),
 		},
 	), nil
--- a/internal/query/projection/smtp_test.go
+++ b/internal/query/projection/smtp_test.go
@@ -3,6 +3,7 @@ package projection
 import (
 	"testing"

+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
 	"github.com/zitadel/zitadel/internal/repository/instance"
@@ -27,12 +28,16 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 						instance.SMTPConfigChangedEventType,
 						instance.AggregateType,
 						[]byte(`{
+						"description": "test",
 						"tls": true,
 						"senderAddress": "sender",
 						"senderName": "name",
 						"replyToAddress": "reply-to",
 						"host": "host",
-						"user": "user"
+						"user": "user",
+						"id": "44444",
+						"resource_owner": "ro-id",
+						"instance_id": "instance-id"						
 					}`,
 						),
 					), instance.SMTPConfigChangedEventMapper),
@@ -44,7 +49,7 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "UPDATE projections.smtp_configs1 SET (change_date, sequence, tls, sender_address, sender_name, reply_to_address, host, username) = ($1, $2, $3, $4, $5, $6, $7, $8) WHERE (aggregate_id = $9) AND (instance_id = $10)",
+							expectedStmt: "UPDATE projections.smtp_configs2 SET (change_date, sequence, tls, sender_address, sender_name, reply_to_address, host, username, description) = ($1, $2, $3, $4, $5, $6, $7, $8, $9) WHERE (id = $10) AND (resource_owner = $11) AND (instance_id = $12)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								uint64(15),
@@ -54,7 +59,9 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 								"reply-to",
 								"host",
 								"user",
-								"agg-id",
+								"test",
+								"44444",
+								"ro-id",
 								"instance-id",
 							},
 						},
@@ -71,6 +78,8 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 						instance.AggregateType,
 						[]byte(`{
 						"tls": true,
+						"id": "id",
+						"description": "test",
 						"senderAddress": "sender",
 						"senderName": "name",
 						"replyToAddress": "reply-to",
@@ -91,14 +100,14 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "INSERT INTO projections.smtp_configs1 (aggregate_id, creation_date, change_date, resource_owner, instance_id, sequence, tls, sender_address, sender_name, reply_to_address, host, username, password) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13)",
+							expectedStmt: "INSERT INTO projections.smtp_configs2 (creation_date, change_date, resource_owner, instance_id, sequence, id, tls, sender_address, sender_name, reply_to_address, host, username, password, state, description) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15)",
 							expectedArgs: []interface{}{
-								"agg-id",
 								anyArg{},
 								anyArg{},
 								"ro-id",
 								"instance-id",
 								uint64(15),
+								"id",
 								true,
 								"sender",
 								"name",
@@ -106,6 +115,72 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 								"host",
 								"user",
 								anyArg{},
+								domain.SMTPConfigState(3),
+								"test",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "reduceSMTPConfigActivated",
+			args: args{
+				event: getEvent(testEvent(
+					instance.SMTPConfigActivatedEventType,
+					instance.AggregateType,
+					[]byte(`{ 
+						"id": "config-id" 
+					}`),
+				), instance.SMTPConfigActivatedEventMapper),
+			},
+			reduce: (&smtpConfigProjection{}).reduceSMTPConfigActivated,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("instance"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "UPDATE projections.smtp_configs2 SET (change_date, sequence, state) = ($1, $2, $3) WHERE (id = $4) AND (resource_owner = $5) AND (instance_id = $6)",
+							expectedArgs: []interface{}{
+								anyArg{},
+								uint64(15),
+								domain.SMTPConfigStateActive,
+								"config-id",
+								"ro-id",
+								"instance-id",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "reduceSMTPConfigDeactivated",
+			args: args{
+				event: getEvent(testEvent(
+					instance.SMTPConfigDeactivatedEventType,
+					instance.AggregateType,
+					[]byte(`{ 
+						"id": "config-id" 
+					}`),
+				), instance.SMTPConfigDeactivatedEventMapper),
+			},
+			reduce: (&smtpConfigProjection{}).reduceSMTPConfigDeactivated,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("instance"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "UPDATE projections.smtp_configs2 SET (change_date, sequence, state) = ($1, $2, $3) WHERE (id = $4) AND (resource_owner = $5) AND (instance_id = $6)",
+							expectedArgs: []interface{}{
+								anyArg{},
+								uint64(15),
+								domain.SMTPConfigStateInactive,
+								"config-id",
+								"ro-id",
+								"instance-id",
 							},
 						},
 					},
@@ -120,6 +195,7 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 						instance.SMTPConfigPasswordChangedEventType,
 						instance.AggregateType,
 						[]byte(`{
+						"id": "config-id",
 						"password": {
 							"cryptoType": 0,
 							"algorithm": "RSA-265",
@@ -135,12 +211,13 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "UPDATE projections.smtp_configs1 SET (change_date, sequence, password) = ($1, $2, $3) WHERE (aggregate_id = $4) AND (instance_id = $5)",
+							expectedStmt: "UPDATE projections.smtp_configs2 SET (change_date, sequence, password) = ($1, $2, $3) WHERE (id = $4) AND (resource_owner = $5) AND (instance_id = $6)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								uint64(15),
 								anyArg{},
-								"agg-id",
+								"config-id",
+								"ro-id",
 								"instance-id",
 							},
 						},
@@ -154,7 +231,7 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 				event: getEvent(testEvent(
 					instance.SMTPConfigRemovedEventType,
 					instance.AggregateType,
-					[]byte(`{}`),
+					[]byte(`{ "id": "config-id"}`),
 				), instance.SMTPConfigRemovedEventMapper),
 			},
 			reduce: (&smtpConfigProjection{}).reduceSMTPConfigRemoved,
@@ -164,9 +241,10 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "DELETE FROM projections.smtp_configs1 WHERE (aggregate_id = $1) AND (instance_id = $2)",
+							expectedStmt: "DELETE FROM projections.smtp_configs2 WHERE (id = $1) AND (resource_owner = $2) AND (instance_id = $3)",
 							expectedArgs: []interface{}{
-								"agg-id",
+								"config-id",
+								"ro-id",
 								"instance-id",
 							},
 						},
@@ -191,7 +269,7 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "DELETE FROM projections.smtp_configs1 WHERE (instance_id = $1)",
+							expectedStmt: "DELETE FROM projections.smtp_configs2 WHERE (instance_id = $1)",
 							expectedArgs: []interface{}{
 								"agg-id",
 							},
--- a/internal/query/smtp.go
+++ b/internal/query/smtp.go
@@ -11,20 +11,27 @@ import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/call"
 	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query/projection"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )

+type SMTPConfigsSearchQueries struct {
+	SearchRequest
+	Queries []SearchQuery
+}
+
+type SMTPConfigs struct {
+	SearchResponse
+	Configs []*SMTPConfig
+}
+
 var (
 	smtpConfigsTable = table{
 		name:          projection.SMTPConfigProjectionTable,
 		instanceIDCol: projection.SMTPConfigColumnInstanceID,
 	}
-	SMTPConfigColumnAggregateID = Column{
-		name:  projection.SMTPConfigColumnAggregateID,
-		table: smtpConfigsTable,
-	}
 	SMTPConfigColumnCreationDate = Column{
 		name:  projection.SMTPConfigColumnCreationDate,
 		table: smtpConfigsTable,
@@ -73,20 +80,25 @@ var (
 		name:  projection.SMTPConfigColumnSMTPPassword,
 		table: smtpConfigsTable,
 	}
+	SMTPConfigColumnID = Column{
+		name:  projection.SMTPConfigColumnID,
+		table: smtpConfigsTable,
+	}
+	SMTPConfigColumnState = Column{
+		name:  projection.SMTPConfigColumnState,
+		table: smtpConfigsTable,
+	}
+	SMTPConfigColumnDescription = Column{
+		name:  projection.SMTPConfigColumnDescription,
+		table: smtpConfigsTable,
+	}
 )

-type SMTPConfigs struct {
-	SearchResponse
-	SMTPConfigs []*SMTPConfig
-}
-
 type SMTPConfig struct {
-	AggregateID   string
-	CreationDate  time.Time
-	ChangeDate    time.Time
-	ResourceOwner string
-	Sequence      uint64
-
+	CreationDate   time.Time
+	ChangeDate     time.Time
+	ResourceOwner  string
+	Sequence       uint64
 	TLS            bool
 	SenderAddress  string
 	SenderName     string
@@ -94,19 +106,44 @@ type SMTPConfig struct {
 	Host           string
 	User           string
 	Password       *crypto.CryptoValue
+	ID             string
+	State          domain.SMTPConfigState
+	Description    string
 }

-func (q *Queries) SMTPConfigByAggregateID(ctx context.Context, aggregateID string) (config *SMTPConfig, err error) {
+func (q *Queries) SMTPConfigActive(ctx context.Context, resourceOwner string) (config *SMTPConfig, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()

 	stmt, scan := prepareSMTPConfigQuery(ctx, q.client)
 	query, args, err := stmt.Where(sq.Eq{
-		SMTPConfigColumnAggregateID.identifier(): aggregateID,
-		SMTPConfigColumnInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
+		SMTPConfigColumnResourceOwner.identifier(): resourceOwner,
+		SMTPConfigColumnInstanceID.identifier():    resourceOwner,
+		SMTPConfigColumnState.identifier():         domain.SMTPConfigStateActive,
 	}).ToSql()
 	if err != nil {
-		return nil, zerrors.ThrowInternal(err, "QUERY-3m9sl", "Errors.Query.SQLStatment")
+		return nil, zerrors.ThrowInternal(err, "QUERY-3m9sl", "Errors.Query.SQLStatement")
+	}
+
+	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
+		config, err = scan(row)
+		return err
+	}, query, args...)
+	return config, err
+}
+
+func (q *Queries) SMTPConfigByID(ctx context.Context, instanceID, resourceOwner, id string) (config *SMTPConfig, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	stmt, scan := prepareSMTPConfigQuery(ctx, q.client)
+	query, args, err := stmt.Where(sq.Eq{
+		SMTPConfigColumnResourceOwner.identifier(): resourceOwner,
+		SMTPConfigColumnInstanceID.identifier():    instanceID,
+		SMTPConfigColumnID.identifier():            id,
+	}).ToSql()
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "QUERY-8f8gw", "Errors.Query.SQLStatement")
 	}

 	err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
@@ -120,7 +157,6 @@ func prepareSMTPConfigQuery(ctx context.Context, db prepareDatabase) (sq.SelectB
 	password := new(crypto.CryptoValue)

 	return sq.Select(
-			SMTPConfigColumnAggregateID.identifier(),
 			SMTPConfigColumnCreationDate.identifier(),
 			SMTPConfigColumnChangeDate.identifier(),
 			SMTPConfigColumnResourceOwner.identifier(),
@@ -131,13 +167,15 @@ func prepareSMTPConfigQuery(ctx context.Context, db prepareDatabase) (sq.SelectB
 			SMTPConfigColumnReplyToAddress.identifier(),
 			SMTPConfigColumnSMTPHost.identifier(),
 			SMTPConfigColumnSMTPUser.identifier(),
-			SMTPConfigColumnSMTPPassword.identifier()).
+			SMTPConfigColumnSMTPPassword.identifier(),
+			SMTPConfigColumnID.identifier(),
+			SMTPConfigColumnState.identifier(),
+			SMTPConfigColumnDescription.identifier()).
 			From(smtpConfigsTable.identifier() + db.Timetravel(call.Took(ctx))).
 			PlaceholderFormat(sq.Dollar),
 		func(row *sql.Row) (*SMTPConfig, error) {
 			config := new(SMTPConfig)
 			err := row.Scan(
-				&config.AggregateID,
 				&config.CreationDate,
 				&config.ChangeDate,
 				&config.ResourceOwner,
@@ -149,6 +187,9 @@ func prepareSMTPConfigQuery(ctx context.Context, db prepareDatabase) (sq.SelectB
 				&config.Host,
 				&config.User,
 				&password,
+				&config.ID,
+				&config.State,
+				&config.Description,
 			)
 			if err != nil {
 				if errors.Is(err, sql.ErrNoRows) {
@@ -160,3 +201,79 @@ func prepareSMTPConfigQuery(ctx context.Context, db prepareDatabase) (sq.SelectB
 			return config, nil
 		}
 }
+
+func prepareSMTPConfigsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Rows) (*SMTPConfigs, error)) {
+	return sq.Select(
+			SMTPConfigColumnCreationDate.identifier(),
+			SMTPConfigColumnChangeDate.identifier(),
+			SMTPConfigColumnResourceOwner.identifier(),
+			SMTPConfigColumnSequence.identifier(),
+			SMTPConfigColumnTLS.identifier(),
+			SMTPConfigColumnSenderAddress.identifier(),
+			SMTPConfigColumnSenderName.identifier(),
+			SMTPConfigColumnReplyToAddress.identifier(),
+			SMTPConfigColumnSMTPHost.identifier(),
+			SMTPConfigColumnSMTPUser.identifier(),
+			SMTPConfigColumnSMTPPassword.identifier(),
+			SMTPConfigColumnID.identifier(),
+			SMTPConfigColumnState.identifier(),
+			SMTPConfigColumnDescription.identifier(),
+			countColumn.identifier()).
+			From(smtpConfigsTable.identifier() + db.Timetravel(call.Took(ctx))).
+			PlaceholderFormat(sq.Dollar),
+		func(rows *sql.Rows) (*SMTPConfigs, error) {
+			configs := &SMTPConfigs{Configs: []*SMTPConfig{}}
+			for rows.Next() {
+				config := new(SMTPConfig)
+				err := rows.Scan(
+					&config.CreationDate,
+					&config.ChangeDate,
+					&config.ResourceOwner,
+					&config.Sequence,
+					&config.TLS,
+					&config.SenderAddress,
+					&config.SenderName,
+					&config.ReplyToAddress,
+					&config.Host,
+					&config.User,
+					&config.Password,
+					&config.ID,
+					&config.State,
+					&config.Description,
+					&configs.Count,
+				)
+				if err != nil {
+					if errors.Is(err, sql.ErrNoRows) {
+						return nil, zerrors.ThrowNotFound(err, "QUERY-fwofw", "Errors.SMTPConfig.NotFound")
+					}
+					return nil, zerrors.ThrowInternal(err, "QUERY-9k87F", "Errors.Internal")
+				}
+				configs.Configs = append(configs.Configs, config)
+			}
+			return configs, nil
+		}
+}
+
+func (q *Queries) SearchSMTPConfigs(ctx context.Context, queries *SMTPConfigsSearchQueries) (configs *SMTPConfigs, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	query, scan := prepareSMTPConfigsQuery(ctx, q.client)
+	stmt, args, err := queries.toQuery(query).
+		Where(sq.Eq{
+			SMTPConfigColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+		}).ToSql()
+	if err != nil {
+		return nil, zerrors.ThrowInvalidArgument(err, "QUERY-sZ7Cx", "Errors.Query.InvalidRequest")
+	}
+
+	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
+		configs, err = scan(rows)
+		return err
+	}, stmt, args...)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "QUERY-tOpKN", "Errors.Internal")
+	}
+	configs.State, err = q.latestState(ctx, smsConfigsTable)
+	return configs, err
+}
--- a/internal/query/smtp_test.go
+++ b/internal/query/smtp_test.go
@@ -9,26 +9,28 @@ import (
 	"testing"

 	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )

 var (
-	prepareSMTPConfigStmt = `SELECT projections.smtp_configs1.aggregate_id,` +
-		` projections.smtp_configs1.creation_date,` +
-		` projections.smtp_configs1.change_date,` +
-		` projections.smtp_configs1.resource_owner,` +
-		` projections.smtp_configs1.sequence,` +
-		` projections.smtp_configs1.tls,` +
-		` projections.smtp_configs1.sender_address,` +
-		` projections.smtp_configs1.sender_name,` +
-		` projections.smtp_configs1.reply_to_address,` +
-		` projections.smtp_configs1.host,` +
-		` projections.smtp_configs1.username,` +
-		` projections.smtp_configs1.password` +
-		` FROM projections.smtp_configs1` +
+	prepareSMTPConfigStmt = `SELECT projections.smtp_configs2.creation_date,` +
+		` projections.smtp_configs2.change_date,` +
+		` projections.smtp_configs2.resource_owner,` +
+		` projections.smtp_configs2.sequence,` +
+		` projections.smtp_configs2.tls,` +
+		` projections.smtp_configs2.sender_address,` +
+		` projections.smtp_configs2.sender_name,` +
+		` projections.smtp_configs2.reply_to_address,` +
+		` projections.smtp_configs2.host,` +
+		` projections.smtp_configs2.username,` +
+		` projections.smtp_configs2.password,` +
+		` projections.smtp_configs2.id,` +
+		` projections.smtp_configs2.state,` +
+		` projections.smtp_configs2.description` +
+		` FROM projections.smtp_configs2` +
 		` AS OF SYSTEM TIME '-1 ms'`
 	prepareSMTPConfigCols = []string{
-		"aggregate_id",
 		"creation_date",
 		"change_date",
 		"resource_owner",
@@ -40,6 +42,9 @@ var (
 		"smtp_host",
 		"smtp_user",
 		"smtp_password",
+		"id",
+		"state",
+		"description",
 	}
 )

@@ -80,7 +85,6 @@ func Test_SMTPConfigsPrepares(t *testing.T) {
 					regexp.QuoteMeta(prepareSMTPConfigStmt),
 					prepareSMTPConfigCols,
 					[]driver.Value{
-						"agg-id",
 						testNow,
 						testNow,
 						"ro",
@@ -92,11 +96,13 @@ func Test_SMTPConfigsPrepares(t *testing.T) {
 						"host",
 						"user",
 						&crypto.CryptoValue{},
+						"2232323",
+						domain.SMTPConfigStateActive,
+						"test",
 					},
 				),
 			},
 			object: &SMTPConfig{
-				AggregateID:    "agg-id",
 				CreationDate:   testNow,
 				ChangeDate:     testNow,
 				ResourceOwner:  "ro",
@@ -108,6 +114,93 @@ func Test_SMTPConfigsPrepares(t *testing.T) {
 				Host:           "host",
 				User:           "user",
 				Password:       &crypto.CryptoValue{},
+				ID:             "2232323",
+				State:          domain.SMTPConfigStateActive,
+				Description:    "test",
+			},
+		},
+		{
+			name:    "prepareSMTPConfigQuery another config found",
+			prepare: prepareSMTPConfigQuery,
+			want: want{
+				sqlExpectations: mockQuery(
+					regexp.QuoteMeta(prepareSMTPConfigStmt),
+					prepareSMTPConfigCols,
+					[]driver.Value{
+						testNow,
+						testNow,
+						"ro",
+						uint64(20211109),
+						true,
+						"sender2",
+						"name2",
+						"reply-to2",
+						"host2",
+						"user2",
+						&crypto.CryptoValue{},
+						"44442323",
+						domain.SMTPConfigStateInactive,
+						"test2",
+					},
+				),
+			},
+			object: &SMTPConfig{
+				CreationDate:   testNow,
+				ChangeDate:     testNow,
+				ResourceOwner:  "ro",
+				Sequence:       20211109,
+				TLS:            true,
+				SenderAddress:  "sender2",
+				SenderName:     "name2",
+				ReplyToAddress: "reply-to2",
+				Host:           "host2",
+				User:           "user2",
+				Password:       &crypto.CryptoValue{},
+				ID:             "44442323",
+				State:          domain.SMTPConfigStateInactive,
+				Description:    "test2",
+			},
+		},
+		{
+			name:    "prepareSMTPConfigQuery yet another config found",
+			prepare: prepareSMTPConfigQuery,
+			want: want{
+				sqlExpectations: mockQuery(
+					regexp.QuoteMeta(prepareSMTPConfigStmt),
+					prepareSMTPConfigCols,
+					[]driver.Value{
+						testNow,
+						testNow,
+						"ro",
+						uint64(20211109),
+						true,
+						"sender3",
+						"name3",
+						"reply-to3",
+						"host3",
+						"user3",
+						&crypto.CryptoValue{},
+						"23234444",
+						domain.SMTPConfigStateInactive,
+						"test3",
+					},
+				),
+			},
+			object: &SMTPConfig{
+				CreationDate:   testNow,
+				ChangeDate:     testNow,
+				ResourceOwner:  "ro",
+				Sequence:       20211109,
+				TLS:            true,
+				SenderAddress:  "sender3",
+				SenderName:     "name3",
+				ReplyToAddress: "reply-to3",
+				Host:           "host3",
+				User:           "user3",
+				Password:       &crypto.CryptoValue{},
+				ID:             "23234444",
+				State:          domain.SMTPConfigStateInactive,
+				Description:    "test3",
 			},
 		},
 		{
--- a/internal/repository/instance/eventstore.go
+++ b/internal/repository/instance/eventstore.go
@@ -14,6 +14,8 @@ func init() {
 	eventstore.RegisterFilterEventMapper(AggregateType, SecretGeneratorRemovedEventType, SecretGeneratorRemovedEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigAddedEventType, SMTPConfigAddedEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigChangedEventType, SMTPConfigChangedEventMapper)
+	eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigActivatedEventType, SMTPConfigActivatedEventMapper)
+	eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigDeactivatedEventType, SMTPConfigDeactivatedEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigPasswordChangedEventType, SMTPConfigPasswordChangedEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, SMTPConfigRemovedEventType, SMTPConfigRemovedEventMapper)
 	eventstore.RegisterFilterEventMapper(AggregateType, SMSConfigTwilioAddedEventType, SMSConfigTwilioAddedEventMapper)
--- a/internal/repository/instance/smtp_config.go
+++ b/internal/repository/instance/smtp_config.go
@@ -4,6 +4,7 @@ import (
 	"context"

 	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -14,23 +15,29 @@ const (
 	SMTPConfigChangedEventType         = instanceEventTypePrefix + smtpConfigPrefix + "changed"
 	SMTPConfigPasswordChangedEventType = instanceEventTypePrefix + smtpConfigPrefix + "password.changed"
 	SMTPConfigRemovedEventType         = instanceEventTypePrefix + smtpConfigPrefix + "removed"
+	SMTPConfigActivatedEventType       = instanceEventTypePrefix + smtpConfigPrefix + "activated"
+	SMTPConfigDeactivatedEventType     = instanceEventTypePrefix + smtpConfigPrefix + "deactivated"
 )

 type SMTPConfigAddedEvent struct {
 	eventstore.BaseEvent `json:"-"`

-	SenderAddress  string              `json:"senderAddress,omitempty"`
-	SenderName     string              `json:"senderName,omitempty"`
-	ReplyToAddress string              `json:"replyToAddress,omitempty"`
-	TLS            bool                `json:"tls,omitempty"`
-	Host           string              `json:"host,omitempty"`
-	User           string              `json:"user,omitempty"`
-	Password       *crypto.CryptoValue `json:"password,omitempty"`
+	ID             string                 `json:"id,omitempty"`
+	Description    string                 `json:"description,omitempty"`
+	SenderAddress  string                 `json:"senderAddress,omitempty"`
+	SenderName     string                 `json:"senderName,omitempty"`
+	ReplyToAddress string                 `json:"replyToAddress,omitempty"`
+	TLS            bool                   `json:"tls,omitempty"`
+	Host           string                 `json:"host,omitempty"`
+	User           string                 `json:"user,omitempty"`
+	Password       *crypto.CryptoValue    `json:"password,omitempty"`
+	State          domain.SMTPConfigState `json:"state,omitempty"`
 }

 func NewSMTPConfigAddedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
+	id, description string,
 	tls bool,
 	senderAddress,
 	senderName,
@@ -45,6 +52,8 @@ func NewSMTPConfigAddedEvent(
 			aggregate,
 			SMTPConfigAddedEventType,
 		),
+		ID:             id,
+		Description:    description,
 		TLS:            tls,
 		SenderAddress:  senderAddress,
 		SenderName:     senderName,
@@ -77,13 +86,15 @@ func SMTPConfigAddedEventMapper(event eventstore.Event) (eventstore.Event, error

 type SMTPConfigChangedEvent struct {
 	eventstore.BaseEvent `json:"-"`
-
-	FromAddress    *string `json:"senderAddress,omitempty"`
-	FromName       *string `json:"senderName,omitempty"`
-	ReplyToAddress *string `json:"replyToAddress,omitempty"`
-	TLS            *bool   `json:"tls,omitempty"`
-	Host           *string `json:"host,omitempty"`
-	User           *string `json:"user,omitempty"`
+	ID                   string              `json:"id,omitempty"`
+	Description          *string             `json:"description,omitempty"`
+	FromAddress          *string             `json:"senderAddress,omitempty"`
+	FromName             *string             `json:"senderName,omitempty"`
+	ReplyToAddress       *string             `json:"replyToAddress,omitempty"`
+	TLS                  *bool               `json:"tls,omitempty"`
+	Host                 *string             `json:"host,omitempty"`
+	User                 *string             `json:"user,omitempty"`
+	Password             *crypto.CryptoValue `json:"password,omitempty"`
 }

 func (e *SMTPConfigChangedEvent) Payload() interface{} {
@@ -97,6 +108,7 @@ func (e *SMTPConfigChangedEvent) UniqueConstraints() []*eventstore.UniqueConstra
 func NewSMTPConfigChangeEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
+	id string,
 	changes []SMTPConfigChanges,
 ) (*SMTPConfigChangedEvent, error) {
 	if len(changes) == 0 {
@@ -108,6 +120,7 @@ func NewSMTPConfigChangeEvent(
 			aggregate,
 			SMTPConfigChangedEventType,
 		),
+		ID: id,
 	}
 	for _, change := range changes {
 		change(changeEvent)
@@ -117,6 +130,18 @@ func NewSMTPConfigChangeEvent(

 type SMTPConfigChanges func(event *SMTPConfigChangedEvent)

+func ChangeSMTPConfigID(id string) func(event *SMTPConfigChangedEvent) {
+	return func(e *SMTPConfigChangedEvent) {
+		e.ID = id
+	}
+}
+
+func ChangeSMTPConfigDescription(description string) func(event *SMTPConfigChangedEvent) {
+	return func(e *SMTPConfigChangedEvent) {
+		e.Description = &description
+	}
+}
+
 func ChangeSMTPConfigTLS(tls bool) func(event *SMTPConfigChangedEvent) {
 	return func(e *SMTPConfigChangedEvent) {
 		e.TLS = &tls
@@ -153,6 +178,12 @@ func ChangeSMTPConfigSMTPUser(smtpUser string) func(event *SMTPConfigChangedEven
 	}
 }

+func ChangeSMTPConfigSMTPPassword(password *crypto.CryptoValue) func(event *SMTPConfigChangedEvent) {
+	return func(e *SMTPConfigChangedEvent) {
+		e.Password = password
+	}
+}
+
 func SMTPConfigChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
 	e := &SMTPConfigChangedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
@@ -168,13 +199,14 @@ func SMTPConfigChangedEventMapper(event eventstore.Event) (eventstore.Event, err

 type SMTPConfigPasswordChangedEvent struct {
 	eventstore.BaseEvent `json:"-"`
-
-	Password *crypto.CryptoValue `json:"password,omitempty"`
+	ID                   string              `json:"id,omitempty"`
+	Password             *crypto.CryptoValue `json:"password,omitempty"`
 }

 func NewSMTPConfigPasswordChangedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
+	id string,
 	password *crypto.CryptoValue,
 ) *SMTPConfigPasswordChangedEvent {
 	return &SMTPConfigPasswordChangedEvent{
@@ -196,24 +228,106 @@ func (e *SMTPConfigPasswordChangedEvent) UniqueConstraints() []*eventstore.Uniqu
 }

 func SMTPConfigPasswordChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
-	smtpConfigPasswordChagned := &SMTPConfigPasswordChangedEvent{
+	smtpConfigPasswordChanged := &SMTPConfigPasswordChangedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
 	}
-	err := event.Unmarshal(smtpConfigPasswordChagned)
+	err := event.Unmarshal(smtpConfigPasswordChanged)
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "IAM-99iNF", "unable to unmarshal smtp config password changed")
 	}

-	return smtpConfigPasswordChagned, nil
+	return smtpConfigPasswordChanged, nil
+}
+
+type SMTPConfigActivatedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	ID                   string `json:"id,omitempty"`
+}
+
+func NewSMTPConfigActivatedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id string,
+) *SMTPConfigActivatedEvent {
+	return &SMTPConfigActivatedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			SMTPConfigActivatedEventType,
+		),
+		ID: id,
+	}
+}
+
+func (e *SMTPConfigActivatedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *SMTPConfigActivatedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func SMTPConfigActivatedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	smtpConfigActivated := &SMTPConfigActivatedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := event.Unmarshal(smtpConfigActivated)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "IAM-KPr5t", "unable to unmarshal smtp config removed")
+	}
+
+	return smtpConfigActivated, nil
+}
+
+type SMTPConfigDeactivatedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	ID                   string `json:"id,omitempty"`
+}
+
+func NewSMTPConfigDeactivatedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id string,
+) *SMTPConfigDeactivatedEvent {
+	return &SMTPConfigDeactivatedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			SMTPConfigDeactivatedEventType,
+		),
+		ID: id,
+	}
+}
+
+func (e *SMTPConfigDeactivatedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *SMTPConfigDeactivatedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func SMTPConfigDeactivatedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	smtpConfigDeactivated := &SMTPConfigDeactivatedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := event.Unmarshal(smtpConfigDeactivated)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "IAM-KPr5t", "unable to unmarshal smtp config removed")
+	}
+
+	return smtpConfigDeactivated, nil
 }

 type SMTPConfigRemovedEvent struct {
 	eventstore.BaseEvent `json:"-"`
+	ID                   string `json:"id,omitempty"`
 }

 func NewSMTPConfigRemovedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
+	id string,
 ) *SMTPConfigRemovedEvent {
 	return &SMTPConfigRemovedEvent{
 		BaseEvent: *eventstore.NewBaseEventForPush(
@@ -221,6 +335,7 @@ func NewSMTPConfigRemovedEvent(
 			aggregate,
 			SMTPConfigRemovedEventType,
 		),
+		ID: id,
 	}
 }

--- a/internal/static/i18n/bg.yaml
+++ b/internal/static/i18n/bg.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: SMTP конфигурацията не е намерена
    AlreadyExists: SMTP конфигурация вече съществува
+    AlreadyDeactivated: SMTP конфигурацията вече е деактивирана
    SenderAdressNotCustomDomain: >-
      Адресът на изпращача трябва да бъде конфигуриран като персонализиран
      домейн в екземпляра.
@@ -1151,6 +1152,9 @@ EventTypes:
      config:
        added: Добавена е SMTP конфигурация
        changed: SMTP конфигурацията е променена
+        activated: SMTP конфигурацията е активирана
+        deactivated: SMTP конфигурацията е деактивирана
+        removed: Премахната SMTP конфигурация
        password:
          changed: Тайната на конфигурацията на SMTP е променена
    sms:
@@ -1305,6 +1309,8 @@ EventTypes:
      config:
        added: Добавена е SMTP конфигурация
        changed: SMTP конфигурацията е променена
+        activated: SMTP конфигурацията е активирана
+        deactivated: SMTP конфигурацията е деактивирана
        password:
          changed: Паролата на SMTP конфигурацията е променена
        removed: Премахната SMTP конфигурация
--- a/internal/static/i18n/cs.yaml
+++ b/internal/static/i18n/cs.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: Konfigurace SMTP nebyla nalezena
    AlreadyExists: Konfigurace SMTP již existuje
+    AlreadyDeactivated: Konfigurace SMTP je již deaktivována
    SenderAdressNotCustomDomain: Adresa odesílatele musí být nakonfigurována jako vlastní doména na instanci.
  Notification:
    NoDomain: Pro zprávu nebyla nalezena žádná doména
@@ -1126,6 +1127,9 @@ EventTypes:
      config:
        added: Konfigurace SMTP přidána
        changed: Konfigurace SMTP změněna
+        activated: Konfigurace SMTP aktivována
+        deactivated: Konfigurace SMTP deaktivována
+        removed: Konfigurace SMTP odstraněna
        password:
          changed: Tajemství konfigurace SMTP změněno
    sms:
@@ -1271,6 +1275,8 @@ EventTypes:
      config:
        added: Konfigurace SMTP přidána
        changed: Konfigurace SMTP změněna
+        activated: Konfigurace SMTP aktivována
+        deactivated: Konfigurace SMTP deaktivována
        password:
          changed: Heslo konfigurace SMTP změněno
        removed: Konfigurace SMTP odstraněna
--- a/internal/static/i18n/de.yaml
+++ b/internal/static/i18n/de.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: SMTP Konfiguration nicht gefunden
    AlreadyExists: SMTP Konfiguration existiert bereits
+    AlreadyDeactivated: SMTP-Konfiguration bereits deaktiviert
    SenderAdressNotCustomDomain: Die Sender Adresse muss als Custom Domain auf der Instanz registriert sein.
  Notification:
    NoDomain: Keine Domäne für Nachricht gefunden
@@ -1128,6 +1129,9 @@ EventTypes:
      config:
        added: SMTP Konfiguration hinzugefügt
        changed: SMTP Konfiguration geändert
+        activated: SMTP Konfiguration aktiviert
+        deactivated: SMTP Konfiguration deaktiviert
+        removed: SMTP Konfiguration entfernt
        password:
          changed: SMTP Konfigurations Passwort geändert
    sms:
@@ -1273,6 +1277,8 @@ EventTypes:
      config:
        added: SMTP Konfiguration hinzugefügt
        changed: SMTP Konfiguration geändert
+        activated: SMTP Konfiguration aktiviert
+        deactivated: SMTP Konfiguration deaktiviert
        password:
          changed: Passwort von SMTP Konfiguration geändert
        removed: SMTP Konfiguration gelöscht
--- a/internal/static/i18n/en.yaml
+++ b/internal/static/i18n/en.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: SMTP configuration not found
    AlreadyExists: SMTP configuration already exists
+    AlreadyDeactivated: SMTP configuration already deactivated
    SenderAdressNotCustomDomain: The sender address must be configured as custom domain on the instance.
  Notification:
    NoDomain: No Domain found for message
@@ -787,7 +788,7 @@ EventTypes:
      code:
        added: Phone number code generated
        sent: Phone number code sent
-      removed: Phone number removed
+
    profile:
      changed: User profile changed
    address:
@@ -1128,6 +1129,9 @@ EventTypes:
      config:
        added: SMTP configuration added
        changed: SMTP configuration changed
+        activated: SMTP configuration activated
+        deactivated: SMTP configuration deactivated
+        removed: SMTP configuration removed
        password:
          changed: SMTP configuration secret changed
    sms:
@@ -1273,6 +1277,8 @@ EventTypes:
      config:
        added: SMTP configuration added
        changed: SMTP configuration changed
+        activated: SMTP configuration activated
+        deactivated: SMTP configuration deactivated
        password:
          changed: Password of SMTP configuration changed
        removed: SMTP configuration removed
--- a/internal/static/i18n/es.yaml
+++ b/internal/static/i18n/es.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: configuración SMTP no encontrada
    AlreadyExists: la configuración SMTP ya existe
+    AlreadyDeactivated: la configuración SMTP ya está desactivada
    SenderAdressNotCustomDomain: La dirección del remitente debe configurarse como un dominio personalizado en la instancia.
  Notification:
    NoDomain: No se encontró el dominio para el mensaje
@@ -1128,6 +1129,9 @@ EventTypes:
      config:
        added: Configuración SMTP añadida
        changed: Configuración SMTP modificada
+        activated: Configuración SMTP activada
+        deactivated: Configuración SMTP desactivada
+        removed: Configuración SMTP eliminada
        password:
          changed: Configuración de secreto SMTP modificada
    sms:
@@ -1273,6 +1277,8 @@ EventTypes:
      config:
        added: Configuración SMTP añadida
        changed: Configuración SMTP modificada
+        activated: Configuración SMTP activada
+        deactivated: Configuración SMTP desactivada
        password:
          changed: Contraseña de configuración SMTP modificada
        removed: Configuración SMTP eliminada
--- a/internal/static/i18n/fr.yaml
+++ b/internal/static/i18n/fr.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: Configuration SMTP non trouvée
    AlreadyExists: La configuration SMTP existe déjà
+    AlreadyDeactivated: Configuration SMTP déjà désactivée
    SenderAdressNotCustomDomain: L'adresse de l'expéditeur doit être configurée comme un domaine personnalisé sur l'instance.
  Notification:
    NoDomain: Aucun domaine trouvé pour le message
@@ -816,6 +817,12 @@ EventTypes:
      set: Ensemble de métadonnées de l'utilisateur
      removed: Métadonnées de l'utilisateur supprimées
      removed.all: Suppression de toutes les métadonnées utilisateur
+    domain:
+      claimed: Domaine revendiqué
+      claimed.sent: Notification de domaine revendiqué envoyée
+    pat:
+      added: Personal Access Token added
+      removed: Personal Access Token removed
  org:
    added: Organisation ajoutée
    changed: Organisation modifiée
@@ -862,6 +869,10 @@ EventTypes:
        config:
          added: Configuration IDP SAML ajoutée
          changed: Modification de la configuration IDP SAML
+      jwt:
+        config:
+          added: Configuration JWT IDP ajoutée
+          changed: La configuration du fournisseur d'identité JWT a été modifiée
    customtext:
      set: Jeu de texte personnalisé
      removed: Texte personnalisé supprimé
@@ -875,6 +886,8 @@ EventTypes:
        idpprovider:
          added: Fournisseur d'Idp ajouté à la politique de connexion
          removed: Idp Provider supprimé de la politique de connexion
+          cascade:
+            removed: Cascade de fournisseurs d'identité supprimée de la stratégie de connexion
        secondfactor:
          added: Second factor ajouté à la politique de connexion
          removed: Second facteur supprimé de la politique de connexion
@@ -920,6 +933,14 @@ EventTypes:
        added: Politique de confidentialité et CGU ajoutés
        changed: Politique de confidentialité et CGU modifiées
        removed: Politique de confidentialité et conditions d'utilisation supprimées
+      domain:
+        added: Politique de domaine ajoutée
+        changed: Politique de domaine modifiée
+        removed: Politique de domaine supprimée
+      lockout:
+        added: Politique de verrouillage ajoutée
+        changed: La politique de verrouillage a été modifiée
+        removed: Politique de verrouillage supprimée
      notification:
        added: Politique de notification ajoutée
        changed: Politique de notification modifiée
@@ -930,6 +951,20 @@ EventTypes:
        cascade:
          removed: Cascade d'actions supprimée
        removed: Actions supprimées
+      cleared: Flux effacé
+    mail:
+      template:
+        added: Modèle de courrier électronique ajouté
+        changed: Modèle d'e-mail modifié
+        removed: Modèle d'e-mail supprimé
+      text:
+        added: Texte de l'e-mail ajouté
+        changed: Le texte de l'e-mail a été modifié
+        removed: Texte de l'e-mail supprimé
+    metadata:
+      removed: Metadata removed
+      removed.all: All metadata removed
+      set: Metadata set
  project:
    added: Projet ajouté
    changed: Projet modifié
@@ -1036,6 +1071,10 @@ EventTypes:
      saml:
        config:
          added: Ajout de la configuration SAML IDP
+          changed: La configuration SAML IDP a été modifiée
+      jwt:
+        config:
+          added: Configuration JWT du fournisseur d'identité ajoutée
          changed: Modification de la configuration de SAML IDP
    customtext:
      set: Le texte a été mis en place
@@ -1085,6 +1124,9 @@ EventTypes:
      config:
        added: Ajout de la configuration SMTP
        changed: Modification de la configuration SMTP
+        activated: Configuration SMTP activée
+        deactivated: Configuration SMTP désactivée
+        removed: Configuration SMTP supprimée
        password:
          changed: Modification du secret de la configuration SMTP
    sms:
@@ -1099,6 +1141,8 @@ EventTypes:
          deactivated: Fournisseur de SMS Twilio désactivé
  key_pair:
    added: Paire de clés ajoutée
+    certificate:
+      added: Certificat ajouté
  action:
    added: Action ajoutée
    changed: Action modifiée
@@ -1111,7 +1155,134 @@ EventTypes:
    deactivated: Schéma utilisateur désactivé
    reactivated: Schéma utilisateur réactivé
    deleted: Schéma utilisateur supprimé
+instance:
+  added: Instance ajoutée
+  changed: Instance modifiée
+  customtext:
+    removed: Texte personnalisé supprimé
+    set: Ensemble de texte personnalisé
+    template:
+      removed: Modèle de texte personnalisé supprimé
+  default:
+    language:
+      set: Langue par défaut définie
+    org:
+      set: Ensemble d'organisation par défaut
+  domain:
+    added: Domaine ajouté
+    primary:
+      set: Ensemble de domaines principal
+    removed: Domaine supprimé
+  iam:
+    console:
+      set: Ensemble d'applications Console ZITADEL
+    project:
+      set: ZITADEL project set
+  mail:
+    template:
+      added: Modèle de courrier électronique ajouté
+      changed: Modèle d'e-mail modifié
+    text:
+      added: Texte de l'e-mail ajouté
+      changed: Le texte de l'e-mail a été modifié
+  member:
+    added: Membre de l'instance ajouté
+    changed: Membre de l'instance modifié
+    removed: Membre de l'instance supprimé
+    cascade:
+      removed: Cascade de membres de l'instance supprimée
+  notification:
+    provider:
+      debug:
+        fileadded: Fournisseur de notification de débogage de fichiers ajouté
+        filechanged: Le fournisseur de notification de débogage de fichier a été modifié
+        fileremoved: Fournisseur de notification de débogage de fichier supprimé
+        logadded: Fournisseur de notification de débogage de journal ajouté
+        logchanged: Le fournisseur de notification de débogage du journal a été modifié
+        logremoved: Fournisseur de notification de débogage du journal supprimé
+  oidc:
+    settings:
+      added: Paramètres OIDC ajoutés
+      changed: Paramètres OIDC modifiés
+  policy:
+    domain:
+      added: Politique de domaine ajoutée
+      changed: Politique de domaine modifiée
+    label:
+      activated: Politique d'étiquetage activée
+      added: Politique d'étiquetage ajoutée
+      assets:
+        removed: L'élément de la stratégie d'étiquette a été supprimé
+      changed: Politique d'étiquetage modifiée
+      font:
+        added: Police ajoutée à la stratégie d'étiquette
+        removed: Police supprimée de la stratégie relative aux étiquettes
+      icon:
+        added: Icône ajoutée à la politique d'étiquetage
+        removed: Icône supprimée des règles relatives aux étiquettes
+        dark:
+          added: Icône ajoutée à la politique d'étiquette sombre
+          removed: Icône supprimée de la politique relative aux étiquettes sombres
+      logo:
+        added: Logo ajouté à la politique d'étiquetage
+        removed: Logo supprimé de la politique relative aux étiquettes
+        dark:
+          added: Logo ajouté à la politique relative aux étiquettes sombres
+          removed: Logo supprimé de la politique relative aux étiquettes sombres
+    lockout:
+      added: Politique de verrouillage ajoutée
+      changed: La politique de verrouillage a été modifiée
+    login:
+      added: Politique de connexion ajoutée
+      changed: Politique de connexion modifiée
+      idpprovider:
+        added: Fournisseur d'identité ajouté à la politique de connexion
+        cascade:
+          removed: Cascade de fournisseurs d'identité supprimée de la stratégie de connexion
+        removed: Fournisseur d'identité supprimé de la stratégie de connexion
+      multifactor:
+        added: Multifactor ajouté à la politique de connexion
+        removed: Multifactor supprimé de la politique de connexion
+      secondfactor:
+        added: Deuxième facteur ajouté à la politique de connexion
+        removed: Deuxième facteur supprimé de la politique de connexion
+    password:
+      age:
+        added: Politique d'âge du mot de passe ajoutée
+        changed: La politique relative à l'âge du mot de passe a été modifiée
+      complexity:
+        added: Politique de complexité des mots de passe ajoutée
+        changed: Politique de complexité des mots de passe supprimée
+    privacy:
+      added: Politique de confidentialité ajoutée
+      changed: Politique de confidentialité modifiée
+    security:
+      set: Ensemble de règles de sécurité

+  removed: Instance removed
+  secret:
+    generator:
+      added: Générateur de secrets ajouté
+      changed: Le générateur de secrets a changé
+      removed: Générateur de secrets supprimé
+  sms:
+    configtwilio:
+      activated: Configuration SMS Twilio activée
+      added: Configuration SMS Twilio ajoutée
+      changed: La configuration des SMS Twilio a été modifiée
+      deactivated: Configuration SMS Twilio désactivée
+      removed: Configuration SMS Twilio supprimée
+      token:
+        changed: Jeton de configuration SMS Twilio modifié
+  smtp:
+    config:
+      added: Configuration SMTP ajoutée
+      changed: Configuration SMTP modifiée
+      activated: Configuration SMTP activée
+      deactivated: Configuration SMTP désactivée
+      password:
+        changed: Mot de passe de configuration SMTP modifié
+      removed: Configuration SMTP supprimée
 Application:
  OIDC:
    UnsupportedVersion: Votre version de l'OIDC n'est pas prise en charge
--- a/internal/static/i18n/it.yaml
+++ b/internal/static/i18n/it.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: Configurazione SMTP non trovata
    AlreadyExists: La configurazione SMTP esiste già
+    AlreadyDeactivated: Configurazione SMTP già disattivata
    SenderAdressNotCustomDomain: L'indirizzo del mittente deve essere configurato come dominio personalizzato sull'istanza.
  Notification:
    NoDomain: Nessun dominio trovato per il messaggio
@@ -218,7 +219,6 @@ Errors:
      EmptyString: I caratteri non numerici e alfabetici non validi sono stati sostituiti con spazi vuoti e il dominio risultante è una stringa vuota
    IDP:
      InvalidSearchQuery: Parametro di ricerca non valido
-      InvalidCharacter: Per un dominio sono ammessi solo caratteri alfanumerici, . e -
      ClientIDMissing: ClientID mancante
      TeamIDMissing: TeamID mancante
      KeyIDMissing: ID chiave mancante
@@ -616,6 +616,7 @@ EventTypes:
    username:
      reserved: Nome utente riservato
      released: Nome utente rilasciato
+      changed: Nome utente cambiato
    email:
      reserved: Indirizzo e-mail riservato
      released: Indirizzo e-mail rilasciato
@@ -786,6 +787,7 @@ EventTypes:
      code:
        added: Codice del numero di telefono generato
        sent: Codice del numero di telefono inviato
+      removed: Codice del numero di telefono rimosso
    profile:
      changed: Profilo utente cambiato
    address:
@@ -799,7 +801,9 @@ EventTypes:
          succeeded: Controllo OTP riuscito
          failed: Controllo OTP fallito
      init:
-        skipped: Inizializzazione saltata
+        skipped: Inizializzazione OTP saltata
+    init:
+      skipped: Inizializzazione saltata
    signed:
      out: L'utente è uscito
    grant:
@@ -817,6 +821,12 @@ EventTypes:
      set: Set di metadati utente
      removed: Metadati utente rimossi
      removed.all: Tutti i metadati utente rimossi
+    domain:
+      claimed: Dominio rivendicato
+      claimed.sent: Notifica di rivendicazione del dominio inviata
+    pat:
+      added: Aggiunto token di accesso personale
+      removed: Token di accesso personale rimosso
  org:
    added: Organizzazione aggiunta
    changed: Organizzazione cambiata
@@ -863,6 +873,10 @@ EventTypes:
        config:
          added: Aggiunta la configurazione IDP SAML
          changed: Configurazione IDP SAML modificata
+      jwt:
+        config:
+          added: Aggiunta la configurazione IDP JWT
+          changed: La configurazione dell'IDP JWT è stata modificata
    customtext:
      set: Testo personalizzato salvato
      removed: Testo personalizzato rimosso
@@ -876,6 +890,8 @@ EventTypes:
        idpprovider:
          added: IDP aggiunto alle impostazioni di accesso
          removed: IDP rimosso dalle impostazioni di accesso
+          cascade:
+            removed: Cascata di provider di identità rimossa dalla policy di accesso
        secondfactor:
          added: Secondo fattore aggiunto alle impostazioni di accesso
          removed: Secondo fattore rimosso dalle impostazioni di accesso
@@ -921,6 +937,14 @@ EventTypes:
        added: Informativa sulla privacy e termini e condizioni aggiunti
        changed: Informativa sulla privacy e termini e condizioni cambiati
        removed: Informativa sulla privacy e termini e condizioni rimossi
+      domain:
+        added: Aggiunta politica di dominio
+        changed: La politica del dominio è cambiata
+        removed: Politica del dominio rimossa
+      lockout:
+        added: Lockout policy added
+        changed: Lockout policy changed
+        removed: Lockout policy removed
      notification:
        added: Impostazione di notifica creata
        changed: Impostazione di notifica cambiata
@@ -931,6 +955,20 @@ EventTypes:
        cascade:
          removed: Azioni a cascata rimosse
        removed: Azioni rimosse
+      cleared: Il flusso è stato eliminato
+    mail:
+      template:
+        added: Aggiunto modello di posta elettronica
+        changed: Il modello di posta elettronica è stato modificato
+        removed: Modello di posta elettronica rimosso
+      text:
+        added: Aggiunto il testo dell'e-mail
+        changed: Il testo dell'e-mail è stato modificato
+        removed: Testo dell'e-mail rimosso
+    metadata:
+      removed: Metadati rimossi
+      removed.all: Tutti i metadati rimossi
+      set: Insieme di metadati
  project:
    added: Progetto aggiunto
    changed: Progetto cambiato
@@ -1037,7 +1075,11 @@ EventTypes:
      saml:
        config:
          added: Aggiunta la configurazione IDP SAML
-          changed: Configurazione IDP SAML modificata
+          changed: La configurazione dell'IDP SAML è stata modificata
+      jwt:
+        config:
+          added: Aggiunta la configurazione JWT al provider di identità
+          changed: Configurazione JWT dal provider di identità rimossa
    customtext:
      set: Il testo è stato impostato
      removed: Il testo è stato rimosso
@@ -1086,6 +1128,9 @@ EventTypes:
      config:
        added: SMTP configuration added
        changed: SMTP configuration changed
+        activated: Configurazione SMTP attivata
+        deactivated: Configurazione SMTP disattivata
+        removed: Configurazione SMTP rimossa
        password:
          changed: SMTP configuration secret changed
    sms:
@@ -1100,6 +1145,8 @@ EventTypes:
          deactivated: Provider SMS Twilio disattivato
  key_pair:
    added: Keypair aggiunto
+    certificate:
+      added: Certificato aggiunto
  action:
    added: Azione aggiunta
    changed: Azione cambiata
@@ -1112,6 +1159,134 @@ EventTypes:
    deactivated: Schema utente disattivato
    reactivated: Schema utente riattivato
    deleted: Schema utente eliminato
+  instance:
+    added: Istanza aggiunta
+    changed: L'istanza è cambiata
+    customtext:
+      removed: Testo personalizzato rimosso
+      set: Set di testo personalizzato
+      template:
+        removed: Modello di testo personalizzato rimosso
+    default:
+      language:
+        set: Lingua predefinita impostata
+      org:
+        set: Insieme di organizzazioni predefinito
+    domain:
+      added: Dominio aggiunto
+      primary:
+        set: Insieme di domini primari
+      removed: Dominio rimosso
+    iam:
+      console:
+        set: Set di applicazioni per console ZITADEL
+      project:
+        set: Set progetto ZITADEL
+    mail:
+      template:
+        added: Aggiunto modello di posta elettronica
+        changed: Il modello di posta elettronica è stato modificato
+      text:
+        added: Aggiunto il testo dell'e-mail
+        changed: Il testo dell'e-mail è stato modificato
+    member:
+      added: Membro dell'istanza aggiunto
+      changed: Il membro dell'istanza è cambiato
+      removed: Membro dell'istanza rimosso
+      cascade:
+        removed: Cascata di membri dell'istanza rimossa
+    notification:
+      provider:
+        debug:
+          fileadded: Aggiunto provider di notifiche di debug dei file
+          filechanged: Il provider delle notifiche di debug dei file è stato modificato
+          fileremoved: Provider di notifiche di debug del file rimosso
+          logadded: Aggiunto provider di notifiche di debug del registro
+          logchanged: Il provider delle notifiche di debug del registro è stato modificato
+          logremoved: Provider di notifiche di debug del registro rimosso
+    oidc:
+      settings:
+        added: Aggiunte impostazioni OIDC
+        changed: Le impostazioni OIDC sono state modificate
+    policy:
+      domain:
+        added: Aggiunta politica di dominio
+        changed: Domain policy changed
+      label:
+        activated: Criterio etichetta attivato
+        added: Aggiunta la politica sull'etichetta
+        assets:
+          removed: Risorsa dalla norma sull'etichetta rimossa
+        changed: La politica sull'etichetta è cambiata
+        font:
+          added: Carattere aggiunto ai criteri di etichetta
+          removed: Carattere rimosso dai criteri di etichetta
+        icon:
+          added: Icona aggiunta al criterio dell'etichetta
+          removed: Icona rimossa dal criterio di etichetta
+          dark:
+            added: Icona aggiunta al criterio dell'etichetta oscura
+            removed: Icona rimossa dal criterio dell'etichetta oscura
+        logo:
+          added: Logo aggiunto alla politica sull'etichetta
+          removed: Logo rimosso dalla politica sull'etichetta
+          dark:
+            added: Logo aggiunto alla politica delle etichette scure
+            removed: Logo rimosso dalla politica delle etichette scure
+      lockout:
+        added: Aggiunta politica di blocco
+        changed: La politica di blocco è cambiata
+      login:
+        added: Criteri di accesso aggiunti
+        changed: La politica di accesso è cambiata
+        idpprovider:
+          added: Provider di identità aggiunto alla policy di accesso
+          cascade:
+            removed: Cascata di provider di identità rimossa dalla policy di accesso
+          removed: Provider di identità rimosso dalla policy di accesso
+        multifactor:
+          added: Multifattore aggiunto alla policy di accesso
+          removed: Multifattore rimosso dalla policy di accesso
+        secondfactor:
+          added: Secondo fattore aggiunto alla politica di accesso
+          removed: Secondo fattore rimosso dalla politica di accesso
+      password:
+        age:
+          added: Aggiunta politica sull'età della password
+          changed: La politica di validità della password è cambiata
+        complexity:
+          added: Aggiunta policy sulla complessità della password
+          changed: Criterio di complessità della password rimosso
+      privacy:
+        added: Aggiunta informativa sulla privacy
+        changed: L'informativa sulla privacy è cambiata
+      security:
+        set: Insieme di politiche di sicurezza
+
+    removed: Istanza rimossa
+    secret:
+      generator:
+        added: Aggiunto generatore segreto
+        changed: Il generatore segreto è cambiato
+        removed: Generatore segreto rimosso
+    sms:
+      configtwilio:
+        activated: Configurazione SMS Twilio attivata
+        added: Aggiunta la configurazione SMS di Twilio
+        changed: La configurazione SMS di Twilio è stata modificata
+        deactivated: Configurazione SMS Twilio disattivata
+        removed: Configurazione SMS di Twilio rimossa
+        token:
+          changed: La configurazione del token di Twilio SMS è stata modificata
+    smtp:
+      config:
+        added: Aggiunta configurazione SMTP
+        changed: La configurazione SMTP è stata modificata
+        activated: Configurazione SMTP attivata
+        deactivated: Configurazione SMTP disattivata
+        password:
+          changed: La password della configurazione SMTP è cambiata
+        removed: Configurazione SMTP rimossa

 Application:
  OIDC:
--- a/internal/static/i18n/ja.yaml
+++ b/internal/static/i18n/ja.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: SMTP構成が見つかりません
    AlreadyExists: すでに存在するSMTP構成です
+    AlreadyDeactivated: SMTP設定はすでに無効化されています
    SenderAdressNotCustomDomain: 送信者アドレスは、インスタンスのカスタムドメインとして構成する必要があります。
  Notification:
    NoDomain: メッセージのドメインが見つかりません
@@ -1117,6 +1118,9 @@ EventTypes:
      config:
        added: SMTP構成の追加
        changed: SMTP構成の変更
+        activated: SMTP設定が有効化されました
+        deactivated: SMTP設定が無効化されました
+        removed: SMTP設定が削除されました
        password:
          changed: SMTP構成シークレットの変更
    sms:
@@ -1262,6 +1266,8 @@ EventTypes:
      config:
        added: SMTP構成の追加
        changed: SMTP構成の変更
+        activated: SMTP設定が有効化されました
+        deactivated: SMTP設定が無効化されました
        password:
          changed: SMTP構成パスワードの変更
        removed: SMTP構成の削除
--- a/internal/static/i18n/mk.yaml
+++ b/internal/static/i18n/mk.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: SMTP конфигурацијата не е пронајдена
    AlreadyExists: SMTP конфигурацијата веќе постои
+    AlreadyDeactivated: SMTP конфигурацијата е веќе деактивирана
    SenderAdressNotCustomDomain: Адресата на испраќачот мора да биде конфигурирана како прилагоден домен на инстанцата.
  Notification:
    NoDomain: Не е пронајден домен за пораката
@@ -1127,6 +1128,9 @@ EventTypes:
      config:
        added: Додадена SMTP конфигурација
        changed: Променета SMTP конфигурација
+        activated: SMTP конфигурацијата е активирана
+        deactivated: SMTP конфигурацијата е деактивирана
+        removed: SMTP конфигурацијата е отстранета
        password:
          changed: Променена тајна на SMTP конфигурација
    sms:
@@ -1271,6 +1275,8 @@ EventTypes:
      config:
        added: Додадена SMTP конфигурација
        changed: Променета SMTP конфигурација
+        activated: SMTP конфигурацијата е активирана
+        deactivated: SMTP конфигурацијата е деактивирана
        password:
          changed: Променета лозинка на SMTP конфигурацијата
        removed: Отстранета SMTP конфигурација
--- a/internal/static/i18n/pl.yaml
+++ b/internal/static/i18n/pl.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: Konfiguracja SMTP nie znaleziona
    AlreadyExists: Konfiguracja SMTP już istnieje
+    AlreadyDeactivated: Konfiguracja SMTP jest już dezaktywowana
    SenderAdressNotCustomDomain: Adres nadawcy musi być skonfigurowany jako domena niestandardowa na instancji.
  Notification:
    NoDomain: Nie znaleziono domeny dla wiadomości
@@ -1128,6 +1129,9 @@ EventTypes:
      config:
        added: Dodano konfigurację SMTP
        changed: Zmieniono konfigurację SMTP
+        activated: Konfiguracja SMTP została aktywowana
+        deactivated: Konfiguracja SMTP dezaktywowana
+        removed: Konfiguracja SMTP została usunięta
        password:
          changed: Zmieniono sekret konfiguracji SMTP
    sms:
@@ -1273,6 +1277,8 @@ EventTypes:
      config:
        added: Konfiguracja SMTP dodana
        changed: Konfiguracja SMTP zmieniona
+        activated: Konfiguracja SMTP została aktywowana
+        deactivated: Konfiguracja SMTP dezaktywowana
        password:
          changed: Hasło konfiguracji SMTP zmienione
        removed: Konfiguracja SMTP usunięta
--- a/internal/static/i18n/pt.yaml
+++ b/internal/static/i18n/pt.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: Configuração de SMTP não encontrada
    AlreadyExists: Configuração de SMTP já existe
+    AlreadyDeactivated: Configuração SMTP já desativada
    SenderAdressNotCustomDomain: O endereço do remetente deve ser configurado como um domínio personalizado na instância.
  Notification:
    NoDomain: Nenhum domínio encontrado para a mensagem
@@ -1122,6 +1123,9 @@ EventTypes:
      config:
        added: Configuração SMTP adicionada
        changed: Configuração SMTP alterada
+        activated: Configuração SMTP ativada
+        deactivated: Configuração SMTP desativada
+        removed: Configuração SMTP removida
        password:
          changed: Segredo da configuração SMTP alterado
    sms:
@@ -1267,6 +1271,8 @@ EventTypes:
      config:
        added: Configuração SMTP adicionada
        changed: Configuração SMTP alterada
+        activated: Configuração SMTP ativada
+        deactivated: Configuração SMTP desativada
        password:
          changed: Senha da configuração SMTP alterada
        removed: Configuração SMTP removida
--- a/internal/static/i18n/ru.yaml
+++ b/internal/static/i18n/ru.yaml
@@ -56,7 +56,8 @@ Errors:
  SMTPConfig:
    NotFound: Конфигурация SMTP не найдена
    AlreadyExists: Конфигурация SMTP уже существует
-    SenderAdressNotCustomDomain: Адрес отправителя должен быть настроен как личный домен в экземпляре
+    AlreadyDeactivated: Конфигурация SMTP уже деактивирована
+    SenderAdressNotCustomDomain: Адрес отправителя должен быть настроен как личный домен на экземпляре.
  Notification:
    NoDomain: Домен не найден
  User:
@@ -1117,6 +1118,9 @@ EventTypes:
      config:
        added: Конфигурация SMTP добавлена
        changed: Конфигурация SMTP изменена
+        activated: Конфигурация SMTP активирована
+        deactivated: Конфигурация SMTP деактивирована
+        removed: Конфигурация SMTP удалена.
        password:
          changed: Ключ конфигурации SMTP изменён
    sms:
@@ -1262,6 +1266,8 @@ EventTypes:
      config:
        added: Конфигурация SMTP добавлена
        changed: Конфигурация SMTP изменена
+        activated: Конфигурация SMTP активирована
+        deactivated: Конфигурация SMTP деактивирована
        password:
          changed: Пароль конфигурации SMTP изменён
        removed: Конфигурация SMTP удалена
--- a/internal/static/i18n/zh.yaml
+++ b/internal/static/i18n/zh.yaml
@@ -56,6 +56,7 @@ Errors:
  SMTPConfig:
    NotFound: 未找到 SMTP 配置
    AlreadyExists: SMTP 配置已存在
+    AlreadyDeactivated: SMTP 配置已停用
    SenderAdressNotCustomDomain: 发件人地址必须在在实例的域名设置中验证。
  Notification:
    NoDomain: 未找到对应的域名
@@ -615,6 +616,7 @@ EventTypes:
    username:
      reserved: 保留用户名
      released: 用户名已发布
+      changed: 用户名已更改
    email:
      reserved: 电子邮件地址已保留
      released: 电子邮件地址已发布
@@ -670,6 +672,10 @@ EventTypes:
        check:
          succeeded: 密码检查成功
          failed: 密码检查失败
+        change:
+          sent: 密码更改已发送
+        hash:
+          updated: 密码哈希已更新
      externallogin:
        check:
          succeeded: 外部登录成功
@@ -773,10 +779,6 @@ EventTypes:
      check:
        succeeded: 密码检查成功
        failed: 密码检查失败
-      change:
-        sent: 密码更改已发送
-      hash:
-        updated: 密码哈希已更新
    phone:
      changed: 更改手机号码
      verified: 验证手机号码
@@ -785,6 +787,7 @@ EventTypes:
      code:
        added: 生成的手机号码验证码
        sent: 发送手机号码验证码
+        removed: 电话号码已删除
    profile:
      changed: 修改用户资料
    address:
@@ -797,8 +800,10 @@ EventTypes:
        check:
          succeeded: MFA OTP 验证成功
          failed: MFA OTP 验证失败
+        init:
+          skipped: 跳过 MFA 初始化
      init:
-        skipped: 跳过 MFA 初始化
+        skipped: 跳过多因素初始化
    signed:
      out: 用户退出登录
    grant:
@@ -816,6 +821,12 @@ EventTypes:
      set: 用户元数据集
      removed: 删除用户元数据
      removed.all: 删除所有用户元数据
+    domain:
+      claimed: 已认领域名
+      claimed.sent: 已发送域声明通知
+    pat:
+      added: 添加个人访问令牌
+      removed: 个人访问令牌已删除
  org:
    added: 添加组织
    changed: 更改组织
@@ -862,6 +873,10 @@ EventTypes:
        config:
          added: 添加 SAML IDP 配置
          changed: 更改 SAML IDP 配置
+      jwt:
+        config:
+          added: 添加了 JWT IDP 配置
+          changed: JWT IDP 配置已更改
    customtext:
      set: 设置自定义文本
      removed: 删除自定义文本
@@ -875,6 +890,8 @@ EventTypes:
        idpprovider:
          added: 添加 IDP 到登录策略
          removed: 从登录策略删除 IDP
+          cascade:
+            removed: 从登录策略中删除了身份提供者级联
        secondfactor:
          added: 添加两步认证到登录策略
          removed: 删除两步认证到登录策略
@@ -918,6 +935,14 @@ EventTypes:
          removed: 从标签策略中删除的资产
      privacy:
        added: 添加隐私政策和服务条款
+        changed: 隐私政策和服务条款已更改
+        removed: 隐私政策和 TOS 已删除
+      domain:
+        added: 添加了域策略
+        changed: 域策略已更改
+        removed: 域策略已删除
+      lockout:
+        added: 添加了锁定策略
        changed: 更改隐私政策和服务条款
        removed: 删除隐私政策和服务条款
      notification:
@@ -930,6 +955,20 @@ EventTypes:
        cascade:
          removed: 删除动作级联
        removed: 删除动作
+      cleared: 流量已清除
+    mail:
+      template:
+        added: 添加了电子邮件模板
+        changed: 电子邮件模板已更改
+        removed: 电子邮件模板已删除
+      text:
+        added: 添加了电子邮件文本
+        changed: 电子邮件文本已更改
+        removed: 电子邮件文本已删除
+    metadata:
+      removed: 电子邮件文本已删除
+      removed.all: 所有元数据已删除
+      set: 元数据集
  project:
    added: 添加项目
    changed: 更改项目
@@ -1037,6 +1076,10 @@ EventTypes:
        config:
          added: 添加 SAML IDP 配置
          changed: 更改 SAML IDP 配置
+      jwt:
+        config:
+          added: 添加了身份提供者的 JWT 配置
+          changed: 身份提供商的 JWT 配置已删除
    customtext:
      set: 设置文本
      removed: 删除文本
@@ -1085,6 +1128,9 @@ EventTypes:
      config:
        added: 添加 SMTP 配置
        changed: 更改 SMTP 配置
+        activated: SMTP 配置已激活
+        deactivated: SMTP 配置已停用
+        removed: SMTP 配置已删除
        password:
          changed: 更改 SMTP 安全设置
    sms:
@@ -1099,6 +1145,8 @@ EventTypes:
          deactivated: 停用 Twilio SMS 提供者
  key_pair:
    added: 添加密钥对
+    certificate:
+      added: 证书已添加
  action:
    added: 添加动作
    changed: 更改动作
@@ -1111,6 +1159,134 @@ EventTypes:
    deactivated: 用户架构已停用
    reactivated: 用户架构已重新激活
    deleted: 用户架构已删除
+  instance:
+    added: 实例已添加
+    changed: 实例已更改
+    customtext:
+      removed: 自定义文本已删除
+      set: 自定义文本集
+      template:
+        removed: 删除了自定义文本模板
+    default:
+      language:
+        set: 默认语言设置
+      org:
+        set: 默认组织集
+    domain:
+      added: 已添加域名
+      primary:
+        set: 主域集
+      removed: 域名已删除
+    iam:
+      console:
+        set: ZITADEL 控制台应用程序集
+      project:
+        set: ZITADEL 项目集
+    mail:
+      template:
+        added: 添加了电子邮件模板
+        changed: 电子邮件模板已更改
+      text:
+        added: 添加了电子邮件文本
+        changed: 电子邮件文本已更改
+    member:
+      added: 已添加实例成员
+      changed: 实例成员发生变化
+      removed: 实例成员已删除
+      cascade:
+        removed: 实例成员级联已删除
+    notification:
+      provider:
+        debug:
+          fileadded: 添加了文件调试通知提供程序
+          filechanged: 文件调试通知提供程序已更改
+          fileremoved: 删除文件调试通知提供程序
+          logadded: 添加了日志调试通知提供程序
+          logchanged: 日志调试通知提供程序已更改
+          logremoved: 日志调试通知提供程序已删除
+    oidc:
+      settings:
+        added: 添加了 OIDC 设置
+        changed: OIDC 设置已更改
+    policy:
+      domain:
+        added: 添加了域策略
+        changed: 域策略已更改
+      label:
+        activated: 标签政策已激活
+        added: 添加了标签策略
+        assets:
+          removed: 已删除标签政策中的资产
+        changed: 标签政策已更改
+        font:
+          added: 添加到标签政策的字体
+          removed: 从标签政策中删除的字体
+        icon:
+          added: 图标已添加到标签策略
+          removed: 图标已从标签政策中删除
+          dark:
+            added: 图标已添加到暗标签政策
+            removed: 图标已从暗标签政策中删除
+        logo:
+          added: 徽标已添加到标签政策中
+          removed: 徽标已从标签政策中删除
+          dark:
+            added: 徽标已添加到暗标签政策中
+            removed: 徽标从暗标签政策中删除
+      lockout:
+        added: 添加了锁定策略
+        changed: 锁定政策已更改
+      login:
+        added: 添加了登录策略
+        changed: 登录政策已更改
+        idpprovider:
+          added: 身份提供商已添加到登录策略中
+          cascade:
+            removed: 身份提供者级联从登录策略中删除
+          removed: 身份提供商已从登录策略中删除
+        multifactor:
+          added: 登录策略中添加了多因素
+          removed: 从登录策略中删除了多因素
+        secondfactor:
+          added: 添加到登录策略的第二个因素
+          removed: 从登录策略中删除了第二个因素
+      password:
+        age:
+          added: 添加了密码年龄策略
+          changed: 密码期限政策已更改
+        complexity:
+          added: 添加了密码复杂性策略
+          changed: 删除了密码复杂性策略
+      privacy:
+        added: 添加了隐私政策
+        changed: 隐私政策已更改
+      security:
+        set: 安全策略集
+
+    removed: 实例已删除
+    secret:
+      generator:
+        added: 添加了秘密生成器
+        changed: 秘密生成器已更改
+        removed: 秘密生成器已移除
+    sms:
+      configtwilio:
+        activated: Twilio SMS 配置已激活
+        added: 添加了 Twilio SMS 配置
+        changed: Twilio SMS 配置已更改
+        deactivated: Twilio SMS 配置已停用
+        removed: Twilio SMS 配置已删除
+        token:
+          changed: Twilio SMS 配置的令牌已更改
+    smtp:
+      config:
+        added: 添加了 SMTP 配置
+        changed: SMTP 配置已更改
+        activated: SMTP 配置已激活
+        deactivated: SMTP 配置已停用
+        password:
+          changed: SMTP 配置密码已更改
+        removed: SMTP 配置已删除

 Application:
  OIDC: