EmpowerID ships with over 100 email templates for every situation that we have identified that warrants a notification. Many of these must be enabled explicitly. Notification types and message recipients can include the following:
Onboarding emails are sent to the newly created person, and to the manager specified in the CreatePerson workflow.
Approval emails are sent to the people who run request workflows and, if they are sent for approval, those who approve them.
Password emails, expiration warnings, and other personal notifications are sent to the affected user.
Management role notification emails are sent to people who have Management Roles that enable them to receive the messages.
EmpowerID Security Alerts are sent to admin users for security event related alerts.
EmpowerID System Notifications are sent to admin users about alerts related to EmpowerID system events, such as failed jobs.
Group Membership Change Alerts are sent to admin users about group membership changes.
Group Owner Notifications are sent to group owners about group membership changes.
Dynamic hierarchy alerts, if enabled and if the group is mail-enabled, are sent to the following:
People set in the AssignPeopleToAlerts workflow, accessible at https://<EmpowerID_Web_Server>/UI/#w/assignpeopletoalerts
Management Roles set in the AssignManagementRolesToAlerts workflow, accessible at https://<EmpowerID_Web_Server>/UI/#w/assignmanagementrolestoalerts
Groups set in the AssignGroupsToAlerts workflow, accessible at https://<EmpowerID_Web_Server/UI/#w/assigngroupstoalerts
Permanent workflows
Permanent workflows trigger some notifications. These workflows are disabled by default.
To access permanent workflows from the navbar, expand Infrastructure Admin, then EmpowerID Servers and Settings, and click Permanent Workflows.
Request workflows
A request workflow is a representation of an EmpowerID workflow that runs when initiated by a person. Some request workflows send notifications that are necessary to ensure that EmpowerID runs smoothly. Some have optional approvals that you can enable as workflow parameters. These workflows include those listed in the below table.
View the workfows
Here is a list of request workflows with parameters that control notifications, along with their default values. (Twilio notifications are voice messages. For more, see Integrating Twilio.)
Request Workflow | Workflow Parameter | Default Value |
TemporaryGroupMembership | | |
CreateScheduledCertificationAudit | | |
UpdatePersonBusinessRoles | | |
UpdatePersonDirectAssignment | | |
UpdatePersonManagementRoles | | |
CreatePerson | | |
CheckoutSharedCredential | | |
DeleteAccountWF | | |
SODViolationsExample | | |
CertificateExpirationNotification | EmailMessageID LicenseEmailTemplateID ManagementRoleIDToNotify
| |
AddBusinessProcessTaskComment | | |
NotifyAuditParticipants | EmailTemplateNameForAllAuditParticipants EmailTemplateNameForAnyoneWithUnfinishedTasks EmailTemplateManagersOfPeopleWithUnfinishedTasks
| EmailTemplateNameForAllAuditParticipants EmailTemplateNameForAnyoneWithUnfinishedTasks EmailTemplateNameForManagersOfPeopleWithUnfinishedTasks
|
UnreviewedRecertificationTaskNotification | | |
HelpdeskPasswordReset | | |
ResetPassword | ManagementRoleIDToEmail SendAdminNotification SendUserNotification
| |
SODViolationsExample | | |
UnreviewedRecertificationTaskNotification | | |
ElevateMeTemporarily | | |
SendOTPAnonymous | | |
PasswordResetCenter | SendPasswordToEmail SendPasswordToMobile SendPasswordToPersonalEmail SendPasswordToTwilioSMS SendPasswordToTwilioVoiceCall TwilioOTPVoiceMessageTemplateName
| false false false false false TwilioOTPVoiceMessage
|
LoginWF | SendPasswordToEmail SendPasswordToMobile SendPasswordToPersonalEmail SendPasswordToTwilioSMS TwilioOTPVoiceMessageTemplateName SendPasswordToTwilioVoiceCall TwilioOTPVoiceMessageTemplateName
| true false true true TwilioOTPVoiceMessage false TwilioOTPVoiceMessage
|
RegisterAccount | SendPasswordToEmail SendPasswordToMobile SendPasswordToPersonalEmail SendPasswordToTwilioSMS SendPasswordToTwilioVoiceCall TwilioOTPVoiceMessageTemplateName
| true false true true true TwilioOTPVoiceMessage
|
SendPersonOneTimePassword | SendPasswordToMobile SendPasswordToPersonalEmail SendPasswordToTwilioSMS SendPasswordToTwilioVoiceCall SendPasswordToEmail SMSOTPKeyEntryName TwilioOTPVoiceMessageTemplateName
| |
PasswordResetCenterTOTP | | TwilioOTPVoiceMessage TwilioOTPVoiceMessage
|
ResetMultiFactor | SendTwilioSMS SendTwilioVoiceCall
| |
PasswordExpirationNotification | | |
CallMe | SendTwilioVoiceCall VoiceMessage
| true TwilioOTPVoiceMessage
|
You can schedule re-notifications or manager escalations on individual workflows. Re-notifications send emails to the task owner, and manager escalations send emails to the task owner's manager.
To access request workflows from the navbar, expand Object Administration and click Workflows.
Search for "notification" to find workflows that specifically send notifications.
Click a workflow's Display Name link, and on the Workflow Details page that appears, click the Edit icon.
Click the Schedule tab, and in the Task Owner Renotification section, you can enable and schedule re-notifications.
In the Task Owner Manager Renotification section, you can enable and schedule manager notifications.
Email templates
You can find all of EmpowerID's email templates in the database in the EMailMessage table, or in the web application by expanding Admin, then Miscellaneous, and selecting Localized Emails. See Localizing Emails for details on how to edit, translate, and create emails.
Email messages fall into several categories.
Management Role Notification Emails
These emails are sent to people with the indicated Management Role
ID | Email Template Name | Management Role | Regarding |
---|
3007 | Job Failed Alert Message | EmpowerID System Notifications | Failed job name, system server and exception information |
35 | SoD Violation Notifcation | EmpowerID Security Alerts | Request that caused a Separation of Duties violation |
3005 | Group Membership Change Alert Message | Group Membership Change Alerts Group Owner Notifications | Accounts added or removed from group |
Onboarding Email Notifications
These emails are sent when a new employee is added to the system.
ID | Email template name | Sent to | Request workflow and parameters | Regarding |
---|
1014 | Manager Preapproval Needed | Manager of a new employee | CreatePerson | Onboarding request |
1023 | Validate Email Address | New user | CreatePerson | Link to validate email address |
1036 | Welcome Email for New Person | New user | CreatePerson | Login credentials |
1037 | Person Created Email | Manager of a new employee | CreatePerson | New person information |
1050 | Password Email to New Person | New user | CreatePerson | New person password |
Dynamic Hierarchy Notification Emails
You can enable alerts for Dynamic Group Management (Hierarchies) when you create them. (They are off by default.)
ID | Email template name | Regarding |
---|
1038 | Generic Hierarchy Create Group Message | new group created for dynamic hierarchy policy |
1039 | Generic Hierarchy Delete Group Message | group for dynamic hierarchy policy deleted |
1040 | Generic Hierarchy Group Membership Changed Message | group membership for dynamic hierarchy policy changed |
1043 | Generic Hierarchy Create Management Role Message | new management role created for dynamic hierarchy policy |
1044 | Generic Hierarchy Delete Management Role Message | management role for dynamic hierarchy policy deleted |
1045 | Generic Hierarchy Management Role Membership Changed Message | management role membership for dynamic hierarchy policy changed |
1046 | Generic Hierarchy Create Management Role Definition Message | new management role definition created for dynamic hierarchy policy |
1047 | Generic Hierarchy Delete Management Role Definition Message | management role definition for dynamic hierarchy policy deleted |
1048 | Generic Hierarchy Create Organization Unit Message | new organization unit created for dynamic hierarchy policy |
1049 | Generic Hierarchy Delete Organization Unit Message | organization unit for dynamic hierarchy policy deleted |
You can enable alerts for Dynamic Group Management (Hierarchies) when you create them. (They are off by default.)
You can control which Dynamic Hierarchy change alert emails are sent by doing the following:
On the navbar, expand Dynamic Groups and click Policies.
Edit each policy and scroll down to the Alerts section.
Mailbox Permission Sync Notification Emails
These emails are sent when rights to mailbox changes are detected and synced.
ID | Email template name | Regarding |
---|
3003 | Exchange Mailbox Permission Sync Receiver Notification | rights assigned to an Exchange mailbox |
3010 | Office 365 Mailbox Permission Sync Receiver Notification | rights assigned to an Office 365 mailbox |
Personal Notification Emails
These emails are sent to individuals or their managers as needed.
ID | Email template name | Workflow | Regarding |
---|
3008 | Certificate Expiration Notification | CertificateExpirationNotification | date certificate will expire |
3011 | Person Certificate Not Set Up |
| certificate is not set up |
3013 | AD Account Expiration Notification Message | ADAccountExpirationNotification | account about to expire |
3014 | Person Expiration Notification Message | PersonExpirationNotification | person about to expire |
3016 | Group Membership Expiration Notification Message | GroupMembershipExpirationNotification | group membership has expired |
3017 | License Expiration Notification | CertificateExpirationNotification | date license will expire |
3020 | Share External Credentials | AssetAccessRequest | person shared credential with you |
3021 | Invite User To Join Organization Message | InviteUserToJoinOrganization | link and one-time password to join organization |
3022 | Create Partner Organization Welcome Email | CreatePartnerOrganizationWorkflow | your organization was created |
3024 | Delegator Add Email Notification | UpdatePersonDelegates | person was added as a delegate for you |
3025 | Delegatee Add Email Notification | UpdatePersonDelegates | you were added as a delegate for a person |
3026 | Delegator Remove Email Notification | RemoveBusinessProcessTaskDelegate | person was removed as a delegate for you |
3027 | Delegatee Remove Email Notification | RemoveBusinessProcessTaskDelegate | you were removed as a delegate for a person |
3028 | Delegatee Attestation Email Notification | DelegateTask | person delegated an attestation task to you |
3036 | Persona Switch Email Notification | LoginWF | person logged into EmpowerID using your identity |
3037 | Person Enrollment Email Notification | Enrollment | your enrollment was successful |
3046 | Invite User To Join Organization Using Magic URL | InviteUserToJoinOrganizationPasswordlessLogin | link to complete registration |
3053 | Invite User To Join Organization Passwordless Login Email | InviteUserToJoinOrganizationPasswordlessLogin | link to passwordless sign-in |
Approval Emails
This category contains emails that are sent to initiators and approvers of access and assignment requests.
ID | Email template name | Sent to | Regarding |
---|
1 | To Approver Pending - One Resource | approver | pending approval task for access to one resource |
2 | To Initiator Approved - One Resource | initiator | access request for one resource is approved |
3 | To Initiator Rejected - One Resource | initiator | access request for one resource is rejected |
4 | Initiator Confirmation Screen - One Resource | initiator | submit a request for access to a resource |
5 | Approver Screen - One Resource | approver | approve a request for access to a resource |
6 | To Approver Pending - Two Resources | approver | pending approval task for access to two resources |
7 | To Initiator Approved - Two Resources | initiator | access request for two resources is approved |
8 | To Initiator Rejected - Two Resources | initiator | access request for two resources is rejected |
9 | Initiator Confirmation Screen - Two Resources | initiator | submit a request for access to resources |
10 | Approver Screen - Two Resources | approver | approve a request for access to resources |
11 | To Approver Pending - Three Resources | approver | pending approval task for access to three resources |
12 | To Initiator Approved - Three Resources | initiator | access request for three resources is approved |
13 | To Initiator Rejected - Three Resources | initiator | access request for three resources is rejected |
14 | Initiator Confirmation Screen - Three Resources | initiator | submit a request for access to resources |
15 | Approver Screen - Three Resources | approver | approve a request for access to resources |
16 | To Approver Pending - Management Role Assignment | approver | pending approval task for a management role assignment |
17 | To Initiator Approved - Management Role Assignment | initiator | management role assignment request is approved |
18 | To Initiator Rejected - Management Role Assignment | initiator | management role assignment request is rejected |
19 | Initiator Confirmation Screen - Management Role Assignment | initiator | submit a request for management role assignment |
20 | Approver Screen - Management Role Assignment | approver | approve a request for assignment to a management role |
21 | To Approver Pending - Multi Resources and Operations | approver | pending approval task for access to multiple resources and operations |
22 | To Initiator Approved - Multi Resource and Single Operation | initiator | access request for multiple resources and an operation is approved |
23 | To Initiator Rejected - Multi Resource and Single Operation | initiator | access request for multiple resources and an operation is rejected |
24 | To Approver Pending - Multi Resources and Dual Operation | approver | pending approval task for access to multiple resources and two operations |
25 | To Initiator Approved - Multi Resource and Dual Operation | initiator | access request for multiple resources and two operations is approved |
26 | To Initiator Rejected - Multi Resource and Dual Operation | initiator | access request for multiple resources and two operations is rejected |
27 | To Approver Pending - Multi Resources and Triple Operation | approver | pending approval task for access to multiple resources and three operations |
28 | To Initiator Approved - Multi Resource and Triple Operation | initiator | access request for multiple resources and three operations is approved |
29 | To Initiator Rejected - Multi Resource and Triple Operation | initiator | access request for multiple resources and three operations is rejected |
30 | To Approver Pending - Create Application User Request | approver | pending approval task for creation of an application user |
31 | To Initiator Approved - Create Application User Request | initiator | creation request for an application user is approved |
32 | To Approver Pending - Create Generic Asset Request | approver | pending approval task for creation of a generic asset |
33 | To Initiator Approved - Create Generic Asset Request | initiator | creation request for a generic asset is approved |
Recertification Emails
These emails are sent to audit participants and their managers. You can disable these notifications, specify the frequency, and enable escalations when Creating Audits.
You can find more information in Recertification Permanent Workflows
ID | Email template name | Sent to | Workflow | Regarding |
---|
3031 | Email Template Name for All Audit Participants | all audit participants | NotifyAuditParticipants | template that organizations can customize to send a message to all audit participants |
3032 | Email Template Name for Managers of People with Unfinished Tasks | audit participant managers | NotifyAuditParticipants | template that organizations can customize to send a message to all managers of audit participants with unfinished audit tasks |
3033 | Email Template Name for Anyone with Unfinished Tasks | audit participant with unfinished tasks | NotifyAuditParticipants | template that organizations can customize to send a message to audit participants with unfinished audit tasks |
3034 | Reviewer Recertification Notification Email | audit participant with unfinished tasks | UnreviewedRecertificationTaskNotification | list of unreviewed tasks |
3035 | Reviewer Recertification Escalation Email | audit participant with unfinished tasks | UnreviewedRecertificationTaskNotification | list of unreviewed tasks sent when escalation emails are enabled for an audit |
3049 | Audit Deleted Notification Email | audit owner | AuditNew | failure to create audit due to missing attestation policy |
Direct Report Email Notifications
These emails are sent to managers regarding their direct report employees.
ID | Email template name | Regarding |
---|
1012 | Remove Person's Application Access | pending approval task for removal of an employee's access to an application |
1016 | Vacation Request Approval Email | vacation request |
1017 | Manager Escalation Notification | request by a direct report |
3006 | Account Locked out Alert Message | account is locked out for a person |
Password Related Email Notifications
This category contains emails that are sent in relation to password changes.
ID | Email template name | Sent to | Workflow | Regarding |
---|
36 | Helpdesk Password Reset Notification | user | HelpdeskPasswordReset | password was reset by helpdesk |
37 | Admin Password Reset Notification | administrator | HelpdeskPasswordReset | user's password was reset by helpdesk staff |
1000 | Password Notification Email Message | user | PasswordExpirationNotification | password will expire |
1002 | Password Expiration Email Message | user | PasswordExpirationNotification | password expired |
1004 | Password Expiration Warning 91 Days | user | PasswordExpirationNotification (Schedule tab) | password expired; account will be disabled in nine days if not changed
|
1006 | Password Violation Email Message | user | PasswordExpirationNotification | password expired; account will be disabled in one day if not changed |
1008 | Password Expiration Account Disabled Email Message | user | PasswordExpirationNotification | account disabled; link to re-enable it |
1010 | Password Manager Username Recovery | user | HelpdeskPasswordReset | forgotten password; link to reset it |
1011 | Password Manager Reset Password | new user | CreatePerson | temporary password |
1013 | Employee New Password | new user's manager | CreatePerson | temporary password for their new employee |
3004 | Changed Password Alert Message | user | ChangePassword | password change success |
3009 | Person Locked out Alert Message | user |
| person has been locked out |
3012 | Twilio OTP Voice Message | user | PasswordResetCenterOTP | voice delivery of one-time password using Twilio |
3039 | Passwordless Login Email Template | user | PasswordResetCenterOTP | forgotten password; link to log in without a password |
3042 | OTP Email Message | user | PasswordResetCenterOTP | one-time password |
3054 | Google Oath Token Template | user | CreateTOTPToken | one-time password software token for Google Authenticator and instructions |
3055 | EmpowerID Oath Token Template | user | CreateTOTPToken | one-time password software token for EmpowerID Authenticator and instructions |