View Source

EmpowerID ships with over 100 email templates for every situation that we have identified that warrants a notification. Many of these must be enabled explicitly.

You can use email test mode to send all email notifications to one email account to ensure that you have them configured correctly before you begin sending them out to users.

To enable email test mode

In the web application, expand Admin, then EmpowerID Servers and Settings, and click EmpowerID System Settings.
Search for "emailtest" and click the Edit button next to EmailTestMode.
In the dialog that appears, change the Value from false to true and click Save.

Do not change the Name field. Changing the Name field disconnects the setting from EmpowerID.
To set the email address to which to send all notifications, click the Edit button next to EmailTestModeGlobalRecipient.
In the dialog that appears, enter the email address in the Value field and click Save.

Do not change the Name field. Changing the Name field disconnects the setting from EmpowerID.

A copy of every email is sent to the email address provided here, even after you turn off test mode. This is a good way to keep an archive of every email.

Message recipients

Onboarding emails are sent to the newly created person, and to the manager specified in the CreatePerson workflow.
Approval emails are sent to the people who run request workflows and, if they are sent for approval, those who approve them.
Password emails, expiration warnings, and other personal notifications are sent to the affected user.
Management role notification emails are sent to people who have management roles that enable them to receive the messages.
- EmpowerID Security Alerts — Allows admin users to receive security event related alerts.
- EmpowerID System Notifications — Allows users to receive alerts concerning EmpowerID system events such as failed jobs.
- Group Membership Change Alerts — Allows admin users to receive notifications of group membership changes.
- Group Owner Notifications — Allows group owners to receive notifications of group membership changes.
  
  To see all Notifications type management roles in the web application, expand Identities and click Management Roles, then click the Type heading twice to sort descending.
  
  You can assign these management roles to any person, business role and location, group, or query-based collection. See Assigning Management Roles for more information.
Dynamic hierarchy alerts, if enabled and if the group is mail-enabled, are sent to the person, management role, or group specified in
- https://sso.empowersso.com/UI/#w/assignpeopletoalerts
- or https://sso.empowersso.com/UI/#w/assignmanagmentrolestoalerts
- or https://sso.empowersso.com/UI/#w/assigngroupstoalerts

Permanent workflows

Permanent workflows trigger some notifications. These workflows are disabled by default.

To access permanent workflows in the web application, expand Admin, then EmpowerID Servers and Settings, and click Permanent Workflows.

EmpowerID 2018 Documentation > EmpowerID Email Overview > perm-workflows.png

Request workflows

A request workflow is one that runs in response to a request by a person. Some request workflows send notifications that are necessary to ensure that EmpowerID runs smoothly. Some have optional approvals that you can enable as workflow parameters.

Here is a list of request workflows with parameters that control notifications, along with their default values. (Twilio notifications are voice messages. For more, see Integrating Twilio.)

Request workflow	Workflow parameter	Default value
TemporaryGroupMembership	ApprovalRequired	true
CreateScheduledCertificationAudit	AuditDeletedNotificationEmailTemplateName	AuditDeletedNotificationEmail
CreateScheduledCertificationAudit	AuditDeletedNotificationManagementRoleName	EmpowerIDSystemNotifications
UpdatePersonBusinessRoles	DisableManagerPreApproval	false
UpdatePersonDirectAssignment	DisableManagerPreApproval	true
UpdatePersonManagementRoles	DisableManagerPreApproval	true
CreatePerson	DisableManagerPreApproval	true
CheckoutSharedCredential	DisablePreApproval	false
DeleteAccountWF	EmailMessageID	3041
SODViolationsExample	EmailMessageID	35
CertificateExpirationNotification	EmailMessageID	3008
NotifyAuditParticipants	EmailTemplateManagersOfPeopleWithUnfinishedTasks	EmailTemplateNameForManagersOfPeopleWithUnfinishedTasks
AddBusinessProcessTaskComment	EmailTemplateName	BusinessProcessTaskComment
NotifyAuditParticipants	EmailTemplateNameForAllAuditParticipants	EmailTemplateNameForAllAuditParticipants
NotifyAuditParticipants	EmailTemplateNameForAnyoneWithUnfinishedTasks	EmailTemplateNameForAnyoneWithUnfinishedTasks
UnreviewedRecertificationTaskNotification	EscalationEmailTemplateName	Reviewer Recertification Escalation Email
CertificateExpirationNotification	LicenseEmailTemplateID	3017
CreatePerson	ManagementRoleIDToEmail	110
HelpdeskPasswordReset	ManagementRoleIDToEmail	110
ResetPassword	ManagementRoleIDToEmail	110
SODViolationsExample	ManagementRoleIDToNotify	110
CertificateExpirationNotification	ManagementRoleIDToNotify	108
UnreviewedRecertificationTaskNotification	NotificationEmailTemplateName	Reviewer Recertification Escalation Email
ElevateMeTemporarily	RetroActiveApprovalRequired	false
ResetPassword	SendAdminNotification	true
SendOTPAnonymous	SendPasswordToEmail	true
PasswordResetCenter	SendPasswordToEmail	false
SendPersonOneTimePassword	SendPasswordToEmail	true
LoginWF	SendPasswordToEmail	true
RegisterAccount	SendPasswordToEmail	true
RegisterAccount	SendPasswordToMobile	false
LoginWF	SendPasswordToMobile	false
SendPersonOneTimePassword	SendPasswordToMobile	true
PasswordResetCenter	SendPasswordToMobile	false
SendOTPAnonymous	SendPasswordToMobile	true
SendOTPAnonymous	SendPasswordToPersonalEmail	true
PasswordResetCenter	SendPasswordToPersonalEmail	false
SendPersonOneTimePassword	SendPasswordToPersonalEmail	true
LoginWF	SendPasswordToPersonalEmail	true
RegisterAccount	SendPasswordToPersonalEmail	true
RegisterAccount	SendPasswordToTwilioSMS	true
LoginWF	SendPasswordToTwilioSMS	true
SendPersonOneTimePassword	SendPasswordToTwilioSMS	true
PasswordResetCenter	SendPasswordToTwilioSMS	false
SendOTPAnonymous	SendPasswordToTwilioSMS	true
SendOTPAnonymous	SendPasswordToTwilioVoiceCall	true
PasswordResetCenter	SendPasswordToTwilioVoiceCall	false
SendPersonOneTimePassword	SendPasswordToTwilioVoiceCall	true
LoginWF	SendPasswordToTwilioVoiceCall	false
RegisterAccount	SendPasswordToTwilioVoiceCall	false
ResetMultiFactor	SendTwilioSMS	true
ResetMultiFactor	SendTwilioVoiceCall	false
CallMe	SendTwilioVoiceCall	true
ResetPassword	SendUserNotification	true
SendPersonOneTimePassword	SMSOTPKeyEntryName	PasswordResetCenterOTPSMSMessage
SendPersonOneTimePassword	TwilioOTPVoiceMessageTemplateName	TwilioOTPVoiceMessage
PasswordResetCenterTOTP	TwilioOTPVoiceMessageTemplateName	TwilioOTPVoiceMessage
PasswordResetCenterOTP	TwilioOTPVoiceMessageTemplateName	TwilioOTPVoiceMessage
PasswordResetCenter	TwilioOTPVoiceMessageTemplateName	TwilioOTPVoiceMessage
RegisterAccount	TwilioOTPVoiceMessageTemplateName	TwilioOTPVoiceMessage
LoginWF	TwilioOTPVoiceMessageTemplateName	TwilioOTPVoiceMessage
PasswordExpirationNotification	UserPasswordExpirationWarningEmailMessageID	1000
CallMe	VoiceMessage	TwilioOTPVoiceMessage

You can schedule re-notifications or manager escalations on individual workflows in the web application. Re-notifications send email to the task owner, and manager escalations send email to the task owner's manager.

Expand Resources and click Workflows. (Search for "notif" to find workflows that specifically send notifications.)
Click a workflow's Display Name, and on the Workflow Details page that appears, click the Edit icon.

On the General tab, you can disable the workflow.
Click the Schedule tab, and in the Task Owner Renotification section, you can enable and schedule re-notifications.
In the Task Owner Manager Renotification section, you can enable and schedule manager notifications.

Email templates

You can find all of EmpowerID's email templates in the database in the EMailMessage table, or in the web application by expanding Admin, then Miscellaneous, and selecting Localized Emails. See Localized Emails for details on how to edit, translate, and create emails.

Email messages fall into several categories.

These emails are sent to people with the indicated management role.

ID	Email template name	Management role	Regarding
3007	Job Failed Alert Message	EmpowerID System Notifications	failed job name, system, server, and exception information
35	SoD Violation Notification	EmpowerID Security Alerts	request that caused a Separation of Duties violation
3005	Group Membership Change Alert Message	Group Membership Change Alerts Group Owner Notifications	accounts added or removed from group

These emails are sent when a new employee is added to the system.

ID	Email template name	Sent to	Request workflow and parameters	Regarding
1014	Manager Preapproval Needed	manager of a new employee	CreatePerson DisableManagerPreApproval ManagementRoleIDToEmail	onboarding request
1023	Validate Email Address	new user	CreatePerson	link to validate email address
1036	Welcome Email for New Person	new user	CreatePerson	login credentials
1037	Person Created Email	manager of a new employee	CreatePerson ManagementRoleIDToEmail	new person information
1050	Password Email to New Person	new user	CreatePerson	new person password

You can enable alerts for Dynamic Group Policies (Hierarchies) when you create them. (They are off by default.)

ID	Email template name	Regarding
1038	Generic Hierarchy Create Group Message	new group created for dynamic hierarchy policy
1039	Generic Hierarchy Delete Group Message	group for dynamic hierarchy policy deleted
1040	Generic Hierarchy Group Membership Changed Message	group membership for dynamic hierarchy policy changed
1043	Generic Hierarchy Create Management Role Message	new management role created for dynamic hierarchy policy
1044	Generic Hierarchy Delete Management Role Message	management role for dynamic hierarchy policy deleted
1045	Generic Hierarchy Management Role Membership Changed Message	management role membership for dynamic hierarchy policy changed
1046	Generic Hierarchy Create Management Role Definition Message	new management role definition created for dynamic hierarchy policy
1047	Generic Hierarchy Delete Management Role Definition Message	management role definition for dynamic hierarchy policy deleted
1048	Generic Hierarchy Create Organization Unit Message	new organization unit created for dynamic hierarchy policy
1049	Generic Hierarchy Delete Organization Unit Message	organization unit for dynamic hierarchy policy deleted

You can control which Dynamic Hierarchy change alert emails are sent in the web application.

Expand Admin, then Policies, and click Dynamic Hierarchies.
Edit each policy and scroll down to the Alerts section.

EmpowerID 2018 Documentation > EmpowerID Email Overview > dynamic-hierarchy-alerts.png

These emails are sent when rights to mailbox changes are detected and synced.

ID	Email template name	Regarding
3003	Exchange Mailbox Permission Sync Receiver Notification	rights assigned to an Exchange mailbox
3010	Office 365 Mailbox Permission Sync Receiver Notification	rights assigned to an Office 365 mailbox

These emails are sent to individuals or their managers.

ID	Email template name	Workflow	Regarding
3008	Certificate Expiration Notification	CertificateExpirationNotification	date certificate will expire
3011	Person Certificate Not Set Up		certificate is not set up
3013	AD Account Expiration Notification Message	ADAccountExpirationNotification	account about to expire
3014	Person Expiration Notification Message	PersonExpirationNotification	person about to expire
3016	Group Membership Expiration Notification Message	GroupMembershipExpirationNotification	group membership has expired
3017	License Expiration Notification	CertificateExpirationNotification	date license will expire
3020	Share External Credentials	AssetAccessRequest	person shared credential with you
3021	Invite User To Join Organization Message	InviteUserToJoinOrganization	link and one-time password to join organization
3022	Create Partner Organization Welcome Email	CreatePartnerOrganizationWorkflow	your organization was created
3024	Delegator Add Email Notification	UpdatePersonDelegates	person was added as a delegate for you
3025	Delegatee Add Email Notification	UpdatePersonDelegates	you were added as a delegate for a person
3026	Delegator Remove Email Notification	RemoveBusinessProcessTaskDelegate	person was removed as a delegate for you
3027	Delegatee Remove Email Notification	RemoveBusinessProcessTaskDelegate	you were removed as a delegate for a person
3028	Delegatee Attestation Email Notification	DelegateTask	person delegated an attestation task to you
3036	Persona Switch Email Notification	LoginWF	person logged into EmpowerID using your identity
3037	Person Enrollment Email Notification	Enrollment	your enrollment was successful
3046	Invite User To Join Organization Using Magic URL	InviteUserToJoinOrganizationPasswordlessLogin	link to complete registration
3053	Invite User To Join Organization Passwordless Login Email	InviteUserToJoinOrganizationPasswordlessLogin	link to passwordless sign-in

This category contains emails that are sent to initiators and approvers of access and assignment requests.

ID	Email template name	Sent to	Regarding
1	To Approver Pending - One Resource	approver	pending approval task for access to one resource
2	To Initiator Approved - One Resource	initiator	access request for one resource is approved
3	To Initiator Rejected - One Resource	initiator	access request for one resource is rejected
4	Initiator Confirmation Screen - One Resource	initiator	submit a request for access to a resource
5	Approver Screen - One Resource	approver	approve a request for access to a resource
6	To Approver Pending - Two Resources	approver	pending approval task for access to two resources
7	To Initiator Approved - Two Resources	initiator	access request for two resources is approved
8	To Initiator Rejected - Two Resources	initiator	access request for two resources is rejected
9	Initiator Confirmation Screen - Two Resources	initiator	submit a request for access to resources
10	Approver Screen - Two Resources	approver	approve a request for access to resources
11	To Approver Pending - Three Resources	approver	pending approval task for access to three resources
12	To Initiator Approved - Three Resources	initiator	access request for three resources is approved
13	To Initiator Rejected - Three Resources	initiator	access request for three resources is rejected
14	Initiator Confirmation Screen - Three Resources	initiator	submit a request for access to resources
15	Approver Screen - Three Resources	approver	approve a request for access to resources
16	To Approver Pending - Management Role Assignment	approver	pending approval task for a management role assignment
17	To Initiator Approved - Management Role Assignment	initiator	management role assignment request is approved
18	To Initiator Rejected - Management Role Assignment	initiator	management role assignment request is rejected
19	Initiator Confirmation Screen - Management Role Assignment	initiator	submit a request for management role assignment
20	Approver Screen - Management Role Assignment	approver	approve a request for assignment to a management role
21	To Approver Pending - Multi Resources and Operations	approver	pending approval task for access to multiple resources and operations
22	To Initiator Approved - Multi Resource and Single Operation	initiator	access request for multiple resources and an operation is approved
23	To Initiator Rejected - Multi Resource and Single Operation	initiator	access request for multiple resources and an operation is rejected
24	To Approver Pending - Multi Resources and Dual Operation	approver	pending approval task for access to multiple resources and two operations
25	To Initiator Approved - Multi Resource and Dual Operation	initiator	access request for multiple resources and two operations is approved
26	To Initiator Rejected - Multi Resource and Dual Operation	initiator	access request for multiple resources and two operations is rejected
27	To Approver Pending - Multi Resources and Triple Operation	approver	pending approval task for access to multiple resources and three operations
28	To Initiator Approved - Multi Resource and Triple Operation	initiator	access request for multiple resources and three operations is approved
29	To Initiator Rejected - Multi Resource and Triple Operation	initiator	access request for multiple resources and three operations is rejected
30	To Approver Pending - Create Application User Request	approver	pending approval task for creation of an application user
31	To Initiator Approved - Create Application User Request	initiator	creation request for an application user is approved
32	To Approver Pending - Create Generic Asset Request	approver	pending approval task for creation of a generic asset
33	To Initiator Approved - Create Generic Asset Request	initiator	creation request for a generic asset is approved

These emails are sent to audit participants and their managers. You can disable these notifications, specify the frequency, and enable escalations when Creating Audits.

You can find more information in Recertification Workflows

ID	Email template name	Sent to	Workflow	Regarding
3031	Email Template Name for All Audit Participants	all audit participants	NotifyAuditParticipants	template that organizations can customize to send a message to all audit participants
3032	Email Template Name for Managers of People with Unfinished Tasks	audit participant managers	NotifyAuditParticipants	template that organizations can customize to send a message to all managers of audit participants with unfinished audit tasks
3033	Email Template Name for Anyone with Unfinished Tasks	audit participant with unfinished tasks	NotifyAuditParticipants	template that organizations can customize to send a message to audit participants with unfinished audit tasks
3034	Reviewer Recertification Notification Email	audit participant with unfinished tasks	UnreviewedRecertificationTaskNotification	list of unreviewed tasks
3035	Reviewer Recertification Escalation Email	audit participant with unfinished tasks	UnreviewedRecertificationTaskNotification	list of unreviewed tasks sent when escalation emails are enabled for an audit
3049	Audit Deleted Notification Email	audit owner	AuditNew	failure to create audit due to missing attestation policy

These emails are sent to managers regarding their direct report employees.

ID	Email template name	Regarding
1012	Remove Person's Application Access	pending approval task for removal of an employee's access to an application
1016	Vacation Request Approval Email	vacation request
1017	Manager Escalation Notification	request by a direct report
3006	Account Locked out Alert Message	account is locked out for a person

This category contains emails which are sent in relation to password changes.

ID	Email template name	Sent to	Workflow	Regarding
36	Helpdesk Password Reset Notification	user	HelpdeskPasswordReset	password was reset by helpdesk
37	Admin Password Reset Notification	administrator	HelpdeskPasswordReset	user's password was reset by helpdesk staff
1000	Password Notification Email Message	user	PasswordExpirationNotification	password will expire
1002	Password Expiration Email Message	user	PasswordExpirationNotification	password expired
1004	Password Expiration Warning 91 Days	user	PasswordExpirationNotification (Schedule tab)	password expired; account will be disabled in nine days if not changed
1006	Password Violation Email Message	user	PasswordExpirationNotification	password expired; account will be disabled in one day if not changed
1008	Password Expiration Account Disabled Email Message	user	PasswordExpirationNotification	account disabled; link to re-enable it
1010	Password Manager Username Recovery	user	HelpdeskPasswordReset	forgotten password; link to reset it
1011	Password Manager Reset Password	new user	CreatePerson	temporary password
1013	Employee New Password	new user's manager	CreatePerson	temporary password for their new employee
3004	Changed Password Alert Message	user	ChangePassword	password change success
3009	Person Locked out Alert Message	user		person has been locked out
3012	Twilio OTP Voice Message	user	PasswordResetCenterOTP	voice delivery of one-time password using Twilio
3039	Passwordless Login Email Template	user	PasswordResetCenterOTP	forgotten password; link to log in without a password
3042	OTP Email Message	user	PasswordResetCenterOTP	one-time password
3054	Google Oath Token Template	user	CreateTOTPToken	one-time password software token for Google Authenticator and instructions
3055	EmpowerID Oath Token Template	user	CreateTOTPToken	one-time password software token for EmpowerID Authenticator and instructions

concepts:

Overview of the EmpowerID Identity Warehouse

Overview of Inventory

Account Inbox Overview

Overview of Attribute Flow

Overview of Projection and Enforcement

tasks:

Managing User Accounts and Groups

In this article