Available Email Templates
SailPoint provides default email templates for each notification which you can customize for your business needs.
Template List
The table below shows the available email templates. Select a template name in the table to view the default template contents and the list of its notification-specific variables. Also note the global variables available for use in the templates.
| Template | Description |
|---|---|
| Access Profile Owner Approval Notification | Sent to access profile owners when their access profile is granted to a user as a result of a role request. |
| Access Request Cancelled | Sent to users when a pending access request is canceled before it has been approved and provisioned. |
| Access Request Decision | Sent to a user to notify them whether their request for an app was approved or denied. |
| Access Request Decision for Other | Sent to a user when access was requested for them by another user, and the reviewer of that request has made a decision. |
| Access Request Reassignment | Sent to a reviewer when they have had access requests reassigned to them. |
| Access Request Reviewer | Sent to each access reviewer who needs to review an access request. |
| Access Request Submitted Email For Requester After Validation | Notifies a requester of which access requests were successfully submitted and which failed during the validation process. |
| Access Request Failed - Multiple Accounts | Notifies a requester that their access request failed because the selected identity has multiple accounts on the source. |
| Access Request for Other | Sent to users when access was requested for them by another user. |
| Access Request for Self | Sent to users to confirm that they've successfully submitted an access request for themselves. |
| Access Revoke Approval Reassignment | Notifies a user when an access revoke request has been reassigned to them. |
| Access Revoke Request Decision Email For Requested-For Identity | Notifies a user when a reviewer has made a decision on their access in an access revoke request. |
| Access Revoke Request Decision For Requester | Notifies a requester when a user has reviewed their access revoke request. |
| Access Revoke Request Reviewer | Notifies a user that they have an access revoke request to review. |
| Access Revoke Request Submitted For Requested-For Identity | Sent to the identity whose access is being reviewed in an access revoke request. |
| Access Revoke Request Submitted For Requester Identity | Notifies a user that they successfully submitted an access revoke request. |
| Access Sunset Date Reminder | Sent to a user to remind them that their access to an item is coming to an end. |
| App Password Changed | Only used if pass-through authentication is configured. Sent when a user changes their login password, or the password for any app or direct connect source connected to the source used for pass-through authentication. |
| Application Health | Sent when an application changes status. This is a system notification email. |
| Campaign Template Pre-Generation Notification | Sent to the person who created a scheduled certification campaign 1 week prior to the scheduled generation date. |
| Certification | Sent to reviewers whenever a certification campaign is created. |
| Certification Due | Sent to certification reviewers one week after a certification campaign starts and every seven days after that, until they sign off or the campaign ends. |
| Certification Reassignment | Notifies a reviewer when they have been reassigned identities from an existing certification. |
| Forgot User Name | Sent when a user selects Forgot User Name on the Sign In page and then supplies an email address that is valid for their account. |
| Helpdesk Password Reset | Sent when a user requests a password reset via email. |
| Identity Errors | Sent when identity processing causes 5% or more of identities to be in an error state. This is a system notification email. |
| Lifecycle State Change | Sent to select users when an identity's lifecycle state changes. |
| New Account Provisioned | Sent to a user when an account is created on a source for them. |
| Non-Employee Account Request Result | Sent to an account manager when all applicable account reviewers have made a decision about a non-employee account, to confirm that their account request was either approved or denied. |
| Non-Employee Account Review | Sent to the account reviewers to notify them that a request needs their attention, after a new non-employee account request is submitted. |
| Non-Employee Account Upload Failed | Sent to the user who initiated the upload request when a non-employee account upload incurs an error. |
| Non-Employee Account Upload Succeeded | Sent to the user who initiated the upload request when a non-employee account upload completes successfully. |
| Non-Employee End Date Reminder | Sent to the account managers for a non-employee source when one or more of the non-employees on that source has an end date in 7 days. |
| Non-Employee Request Created | Sent to a non-employee account manager to confirm that their request for a new account for a non-employee was submitted. |
| Password Expiration | Sent when a user's password is about to expire or has expired. |
| Password Reset Code | Sent when a user requests a password reset code via email. |
| Pending Manual Changes | Sent to source owners when an account change is needed on a source that requires manual provisioning. |
| Pending Task Daily Digest | If enabled, sent to users daily when they have incomplete tasks in their Task Manager. |
| Preference Update | Sent whenever a user’s authentication settings, like phone number or answers to security questions, change. |
| SoD Policy Scheduled Evaluation | Sent to remediators or notification recipients for SoD Policies. |
| Source Health | Sent when a source changes status. This is a system notification email. |
| Strong Authentication | Sent when a user wants to use strong authentication when using an email. |
| Subscription Notification | Sent to subscribers when a scheduled search is run. |
| Task Reassignment | Sent when a user reassigns a provisioning task for a different user to complete. |
| Unlock User Code | Sent when a user selects Unlock on the Sign In page to provide a code that is used to unlock the account. |
| User Invitations | Sent to invite a user to use IdentityNow. |
| User Locked Out | Notifies a user that their account has been locked out due to too many failed sign in attempts. |
| User Password Changed | Sent when a user from any app or source that does not use pass-through authentication changes their IdentityNow password. |
| User Unlocked | Sent after the Unlock User Code email to confirm that the account was unlocked successfully. |
| User Verification Token | Sent when an administrator or Helpdesk admin initiates a reset of a user's SailPoint password or their password for a source. |
| Virtual Appliance Health | Sent when a virtual appliance changes status. This is a system notification email. |
| Work Reassignment Created | Sent to the user whose work is being reassigned and the user receiving the work when a new work reassignment configuration is created. |
| Work Reassignment Updated | Sent to the user whose work is being reassigned and the user receiving the work when a new work reassignment configuration is created that overrides an existing work reassignment. |
Global Variables - Version 1 and 2 Templates
In addition to notification-specific variables, IdentityNow provides a common set of global variables to email notifications. IdentityNow’s notification process is undergoing a migration, so each template is classified as version 1 or version 2. The two groups have access to different sets of global variables.
Version 1 Templates
Most email templates are version 1 templates. Version 1 email templates can use the following global variables.
| Name | Description | Attributes or Functions |
|---|---|---|
| user | The email recipient's identity data | Any attribute of the identity including, but not limited to, name, alias, firstname, lastname, displayName, uid, manager, phone, workPhone |
| identityNowUrl | URL to the IdentityNow homepage | N/A |
| PRODUCT_NAME | The name of the product | N/A |
| spTools | SailPoint utility class to support date formatting | formatDate() |
SPTools Date Formatting
When a version 1 email template is provided a date variable, you can use the spTools.formatDate() function to define how the date is printed in the email. You can pass in different arguments to specify the formatting in different ways.
Note
The variable used in the examples below, $certification.expiration, is taken from the Certification email template. The examples illustrate how to use the formatDate() function to print it in various formats.
| Arguments | Example | Return Value |
|---|---|---|
| Date | $spTools.formatDate($certification.expiration) |
The date-time in short format (all numeric). Example: 12/13/22 3:30 PM |
| Date, format string | $spTools.formatDate($certification.expiration, "MM/dd/yyyy HH:mm") |
The date-time formatted in the Java date pattern specified. Example:12/13/2022 15:30 |
| Date, date style, time style | $spTools.formatDate($certification.expiration,3,1) |
The date-time formatted for the specified style numbers (see below). Example:12/13/22 3:30:26 PM GMT |
Syntax Requirements:
- In all cases, both the spTools variable and the date variable must be prefixed with the $ symbol.
- When using the format string option, the pattern must be specified in quotes.
-
When using the date and time styles, specify the styles as integers from 0 to 3, as follows:
Integer Meaning Examples 0 full format Tuesday, December 13, 2022 and
3:30:26 PM Grenwich Mean Time1 long format December 13, 2022 and 3:30:26 PM GMT 2 medium format Dec 13, 2022 and 3:30:26 PM 3 short format 12/13/22 and 3:30 PM
Version 2 Templates
The version 2 templates are:
- All Non-employee email templates
- Campaign Template Pre-Generation Notification
- Pending Task Daily Digest
- Work Reassignment templates
Version 2 email template contents can be up to 135kb.
Version 2 templates can use the following global variables. The first three provide system data to the templates while the other three provide functions that template authors can use for customizations. Note that all of these variable names start with a double underscore.
| Name | Description | Attributes or Functions |
|---|---|---|
| __global | General system variables | productName, emailFromAddress |
| __recipient | Abbreviated set of identity data for the email recipient | name, id, email, phone |
| __contentJson | A JSON representation of the event which caused this notification | Varies per event/template |
| __dateTool | VelocityTools class for date calculation and formatting | Refer to DateTool documentation |
| __numberTool | VelocityTools class for number formatting | Refer to NumberTool documentation |
| __util | SailPoint utility class to support data retrieval | getUser(), getObjectByJsonPath() |
Note
Some variables in the default text for version 2 templates begin with a single underscore (_variableName). This naming convention was adopted to denote calculated variables in these templates, but use of that notation in your custom template text is optional.
Util Functions
In the version 2 templates, you can use the $__util variable to access data through these utility class functions.
| Function | Arguments | Returns |
|---|---|---|
| getUser() | An identity ID (a system-generated unique identifier) | An object representation of the user, containing its ID, name, email, and phone attributes |
| getObjectByJsonPath() | two arguments: a variable containing a JSON blob and a JSONPath expression | The value from the JSON variable corresponding to the JSONPath location |
For example, the email template lines below would (1) retrieve a request approver's ID from the JSON provided to the email template in the $__contentJson variable, (2) use that to retrieve user data about the approver such as their name and email address, and (3) print that information into the email message.
#set($approverId = $__util.getObjectByJsonPath($__contentJson, '$.data.approvalItems[*].approver.id'))#set($approver = $__util.getUser($approverId))The request is awaiting approval by $approver.name.