Available Email Templates
SailPoint provides default email templates for each notification which you can customize for your business needs.
The table below shows the available email templates. Select a template name in the table to view the default template contents and the list of its notification-specific variables. Also note the global variables available for use in the templates.
|Access End Date Modified
|Sent to a user when their access expiration date has changed.
|Access Profile Cleanup Notification
|Sent to a user when their access profiles change due to deleted entitlements on the source.
|Access Profile Owner Approval Notification
|Sent to access profile owners when their access profile is granted to a user as a result of a role request.
|Access Request Cancelled
|Sent to users when a pending access request is canceled before it has been approved and provisioned.
|Access Request Decision
|Sent to a user to notify them whether their request for an app was approved or denied.
|Access Request Decision for Other
|Sent to a user when access was requested for them by another user, and the reviewer of that request has made a decision.
|Access Request for Identity with Multiple Accounts Failed
|Sent to the requester if their access request failed because the user they requested access for has multiple accounts on the source.
|Access Request for Other
|Sent to users when access was requested for them by another user.
|Access Request Reassignment
|Sent to a reviewer when they have had access requests reassigned to them.
|Access Request Reviewer
|Sent to each access reviewer who needs to review an access request.
|Access Request Submitted Email for Requester After Validation
|Notifies a requester of which access requests were successfully submitted and which failed during the validation process.
|Access Revoke Approval Reassignment
|Notifies a user when an access revoke request has been reassigned to them.
|Access Revoke Request Decision Email for Requested-For Identity
|Notifies a user when a reviewer has made a decision on their access in an access revoke request.
|Access Revoke Request Decision for Requester
|Notifies a requester when a user has reviewed their access revoke request.
|Access Revoke Request Reviewer
|Notifies a user that they have an access revoke request to review.
|Access Revoke Request Submitted for Requested-For Identity
|Sent to the identity whose access is being reviewed in an access revoke request.
|Access Revoke Request Submitted for Requester Identity
|Notifies a user that they successfully submitted an access revoke request.
|Access Sunset Date Reminder
|Sent to a user to remind them that their access to an item is coming to an end.
|Account Password Reset
|Sent when a user requests a password reset via email.
|App Password Changed
|Only used if pass-through authentication is configured. Sent when a user changes their login password, or the password for any app or direct connect source connected to the source used for pass-through authentication.
|Sent when an application changes status. This is a system notification email.
|Campaign Template Pre-Generation Notification
|Sent to the person who created a scheduled certification campaign 1 week prior to the scheduled generation date.
|Sent to reviewers whenever a certification campaign is created.
|Sent to certification reviewers one week after a certification campaign starts and every seven days after that, until they sign off or the campaign ends.
|Notifies a reviewer when they have been reassigned identities from an existing certification.
|Forgot User Name
|Sent when a user selects Forgot User Name on the Sign In page and then supplies an email address that is valid for their account.
|Sent when identity processing causes 5% or more of identities to be in an error state. This is a system notification email.
|Lifecycle State Change
|Sent to selected users when an identity's lifecycle state changes.
|New Account Provisioned
|Sent to a user when an account is created on a source for them.
|Non-Employee Account Request Result
|Sent to an account manager when all applicable account reviewers have made a decision about a non-employee account, to confirm that their account request was either approved or denied.
|Non-Employee Account Review
|Sent to the account reviewers to notify them that a request needs their attention, after a new non-employee account request is submitted.
|Non-Employee Account Upload Failed
|Sent to the user who initiated the upload request when a non-employee account upload incurs an error.
|Non-Employee Account Upload Succeeded
|Sent to the user who initiated the upload request when a non-employee account upload completes successfully.
|Non-Employee End Date Reminder
|Sent to the account managers for a non-employee source when one or more of the non-employees on that source has an end date in 7 days.
|Onboarding Password Reset
|Sent to a user to prompt them to set their first IdentityNow password.
|Non-Employee Request Created
|Sent to a non-employee account manager to confirm that their request for a new account for a non-employee was submitted.
|Sent when a user's password is about to expire or has expired.
|Password Reset Code
|Sent when a user requests a password reset code via email.
|Pending Manual Changes
|Sent to source owners when an account change is needed on a source that requires manual provisioning.
|Pending Task Daily Digest
|If enabled, sent to users daily when they have incomplete tasks in their Task Manager.
|Sent whenever a user’s authentication settings, like phone number or answers to security questions, change.
|Remediation Work Item
|Sent to a user when a new remediation work item has been assigned to them.
|SoD Exception Expiration
|Sent to a user to notify them when their exception to an SoD policy is ending.
|SoD Policy Scheduled Evaluation
|Sent to remediators or notification recipients for SoD Policies.
|Sent when a source changes status. This is a system notification email.
|Sent when a user wants to use strong authentication when using an email.
|Sent to subscribers when a scheduled search is run.
|Sent when a user reassigns a provisioning task for a different user to complete.
|Unlock User Code
|Sent when a user selects Unlock on the Sign In page to provide a code that is used to unlock the account.
|Sent to invite a user to your SailPoint products.
|User Locked Out
|Notifies a user that their account has been locked out due to too many failed sign in attempts.
|User Password Changed
|Sent when a user from any app or source that does not use pass-through authentication changes their IdentityNow password.
|Sent after the Unlock User Code email to confirm that the account was unlocked successfully.
|User Verification Token
|Sent when an administrator or Helpdesk admin initiates a reset of a user's SailPoint password or their password for a source.
|Virtual Appliance Health
|Sent when a virtual appliance changes status. This is a system notification email.
|Work Reassignment Created
|Sent to the user whose work is being reassigned and the user receiving the work when a new work reassignment configuration is created.
|Work Item Forward
|Sent to the user whose work is being forwarded and the user receiving the forwarded work assignment.
|Work Reassignment Updated
|Sent to the user whose work is being reassigned and the user receiving the work when a new work reassignment configuration is created that overrides an existing work reassignment.
Global Variables - Version 1 and 2 Templates
In addition to notification-specific variables, IdentityNow provides a common set of global variables to email notifications. IdentityNow’s notification process is undergoing a migration, so each template is classified as version 1 or version 2. The two groups have access to different sets of global variables.
Version 1 Templates
Most email templates are version 1 templates. Version 1 email templates can use the following global variables.
|Attributes or Functions
|The email recipient's identity data
|Any attribute of the identity including, but not limited to, name, alias, firstname, lastname, displayName, uid, manager, phone, workPhone
|URL to the IdentityNow homepage
|The name of the product
|SailPoint utility class to support date formatting
SPTools Date Formatting
When a version 1 email template is provided a date variable, you can use the spTools.formatDate() function to define how the date is printed in the email. You can pass in different arguments to specify the formatting in different ways.
The variable used in the examples below, $certification.expiration, is taken from the Certification email template. The examples illustrate how to use the
formatDate() function to print it in various formats.
|The date-time in short format (all numeric).
Example: 12/13/22 3:30 PM
|Date, format string
$spTools.formatDate($certification.expiration, "MM/dd/yyyy HH:mm")
|The date-time formatted in the Java date pattern specified.
|Date, date style, time style
|The date-time formatted for the specified style numbers (see below).
Example:12/13/22 3:30:26 PM GMT
- In all cases, both the spTools variable and the date variable must be prefixed with the $ symbol.
- When using the format string option, the pattern must be specified in quotes.
When using the date and time styles, specify the styles as integers from 0 to 3, as follows:
Integer Meaning Examples 0 full format Tuesday, December 13, 2022 and
3:30:26 PM Grenwich Mean Time
1 long format December 13, 2022 and 3:30:26 PM GMT 2 medium format Dec 13, 2022 and 3:30:26 PM 3 short format 12/13/22 and 3:30 PM
Version 2 Templates
The version 2 templates are:
- All Non-employee email templates
- Campaign Template Pre-Generation Notification
- Pending Task Daily Digest
- Work Reassignment templates
- User Invitation
Version 2 email template contents can be up to 135kb.
Version 2 templates can use the following global variables. The first three provide system data to the templates while the other three provide functions that template authors can use for customizations. Note that all of these variable names start with a double underscore.
|Attributes or Functions
|General system variables
|Abbreviated set of identity data for the email recipient
|name, id, email, phone
|A JSON representation of the event which caused this notification
|Varies per event/template
|VelocityTools class for date calculation and formatting
|Refer to DateTool documentation
|VelocityTools class for number formatting
|Refer to NumberTool documentation
|SailPoint utility class to support data retrieval
Some variables in the default text for version 2 templates begin with a single underscore (_variableName). This naming convention was adopted to denote calculated variables in these templates, but use of that notation in your custom template text is optional.
Date Tool Formatting
$__dateTool variable is only available in Version 2 templates. To convert date formats, complete the following:
- Convert a date string to a Date object using
- Convert the Date object to a new date string with the desired format.
Date String Conversion
Example template variable provided to template
$exampleDateVariable --has string value→
Convert a date string to a Date object using toDate. The first argument is the date format of the input variable (second argument) set($dateObj = $__dateTool.toDate("yyyy-MM-dd'T'HH:mm:ss", $exampleDateVariable))
Convert that Date object to a new date string with the desired format. The first argument is the desired output format to convert to the Date object to. set ($formattedDate = $__dateTool.format("dd/MM/yyyy", $dateObj))
For more information on date formatting specifications, click here.
In the version 2 templates, you can use the $__util variable to access data through these utility class functions.
|An identity ID (a system-generated unique identifier)
|An object representation of the user, containing its ID, name, email, and phone attributes
|two arguments: a variable containing a JSON blob and a JSONPath expression
|The value from the JSON variable corresponding to the JSONPath location
For example, the email template lines below would (1) retrieve a request approver's ID from the JSON provided to the email template in the $__contentJson variable, (2) use that to retrieve user data about the approver such as their name and email address, and (3) print that information into the email message.
#set($approverId = $__util.getObjectByJsonPath($__contentJson, '$.data.approvalItems[*].approver.id'))
#set($approver = $__util.getUser($approverId))
The request is awaiting approval by $approver.name.