About Email Notifications
You can configure Identity domains if you want them to automatically send email notifications to users and administrators.
An identity domain can automatically send email notifications to users and administrators to alert them to events in their account (for users) or events in the identity domain (administrators). You can choose which notifications to activate for an identity domain. After you choose which notifications to activate, you can customize some features of the email sent for each event type.
The following tables list the types of email notifications that can be automatically sent to users and administrators.
User Email Notifications
| Name | Description |
|---|---|
| Welcome | A user is notified that an administrator created an account for the user. The notification contains a link that the user clicks to activate the account. |
| Self-registration email verification | After a user creates an account successfully through the self-registration process, this notification is sent to the user to verify the user's email address. |
| Self-registration email welcome | After a user creates an account successfully through the self-registration process, this notification is sent to the user to activate the account. |
| Federated SSO user welcome | A federated SSO user is notified that an administrator created an account for the user. The notification contains a link that the user clicks to activate the account. |
| Delegated authentication user welcome | A user whose authentication is delegated is notified that an administrator created an account for the user. The notification contains a link that the user clicks to activate the account. |
| Welcome (resend) | If a user doesn't activate the account using the link provided in the welcome notification, then the administrator can send this notification. The user is notified again that the administrator created the account for the user. The notification contains a link that the user clicks to activate the account. |
| Delegated authentication user welcome (resend) | If a user whose authentication is delegated doesn't activate the account using the link provided in the delegated authentication user welcome notification, then the administrator can send this notification. The user is notified again that the administrator created the account for the user. The notification contains a link that the user clicks to activate the account. |
| Password recovery | This notification is sent to a user if the user requests a password reset. This notification contains a URL that the user clicks to be redirected to the Password Reset page. The user provides a password as part of the password recovery process. After the recovery process is complete, the user is logged in automatically. |
| Recovery email verification | After a user changes their password recovery email address, this notification is sent to the user to verify the address. |
| Primary email verification | After a user changes their primary email address, this notification is sent to the user to verify the address. |
| Secondary email verification | After a user changes their secondary email address, this notification is sent to the user to verify the address. |
| Recovery email update | After a user updates their recovery email address, this notification is sent to the user at their existing recovery email address. |
| Primary email update | After a user updates their primary email address, this notification is sent to the user at their existing primary email address. |
| Secondary email update | After a user updates their secondary email address, this notification is sent to the user at their existing secondary email address. |
| Password change | This notification is sent to the user to inform the user that the password was changed successfully. This event is initiated by the user. |
| Password reset | This notification is sent to the user to inform them that the password was reset successfully. This event is initiated by the user. |
| Password has been changed by an administrator to a known value | This notification is sent to users when the administrator changes the passwords for users to a known value. This notification is used for testing purposes only. Both the administrator and the users know the common password. |
| Admin requesting a password reset on behalf of a user | This notification is sent to a user if the administrator initiates changing the password for the user. The system creates a randomly generated value for the password. If the administrator initiates resetting the password for the user, then a notification is sent to the user along with a URL where the user can reset the password. |
| User activation | A user is notified that an administrator activated their account. The notification contains a link that the user clicks to sign in to the account. |
| User deactivation | A user is notified that an administrator deactivated their account. |
| User account locked | This notification is sent to a user if the user account is locked because the user was unsuccessful in logging in after a consecutive number of attempts. This notification contains a link that the user can click to unlock the account. |
| User exceeded the maximum number of account recovery attempts | After a user exceeds the maximum number of attempts to reset their password to recover their account, this notification is sent to the user's primary email address. |
| User account unlocked | This notification is sent to a user after the user's account is unlocked. This occurs after the user accesses the link in the User Locked notification to unlock the account. |
| User profile updated by administrator | An administrator can update a user's profile by changing attribute values associated with the user's account. A notification is sent to the user. A user can modify their profile and receive the same notification. The user accesses the My profile page to see the modifications made to the profile. The changes appear in a different foreground or background color. |
| User profile replaced by administrator | An administrator can replace attribute values of a user's profile. A notification is sent to the user. A user can replace attribute values of their profile and receive the same notification. The user accesses the My Profile page to see the attribute value replacements made to the profile. The changes appear in a different foreground or background color. |
| Device enrollment request to enable 2-step verification | This notification contains instructions and links to download the Oracle Mobile Authenticator app. It also has an enrollment URL. After the user downloads the app, the user taps the enrollment URL to configure the user account in the app. |
| 2-step verification user account locked | This notification is sent to a user if the user account is locked because of unusual activity detected on the account as part of the two-step verification process. |
| 2-step verification federated SSO user account locked | This notification is sent to a federated SSO user if the user account is locked because of unusual activity detected on the account as part of the two-step verification process. |
| 2-step bypass code verification | This notification contains a bypass code that is generated by the administrator or user. The user can use this bypass code to complete the two-step verification process. |
| Enable Kerberos authentication request | This notification is sent to a user who's assigned to a Kerberos application for the first time. By clicking the link in the notification, the user logs in, which enables generation of long-term keys. This is a prerequisite for Kerberos authentication. The user can then use the principal name provided in the notification and their password to access the Kerberos application to perform authentication to applications that support it. |
| New access request submitted | This notification is sent to a user after they submit an access request. |
| Access request fulfilled | This notification is sent to a user after their access request has been fulfilled. |
| 2–step email one-time passcode verification | This notification contains a one-time passcode (OTP) that's sent to a user. The user uses this OTP to complete 2–step verification. |
| New device sign in detected with your account | If an attempt is made to sign in to a user's account from a device, IP address, or web browser, and IAM doesn't recognize that the device, address, or browser is associated with the account, then this notification is sent to the user. The notification contains a link that the user can click to reset their SSO password in case the user doesn't recognize the login attempt. |
| Notify a user when primary email verification completes | This notification is sent to the user to inform the user that the verification of their primary email address is complete. |
| Notify a user when recovery email verification completes | This notification is sent to the user to inform the user that the verification of their recovery email address is complete. |
| Notify a user when secondary email verification completes | This notification is sent to the user to inform the user that the verification of their secondary email address is complete. |
| Authentication email link | This notification is sent to the user to inform them of the link to use to sign in (or authenticate). |
Administrator Email Notifications
| Name | Description |
|---|---|
| Job started | An administrator is notified that a job for importing or exporting groups, users, or application roles, or for resetting passwords for all identity domain users, has been started. |
| Job cancelled | An administrator is notified that a job for importing or exporting groups, users, or application roles, or for resetting passwords for all identity domain users, has been canceled. |
| Job completed | An administrator is notified that a job for importing or exporting groups, users, or application roles, or for resetting passwords for all identity domain users, is complete. |
| Job failed | An administrator is notified that a job for importing or exporting groups, users, or application roles, or for resetting passwords for all identity domain users, has failed. |
| Quota limit exceeded | This notification is sent to an administrator when the administrator has exceeded the allowed resource quota for the identity domain. To increase the quota limit, upgrade your subscription. |
| From email domain validation initiated | An administrator is notified that validation of the email domain that's entered in the email address in the Sender's email address field on the Notifications page has been initiated, and a validation email will be sent to the postmaster account of this domain. |
| Email address validation initiated for Sender's email address | An administrator is notified that validation of the email address that's entered in the Sender's email address field on the Notifications page has been initiated, and a validation email will be sent to this email address. |
| Synchronization job summary | After synchronizing users, groups, application accounts, and entitlements from an application into an identity domain, an administrator receives an email notification. The notification contains a summary of the synchronization and a link. Clicking the link takes the administrator to a URL that lets the administrator view the status of the synchronization job. |
| Notify an administrator when connectivity between AD, AD Bridge, and IAM is broken | This notification is sent to an administrator when the connectivity between Microsoft Active Directory (AD), the AD Bridge or AD Bridges, and the identity domain is broken. |
| Notify an administrator when connectivity between AD, AD Bridge, and IAM is restored | This notification is sent to an administrator when the connectivity between Microsoft Active Directory (AD), the AD Bridge or AD Bridges, and the identity domain is restored. |
| Bridge update available | This notification is sent to an administrator when an update to the Microsoft Active Directory (AD) Bridge is available. |
| Notify an administrator when sync between AD, AD Bridge, and IAM has succeeded | This notification is sent to an administrator when the sync between Microsoft Active Directory (AD), the AD Bridge or AD Bridges, and the identity domain has succeeded. |
| Notify an administrator when sync between AD, AD Bridge, and IAM has failed | This notification is sent to an administrator when the sync between Microsoft Active Directory (AD), the AD Bridge or AD Bridges, and the identity domain has failed. |
| Secondary domain creation | This notification is sent to an administrator when a secondary identity domain has been created. |
| SAML Signing Certificate Expiration Warnings | These notifications are sent to the administrators when a SAML federation partner's (identity provider or application/service provider) signing certificate is nearing its expiration date. When this happens, administrators should make plans to replace it. See About Digital Certificates. |
Note
The job started, job cancelled, job completed, and job failed administrator notifications contain a link. Clicking the link for each notification takes the administrator to the Jobs page of the identity domain where the administrator can view details about the job.
The job started, job cancelled, job completed, and job failed administrator notifications contain a link. Clicking the link for each notification takes the administrator to the Jobs page of the identity domain where the administrator can view details about the job.