OneLogin notifications are automated emails sent to users or administrators whenever certain conditions are fulfilled, such as alerting an account owner when their organization has run out of seat licenses, or notifying a locked-out user when their account has been unlocked. Your OneLogin account comes preconfigured with several existing notifications, but you can customize these for your organization's needs or create new notifications for various other events, such as when an Active Directory Connector fails.
Default Notifications
When your OneLogin tenant is created, it has the following notification emails prewritten and ready to send. Most are active by default, but some must be manually enabled before you or your users receive them.
|
Notify account owner of locked user
|
Sent to the account owner when a user has been locked out of OneLogin, providing a link for the user record where their account can be unlocked
*Disabled by default
|
|
Notify account owner for certificates about to expire
|
Sent to the account owner when a OneLogin certificate is due to expire, providing the certificate's name and link, the days remaining before expiration, and information on how to update certificates in OneLogin
|
|
Notify user of unlocked account
|
Sent to a user when their account has been unlocked, providing a sign-in link where they can access their account
*Disabled by default
|
|
Account approaching seat limit
|
Sent to the account owner when their OneLogin subscription is close to running out of seat licenses, providing the current and maximum number of seats on the current subscription and a link to their subscription management portal
|
|
Account at seat limit
|
Sent to the account owner when their OneLogin subscription has run out of seat licenses, providing a link to their subscription management portal
|
|
Notification for broken provisioning apps
|
Sent to the account owner when any application encounters a configuration error causing a provisioning failure, providing the app's error message and a link to configure the app's provisioning settings in OneLogin
|
|
Notification for throttled provisioning apps
|
Sent to the account owner when an app experiences temporary provisioning issues due to application throttling
|
Managing Notifications
To view and manage your notifications, go to Activity > Notifications in your OneLogin admin portal. Select any notification to view its details, and go to the More Actions menu for additional settings:
|
Enable/Disable
|
Activates or deactivates the current notification
|
|
Clone
|
Creates a new notification as a duplicate of the current notification
|
|
Delete
|
Permanently removes the current notification
|
Configuring Notifications
Click New Notification or select any existing notification to configure its conditions or message contents. You can also select the notification's title to rename it if desired; titles appear in your notification management but are not displayed to recipients, so should be descriptive of the notification's purpose.
Conditions
Use the + icon to add one or more conditions that will allow the notification email to be sent. There are four possible conditions to select, which can be thought of in two categories:
Event and Status conditions act as triggers that prompt the notification email when a user's event or status is changed, while Group and Roles conditions act as contingencies that can be used to narrow the scope of a notification to only users who are or are not assigned to given groups or roles.
All notifications must use at least one Event or Status condition. Notifications with only Group or Roles as conditions will not perform any actions.
Event
Select any event, and the notification will be triggered whenever the event occurs.
- Event conditions cannot be combined with Status conditions. If both an Event and a Status condition are selected, the notification will not correctly trigger.
- The is not selector cannot be used with Event conditions. If any condition displays Event is not, the notification will not trigger.
- When adding multiple Event conditions to a single notification, the notification is triggered when any one of the chosen events is fulfilled.
- When using an Event condition in combination with any other condition, the notification is sent only when all other conditions are fulfilled.
- For example, if you add both a Group is condition and a Roles include condition, the notification will trigger only for members of that group who are also assigned to the selected role.
Status
Select any user status with the changed to or changed from conditional to trigger the notification when a user's status changes to or from that selection.
- Status conditions cannot be combined with Event conditions. If both an Event and a Status condition are selected, the notification will not correctly trigger.
- Only one each of the Status changed to and Status changed from conditions may apply.
- For example, you may limit a notification to occur only when a user is changed from one selected status to another, but the notification will not trigger if you add multiple changed to or multiple changed from conditions.
- When using a Status condition in combination with any other condition, the notification is sent only when all other conditions are fulfilled.
- For example, if you add both a Group is condition and a Roles include condition, the notification will trigger only for members of that group who are also assigned to the selected role.
Group
Select any group with the is or is not conditional to include or exclude users already in that group from the Status notification conditions.
- Affected users must already be in the given group to be considered in the notification. Changing a user's group, either manually or with a mapping, will not trigger the notification.
- Group conditions must be paired with at least one Status or Event condition; if no status change or event is selected, the notification will not be triggered.
- You may only configure one Group is condition. If multiple Group is conditions are selected, the notification will not be triggered.
- When adding multiple Group is not conditions to a single notification, the notification is triggered only when the affected user is not a member of any selected group.
- When combining a Group condition with a Role condition, the notification is only sent when all conditions are fulfilled.
- For example, if you add both a Group is condition and a Roles include condition, the notification will trigger only for members of that group who are also assigned to the selected role.
Roles
Select any role with the include or do not include conditional to include or exclude users already assigned to that role from the Status notification conditions.
- Roles conditions must be paired with at least one Status or Event condition; if no status change or event is selected, the notification will not be triggered.
- Affected users must already have been assigned to the given role to be considered in the notification. Roles assigned simultaneously with a status change may not trigger the notification.
- When adding multiple Roles conditions to a single notification, the notification is triggered only when all Roles selections apply to the user's role assignments.
- When combining a Group condition with a Role condition, the notification is only sent when all conditions are fulfilled.
- For example, if you add both a Group is condition and a Roles include condition, the notification will trigger only for members of that group who are also assigned to the selected role.
Example Conditions
 |
This notification will not send, as Event and Status conditions cannot be combined.
|
 |
This notification will send whenever any user creation or provisioning fails.
|
 |
This notification will send whenever any previously Suspended users have their status changed to Active.
It will not send when a previously Suspended user is changed to any other status, or when a user with a user who previously had any other status is changed to Active.
|
 |
This notification will not send, as multiple Status changed to conditions cannot be selected.
|
 |
This notification will send whenever any seasonal contractor allows their password to expire unless they are currently assigned to the geo-amer role.
It will not send for users who are not in the Seasonal Contractors group, regardless of their role assignment, or for any users who have been assigned to the geo-amer role, regardless of their group membership.
|
 |
This notification will not send, as Group and Roles conditions can only modify the scope of notifications triggered by the Status condition and cannot independently trigger notifications.
|
Actions
All notifications have one action configured by default, but more can be added with the + icon. For example, you may wish to include additional actions if you would like one email sent to the account owner and a different email simultaneously sent to the user when a particular event occurs.
Recipient
Select the email's recipient in the dropdown menu to the right of Email user. In addition to group admins for any specific groups you have configured, you can also choose from the following options:
|
Account owner
|
Notifies the owner of your organization's OneLogin tenant
|
|
Custom
|
Provides a text field for you to enter one or more email addresses, separated by commas
Tip! You can also use this field to indicate a custom field such as a secondary email address by entering {{user.custom_attribute_shortname}} with the shortname of your desired custom attribute.
|
|
Group admin
|
Notifies the administrator of the affected group
|
|
Super users
|
Notifies all users with super user privileges or above
|
|
User
|
Notifies the affected or acting user
|
Message
Customize the Subject and Body fields with your desired content. Notification emails are compatible with markdown formatting and template macros, and styled according to the email template customized in Branding. |