Set OneLogin to send email notifications to admins and users when certain events, like a status change, occur. Typical notifications include:
-
Notify account owner when a user is locked out of their account.
Provided in a default format and enabled by default.
-
Notify group admin when a user is locked out of their account.
Provided in a default format and enabled by default.
-
Notify user when their account is unlocked.
Provided in a default format and enabled by default.
-
Notify account owner of certificates about to expire
Provided in a default format and enabled by default.
-
Notify admins and other interested parties when an Active Directory Connector fails or is disconnected.
Must be created and enabled by you.
-
Notify admins when a provisioning app fails.
Provided in a default format and enabled by default.
-
Invite new users to create a password and sign into OneLogin.
Provided in a default format but must be triggered manually. These are not configured using the Notifications page described in this article. You configure them on the Branding page. See Inviting Users.
You can create any notification email you like, and you can customize any of the existing notification emails to meet your needs, using your own text - including Markdown-formatted text - and a large selection of value placeholders ("macros").
Notification emails are styled according to the email template you configure on the Settings > Branding page.
This article includes the following topics:
Configure automated notifications
-
(Optional) Customize your email template.
By default, email notifications use the OneLogin logo and branding. You can customize your email template to reflect your company's brand.
-
Go to Settings > Branding and open the Emails tab.
- Update the HTML email template to reflect your company's branding, and click Save.
For more information, see Branding.
-
Go to Activity > Notifications.
There are five default notifications, all enabled by default:
- Notify account owner of locked user
- Notify group admin of locked user
- Notify user of unlocked account
- Notify account owner of certificates about to expire
- Notification for broken provisioning apps
To customize notifications, click the notification row to open the notification, and then follow the instructions starting with step 5, below.
-
To create a new notification, click New Notification.
You can clone existing notifications by opening the desired notification and go to More Actions > Clone.
-
Name the notification and click the check button next to the name field.
-
Define the conditions that trigger a notification. Conditions can depend on any of the following:
- Events (for example, new user is invited, Active Directory Connector instance throws an exception)
- Status updates (for example, user account is locked)
- Group membership
- Role membership
Click the plus + button to add a new condition line. You can set as many lines as you like, which enables you to set very precise conditions for notification actions.
-
Set the notification Action (such as sending an email) for the conditions, and select the recipient (such as the Account owner, Group admin, or User).
Currently, the only available Action is sending an Email.
Select Custom from the recipient drop-down to display a free-form More Recipients field, where you can enter any email addresses, regardless of whether they are defined as OneLogin users. You can also enter a placeholder for a custom user field (let's say a secondary email address field) in the format {{user.custom_attribute_shortname}} where shortname is the short name of the custom user field.
-
Provide the subject line and body text.
You can use any of the following placeholders to insert values from the OneLogin database. Be sure to use the {{double-bracket format}}. See sample subject lines and body text, below.
{{account.owner.name}}
{{account.users_count}}
{{account_name}}
{{account_url}}
{{active_directory_connector.name}}
{{app_name}}
{{assumed_by}}
{{assuming_reason}}
{{authentication_factor_name}}
{{authentication_factor_type}}
{{certificate.name}}
{{certificate.remaining_days}}
{{certificate.url}}
{{department}}
{{directory.edit_url}}
{{directory_name}}
{{email}}
{{email_domain_part}}
{{email_name_part}}
{{external_id}}
{{firstinitial}}
{{firstname}}
{{generate_uuid}}
{{lastinitial}}
{{lastname}}
{{manage_subscription_url}}
{{mapping_name}}
{{member_of}}
{{name}}
{{onelogin_id}}
{{openid_name}}
{{password_url}}
{{policy_name}}
{{policy_type}}
{{proxy_agent_name}}
{{radius_config_name}}
{{role_name}}
{{samaccountname}}
{{strongpwd}}
{{subscription.users}}
{{title}}
{{trusted_idp_name}}
{{user.account_url}}
{{user.edit_url}}
{{user.email}}
{{user.firstname}}
{{user.group.admin.email}}
{{user.group.admin.name}}
{{user.group.name}}
{{user.lastname}}
{{user.name}}
{{user.password_url}}
{{user.role_names}}
{{user_field_name}}
{{username}}
{{userprincipalname}}
-
If you want to add additional actions for the triggering condition, click the plus + button.
You can configure multiple actions per notification event.
Enable and disable notifications
The default notification types are enabled by default. To enable custom notifications, go to the Notifications page, open the custom notification, and go to More Actions > Enable.
To disable a notification, open it and go to More Actions > Disable.
Sample notification emails
Notify group admin of locked user:
Notify account owner of Active Directory Connector failure and recovery
We recommend that you set up notification emails for Active Directory Connector start and stop events, especially if you have Active Directory Connector provisioning enabled (and therefore, sync enabled). By setting up Active Directory Connector start and stop event notifications, you'll be notified whenever the Active Directory Connector stops or starts, so that you can take the necessary actions to ensure that Active Directory Connector user sync is up and running.
Active Directory Connector failure (stopped)
In the Conditions area, set the Event value to Active Directory connector stopped.
Active Directory Connector recovered (started)
In the Conditions area, set the Event value to Active Directory connector started.
|