Notification Templates

Customizing email notifications for Access Reviews using the Veza UI or API.

PreviousSystem Events NextNotification Templates API

Last updated 23 days ago

Was this helpful?

Notification Templates

Customizing email notifications for Access Reviews using the Veza UI or API.

Overview

Administrators can customize email notifications sent to reviewers and other stakeholders during access reviews. These emails can include instructions, unique branding, and placeholders for metadata specific to the review (such as the review name, due date, or owner). Each notification type (usage) can have its own customized template.

Notification templates support HTML and CSS. They can include links to external images or you can upload small files to Veza. The Access Reviews > Settings > Notifications tab provides a straightforward interface for creating and editing templates.

This document includes steps to configure templates in Veza, and a full reference for event types, default templates, and supported placeholders.

Managing notification templates

Using the settings page

Veza provides a built-in user interface for managing email notification templates. This is the recommended method for creating, editing, testing, and deleting customizations to notifications.

To add a template:

Browse to Access Reviews > Settings > Notifications tab
Click Add Template to create a new notification template
Create the template by filling in the required fields:
- Template name: A descriptive name for the template
- Notification subject: Email subject line (supports placeholders)
- Notification body: The content of the email (supports HTML and placeholders)
- Notification event: The type of event the email template will apply to (also referred to as the "usage")
- In the Images section, click Add images (optional)
  - Provide a Name for the image (used to reference the image in the template)
  - Upload an image by dropping a file in the designated area, or clicking Browse to select a file (maximum file size: 64KB).
  - You can add multiple images by clicking Add images again.
Save the template. It will appear on the list of templates on the Notifications tab, where you can edit, remove, or test it.

Using the API

Testing notification templates

You can test notification templates before implementing them in production:

Create and save your notification template through the UI
Navigate to the template list under Access Reviews > Settings > Notifications
Locate your template in the list and click the Test button in the Actions column
In the "Send Test Notification" dialog:
- The template name will be pre-selected
- Enter one or more recipient email addresses in the "Recipients" field (comma-separated)
- Optionally add CC and BCC recipients
- Click Send to deliver a test email

When testing templates, check that all placeholders are correctly replaced with sample values, verify HTML formatting displays as expected in email clients, and ensure that any links or buttons in the template are clickable and direct to the correct destinations. You should also confirm that any custom images are properly displayed.

To test a templates created via API:

Create the template using the appropriate API endpoint
Verify the template appears in the UI template list
Use the Test button in the UI to send a test email, or
Use the API test endpoint to send a test notification programmatically:

curl -X POST "{your_veza_url}/api/preview/notification-templates/{template_id}/test" \
-H "Authorization: Bearer {your_token}" \
-H "Content-Type: application/json" \
-d '{
  "recipients": ["test@example.com"],
  "cc": ["manager@example.com"],
  "bcc": ["admin@example.com"]
}'

Default Templates

See each section below for built-in HTML templates and placeholders:

Notification Emails

The template following template applies for all notifications, unless a custom template exists for the usage.

{{WORKFLOW_TEXT}} is a placeholder for default text, which varies based on the usage.
{{WORKFLOW_TIME}} is the time in GMT

Note that depending on how you are submitting your request, you may have to escape any double quotes " in your HTML templates for JSON compatibility, for example:

<html>
 <head>
 <meta charset=\"UTF-8\" />
 </head>
</html>

<html>
    <head>
   <meta charset="UTF-8" />
   <title>Notification</title>
   <meta http-equiv="Content-Type" content="text/html charset=UTF-8" />
   <meta name="viewport" content="width=device-width,initial-scale=1" />
   <meta name="x-apple-disable-message-reformatting" />
   <style>
     * {
       font-family: Roboto, Arial, sans-serif;
     }
     body {
       padding: 0;
       margin: 0;
     }
     table {
       border: 0;
       width: 100%;
       border-spacing: 0;
     }
     table tr td {
       padding: 0;
     }
     .timestamp {
       color: #9097ad;
       font-size: 12px;
       line-height: 14px;
       padding-bottom: 5px;
     }
     .notification-text {
       font-size: 14px;
       line-height: 16px;
       color: #263040;
       padding-bottom: 30px;
     }
     .view-in-link a {
       text-decoration: none;
       background: #933aeb;
       border-radius: 10px;
       color: #ffffff;
       font-size: 14px;
       line-height: 16px;
       padding: 15px 35px;
       display: inline-block;
       font-weight: 500;
     }
     .ExternalClass {
       width: 100%;
     }
   </style>
 </head>
    <body style="padding: 0;">
     <table style="margin: 0; padding: 24px !important;">
       <tr style="margin: 0; padding: 0;">
         <th style="margin: 0; padding: 0 0 24px 0; text-align: left">
           <img src="cid:vezaLogo" style="width: 75px; display:inline-block;" alt="Veza logo" />
         </th>
       </tr>
       <tr>
         <td class="timestamp">{{WORKFLOW_TIME}}</td>
       </tr>
       <tr>
         <td class="notification-text">{{WORKFLOW_TEXT}}</td>
       </tr>
       <tr>
         <td class="view-in-link">
           <a href="{{WORKFLOW_URL}}" rel="noreferrer noopener" target="_blank"> View in Veza </a>
         </td>
       </tr>
     </table>
   </body>
</html>

Digest Emails

<!DOCTYPE html>
<html lang="en">
   <head>
      <title> Access Reviews Digest </title>
   </head>
   <body style="
      padding: 50px 5px 0px 50px;
      font-family: Arial, sans-serif;
      text-align: center;
      background-color: #f1efef;">

      <img src="cid:` + email.VezaLogo + `" alt="Veza Logo" style="padding: 20px;">

      <!-- Table Container -->
      <div style="
         max-width: 750px;
         margin: auto;
         padding: 15px 0 15px;
         background-color: white;
         border-radius: 10px;
         ">

         <!-- Table Header -->
         <div>
            <div style="font-size: 28px; color: black; margin: 2px; font-weight:600;"> My Reviews </div>
            <span style="font-size: 22px; color: black; font-weight: 600;"> {{DIGEST_NOTIFICATION_PERIOD}} </span>
         </div>

         <!-- Table -->
         {{DIGEST_NOTIFICATION_TABLE}}

         <a href="{{ACCESS_REVIEW_URL}}">
            <button style="
               display: inline-block;
               background-color: #3c7bfa;
               color: white;
               border: none;
               border-radius: 7.5px;
               font-size: 18px;
               cursor: pointer;
               text-align: center;
               line-height: 1.5em;
               padding: 12px 14px;
               font-weight: 400;
               ">
               Go to My Reviews
            </button>
         </a>
      </div>


      <div style="
         font-size: 16px;
         color: #666;
         padding-top: 20px;
         padding: 10px 10px;">
         Copyright &copy; 2024 Veza.
      </div>

      <div style="
         font-size: 16px;
         color: #666;
         padding: 10px;
         padding-bottom: 50px;">
         To manage notifications, visit
         <a href="{{SETTINGS_URL}}" style="color: #3c7bfa;"> settings </a>
      </div>
   </body>
</html>

Usage

Each template you create is associated with a specific notification event (referred to as usage in the API). In the UI, this appears as the Notification event dropdown when creating or editing a template.

The available notification events are: Here's the aligned table of usages with their corresponding values from the list below:

Event Type

API Usage Value

Description

Notes

Review Started

ACCESS_WORKFLOW_STARTED

Sent when a review is published

Sent to all reviewers

Review Completed

ACCESS_WORKFLOW_COMPLETED

Sent when a review is marked complete

Not sent for expired reviews

Reviewer Changed

ACCESS_WORKFLOW_REVIEWER_CHANGED

Sent when a reviewer is reassigned

Sent to new reviewers and previously assigned reviewers

Owner Changed

ACCESS_WORKFLOW_OWNER_CHANGED

Sent when ownership changes

Notifies old and new owners

Reminder: No Activity

ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY

Sent after a period of inactivity

Can be configured to escalate to managers

Reminder: Due Date

ACCESS_WORKFLOW_REMINDER_DUE

Sent based on due date proximity

Can be sent before, on, or after due date

Digest Notification

ACCESS_WORKFLOW_DIGEST_NOTIFICATION

Periodic summary of pending reviews

Configured globally at a tenant level

Approved Row

ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF

Sent when a row is approved and signed off

Typically used for notification only

Rejected Row

ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF

Sent when a row is rejected and signed off

Often used to trigger remediation workflows

Default workflow text

The built-in template for all messages uses a single {{WORKFLOW_TEXT}} placeholder in the subject and body. This default content depends on the notification event type, or "usage".

See the following list for the default workflow text for each notification event:

ACCESS_WORKFLOW_STARTED

Subject Text

Access Workflow --> Certification: A new certification was started on workflow {{WORKFLOW_NAME}}

Body Text

A new certification was started for workflow {{WORKFLOW_NAME}}

ACCESS_WORKFLOW_COMPLETED

Subject Text

Access Certification: A certification on workflow {{WORKFLOW_NAME}} has been completed

Body Text

A certification has been completed on workflow {{WORKFLOW_NAME}}

ACCESS_WORKFLOW_REVIEWER_CHANGED

Subject Text

Access Certification: Assigned reviewers changed on certification for workflow {{WORKFLOW_NAME}}

Body Text (Previous Reviewer)

On a certification for workflow {{WORKFLOW_NAME}} the assigned reviewers has changed from {{WORKFLOW_CERT_OLD_REVIEWERS}} to {{WORKFLOW_CERT_REVIEWERS}}.

Body Text (New Reviewer)

{{WORKFLOW_TEXT}}: On a certification for workflow {{WORKFLOW_NAME}} the assigned reviewers has changed to {{WORKFLOW_CERT_REVIEWERS}}.

ACCESS_WORKFLOW_OWNER_CHANGED

Subject Text

Access Workflow: A new owner assigned to workflow {{WORKFLOW_OWNER}}

Body Text

The owner of access workflow {{WORKFLOW_NAME}} has changed from {{WORKFLOW_OLD_OWNER}} to {{WORKFLOW_OWNER}}.

ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY

Subject Text

Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}

Body Text

User {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} hasn't made progress on the certification started on {{WORKFLOW_CERT_STARTED_ON_DATE}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}. User {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} has {{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_NEED_SIGN_OFF}} of {{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_TOTAL}} rows that need to be signed off.

ACCESS_WORKFLOW_REMINDER_DUE

Subject Text

Access Certification Reminder: Certification {{WORKFLOW_CERT_DUE_IN_PHRASE}} on workflow {{WORKFLOW_NAME}}

Body Text

The certification started on {{WORKFLOW_CERT_STARTED_ON_DATE}} for workflow {{WORKFLOW_NAME}} {{WORKFLOW_CERT_DUE_ON_PHRASE}}.

ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF

Subject Text

Access Review: Access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was approved in {{WORKFLOW_NAME}} Review

Body Text

In the access review {{WORKFLOW_NAME}}, access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was approved.

Please find more details below:
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}

ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF

Subject Text

Access Review: Access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was rejected in {{WORKFLOW_NAME}} Review

Body Text

In the access review {{WORKFLOW_NAME}}, access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was rejected.

Please revoke the access described below:
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}

ACCESS_WORKFLOW_DIGEST_NOTIFICATION
- Subject Text
  My Reviews - {{DIGEST_NOTIFICATION_PERIOD}}

Image Attachments

From the Veza UI, you can add images directly through the "Add images" option. These will be automatically encoded and included in your template.

For API-based template management, small images under 64kb can be attached when configuring a template. The image must be base64-encoded and specified in the attachments field of the API request.

To use an attachment you have uploaded in a template, specify it by attachment.name, for example:

<img src="cid:<name_of_attachment>"

To embed high-resolution images in your templates, you should serve the content from a public URL, and use HTML to link and style it.

Placeholders

Use placeholders to include dynamic information in templates, such as decision timestamps, reviewer names, and other review or configuration metadata. Some placeholders are available depending on the template usage, and some are available for all templates, such as {{WORKFLOW_NAME}} and {{WORKFLOW_URL}}.

Placeholders for all templates

Summary

Placeholder

Configuration Name

{{WORKFLOW_NAME}}

Configuration Text

{{WORKFLOW_TEXT}}

Configuration URL

{{WORKFLOW_URL}}

Configuration Time

{{WORKFLOW_TIME}}

Configuration Owner

{{WORKFLOW_OWNER}}

Configuration Description

{{WORKFLOW_DESCRIPTION}}

If a review (certification) exists for a configuration (workflow), the following placeholders are available:

Summary

Placeholder

Review Due On Date

{{WORKFLOW_CERT_DUE_ON_DATE}}

Review Last Activity On Date

{{WORKFLOW_CERT_LAST_ACTIVITY_ON_DATE}}

Review Last Activity On Time

{{WORKFLOW_CERT_LAST_ACTIVITY_ON_TIME}}

Review Last Activity By

{{WORKFLOW_CERT_LAST_ACTIVITY_BY}}

Review Last Updated On

{{WORKFLOW_CERT_LAST_UPDATED_ON_DATE}}

Review Last Updated On Full

{{WORKFLOW_CERT_LAST_UPDATED_ON_TIME}}

Review Last Updated By

{{WORKFLOW_CERT_LAST_UPDATED_BY}}

Review Started On Date

{{WORKFLOW_CERT_STARTED_ON_DATE}}

Review Started On Time

{{WORKFLOW_CERT_STARTED_ON_TIME}}

Review Created By

{{WORKFLOW_CERT_CREATED_BY}}

Review Completed On Date

{{WORKFLOW_CERT_COMPLETED_ON_DATE}}

Review Completed On Time

{{WORKFLOW_CERT_COMPLETED_ON_TIME}}

Review Completed By

{{WORKFLOW_CERT_COMPLETED_BY}}

Review Phrase

{{WORKFLOW_CERT_PHRASE}}

Dates and Times: For placeholders that refer to a timestamp, you can show the full "Time" or simple "Date" format:

{{WORKFLOW_CERT_STARTED_ON_TIME}} result: "Mon, Jan 2nd 2006, 3:04:05PM"
{{WORKFLOW_CERT_STARTED_ON_DATE}} result: "2006-01-02"

Digest notification placeholders

Unique placeholders are available for the ACCESS_WORKFLOW_DIGEST_NOTIFICATION usage:

Placeholder

Description

{{DIGEST_NOTIFICATION_PERIOD}}

The time period covered by the digest (e.g., "January 1 - January 7, 2024")

{{ACCESS_REVIEW_URL}}

Link to the Access Reviews overview (varies based on user role)

{{SETTINGS_URL}}

Link to the Access Review settings page where digest emails can be configured. Only admins and operators can view this page.

{{DIGEST_NOTIFICATION_TABLE}}

Formatted HTML table showing in-progress reviews.

The {{DIGEST_NOTIFICATION_TABLE}} placeholder generates a tabular summary of assigned reviews, including the:

Review name and link to the review
Due date (if applicable)
Total items needing review
Status indicators (e.g., New, Overdue)

DIGEST_NOTIFICATION_TABLE Raw HTML

The DIGEST_NOTIFICATION_TABLE placeholder translates to the following HTML table:

<!-- Table -->
<table style="
   border-collapse: collapse;
   width: 90%;
   margin: 20px auto;
   ">
   {{ range .Certifications }}
   <tr style="
      padding: 10px;
      ">
      <!-- Left Aligned -->
      <td style="text-align: left; padding: 10px;">
         <a href="{{ .CertUrl }}"
            style="
            text-decoration: none;
            color: #3c7bfa;
            font-size: 20px;
            font-weight: bold;">
            <span style="
               font-size: 20px;
               font-weight: bold;
               color: #3c7bfa;">
               {{ .CertName }}
            </span> <br>
            {{ if .DueDate }}
               <span style="
                  font-size: 15px;
                  font-weight: bold;
                  color: #666;
                  ">
                  Due {{ .DueDate }}
               </span>
            {{ end }}
         </a>
      </td>

      <!-- Right Aligned -->
      <td style="text-align: right; padding: 10px;">
         <a href="{{ .CertUrl }}"
            style="
            text-decoration: none;
            color: #3c7bfa;
            font-size: 20px;
            font-weight: bold;">
            <button style ="
               background-color: #d4d4d4;
               border: none;
               color: #666;
               padding: 6px 15px;
               text-align: center;
               margin: 2px 5px;
               cursor: pointer;
               font-size: 16px;
               border-radius: 31px;">
               {{ .WorkLeft }} need review
            </button>
            {{ if .Overdue }}
            <button style="
               background-color: #f7b5b5;
               border: none;
               color: #666;
               padding: 6px 15px;
               text-align: center;
               margin: 2px 5px;
               cursor: pointer;
               font-size: 16px;
               border-radius: 31px;
               ">
               Overdue
            </button>
            {{ else if .New }}
            <button style="
               background-color: aquamarine;
               border: none;
               color: #666;
               padding: 6px 15px;
               text-align: center;
               margin: 2px 5px;
               cursor: pointer;
               font-size: 16px;
               border-radius: 31px;">
               New
            </button>
            {{ end }}
         </a>
      </td>
   </tr>
   {{ end }}
</table>

ACCESS_WORKFLOW_OWNER_CHANGED placeholders

Summary

Placeholder

Workflow Old Owner

{{WORKFLOW_OLD_OWNER}}

ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY placeholders

Summary

Placeholder

Review Last Activity Days

{{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}}

Review Last Activity Phrase

{{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}

Review Last Activity Reviewer

{{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}}

Review Last Activity Rows Total

{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_TOTAL}}

Review Last Activity Rows Need Sign Off

{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_NEED_SIGN_OFF}}

Review Last Activity Rows Signed Off

{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_SIGNED_OFF}}

ACCESS_WORKFLOW_REMINDER placeholders

Summary

Placeholder

Review Due In Phrase

{{WORKFLOW_CERT_DUE_IN_PHRASE}}

Review Due Date Phrase

{{WORKFLOW_CERT_DUE_ON_PHRASE}}

Review Due Days

{{WORKFLOW_CERT_DUE_DAYS}}

ACCESS_WORKFLOW_REVIEWER_CHANGED placeholders

Summary

Placeholder

Review Old Reviewers

{{WORKFLOW_CERT_OLD_REVIEWERS}}

Review Current Reviewers

{{WORKFLOW_CERT_REVIEWERS}}

Placeholders: Rejected and Accepted Rows

Usages ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF and ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF have unique placeholders:

Summary

Placeholder

Number of impacted rows

{{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}}

List of approved or rejected rows

{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}

List of approved or rejected rows, including notes

{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_WITH_NOTES}}

List of approved or rejected rows without node IDs

{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_EXCLUDE_NODE_IDS}}

List of approved or rejected rows without node IDs, including notes

{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_WITH_NOTES_EXCLUDE_NODE_IDS}}

Examples:

Number of impacted rows:

"2 rows" | "1 row" | "x rows"

List of approved or rejected rows:

<p>[Result Id 1] From srcType1 "SrcName1" (srcId1) to destType1 "destName1" (destId1)</p>
<p>[Result Id 2] From srcType2 "SrcName2" (srcId2) to destType2 "destName2" (destId2)</p>

List of approved or rejected rows, including notes:

<p>[Result Id 1] From srcType1 "SrcName1" (srcId1) to destType1 "destName1" (destId1) because of "reason 1"</p>
<p>[Result Id 2] From srcType2 "SrcName2" (srcId2) to destType2 "destName2" (destId2) because of "reason 1"</p>

When including notes, rows approved or rejected without a note will fall back to:

<p>[Result Id 1] From srcType1 "SrcName1" (srcId1) to destType1 "destName1" (destId1)</p>

List of approved or rejected rows without node IDs:

<p>[Result Id 1] From srcType1 "SrcName1" to destType1 "destName1"</p>
<p>[Result Id 2] From srcType2 "SrcName2" to destType2 "destName2"</p>

List of approved or rejected rows without node IDs, including notes:

<p>[Result Id 1] From srcType1 "SrcName1" to destType1 "destName1" because "reason 1"</p>
<p>[Result Id 2] From srcType2 "SrcName2" to destType2 "destName2" because "reason 1"</p>

Placeholders: Phrases

Some placeholders represent a collection of strings and variables and are used to construct the default messages:

Phrase

Default Message

{{ACCESS_WORKFLOW_STARTED_PHRASE}}

"Access Workflow --> Certification: A new certification was started on workflow {{WORKFLOW_NAME}}"

{{ACCESS_WORKFLOW_COMPLETED_PHRASE}}

"Access Certification: A certification on workflow {{WORKFLOW_NAME}} has been completed"

{{ACCESS_WORKFLOW_REVIEWER_CHANGED_PHRASE}}

"Access Workflow: A new owner assigned to workflow {{WORKFLOW_NAME}}"

{{ACCESS_WORKFLOW_OWNER_CHANGED_PHRASE}}

"Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}"

{{ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY_PHRASE}}

"Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}"

{{ACCESS_WORKFLOW_REMINDER_DUE_PHRASE}}

"Access Certification Reminder: Certification {{WORKFLOW_CERT_DUE_IN_PHRASE}} on workflow {{WORKFLOW_NAME}}"

{{WORKFLOW_CERT_DUE_IN_PHRASE}}

"is due on {{WORKFLOW_CERT_DUE_ON_DATE}}" (if future) "was due on {{WORKFLOW_CERT_DUE_ON_DATE}}" (if past)

{{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}

"for {{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}} day" (if singular) "for {{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}} days" (if plural)

PreviousSystem Events NextNotification Templates API

Last updated 23 days ago

Was this helpful?

Overview

This document includes steps to configure templates in Veza, and a full reference for event types, default templates, and supported placeholders.

Managing notification templates

Using the settings page

Veza provides a built-in user interface for managing email notification templates. This is the recommended method for creating, editing, testing, and deleting customizations to notifications.

To add a template:

Browse to Access Reviews > Settings > Notifications tab
Click Add Template to create a new notification template
Create the template by filling in the required fields:
- Template name: A descriptive name for the template
- Notification subject: Email subject line (supports placeholders)
- Notification body: The content of the email (supports HTML and placeholders)
- Notification event: The type of event the email template will apply to (also referred to as the "usage")
- In the Images section, click Add images (optional)
  - Provide a Name for the image (used to reference the image in the template)
  - Upload an image by dropping a file in the designated area, or clicking Browse to select a file (maximum file size: 64KB).
  - You can add multiple images by clicking Add images again.
Save the template. It will appear on the list of templates on the Notifications tab, where you can edit, remove, or test it.

See , and below for all usages and default email content.

Using the API

Advanced users can also manage notification templates programmatically using the API. See the for details.

Testing notification templates

You can test notification templates before implementing them in production:

Create and save your notification template through the UI
Navigate to the template list under Access Reviews > Settings > Notifications
Locate your template in the list and click the Test button in the Actions column
In the "Send Test Notification" dialog:
- The template name will be pre-selected
- Enter one or more recipient email addresses in the "Recipients" field (comma-separated)
- Optionally add CC and BCC recipients
- Click Send to deliver a test email

To test a templates created via API:

Create the template using the appropriate API endpoint
Verify the template appears in the UI template list
Use the Test button in the UI to send a test email, or
Use the API test endpoint to send a test notification programmatically:

curl -X POST "{your_veza_url}/api/preview/notification-templates/{template_id}/test" \
-H "Authorization: Bearer {your_token}" \
-H "Content-Type: application/json" \
-d '{
  "recipients": ["test@example.com"],
  "cc": ["manager@example.com"],
  "bcc": ["admin@example.com"]
}'

Default Templates

See each section below for built-in HTML templates and placeholders:

Notification Emails

The template following template applies for all notifications, unless a custom template exists for the usage.

{{WORKFLOW_TEXT}} is a placeholder for default text, which varies based on the usage.
{{WORKFLOW_TIME}} is the time in GMT

Note that depending on how you are submitting your request, you may have to escape any double quotes " in your HTML templates for JSON compatibility, for example:

<html>
 <head>
 <meta charset=\"UTF-8\" />
 </head>
</html>

<html>
    <head>
   <meta charset="UTF-8" />
   <title>Notification</title>
   <meta http-equiv="Content-Type" content="text/html charset=UTF-8" />
   <meta name="viewport" content="width=device-width,initial-scale=1" />
   <meta name="x-apple-disable-message-reformatting" />
   <style>
     * {
       font-family: Roboto, Arial, sans-serif;
     }
     body {
       padding: 0;
       margin: 0;
     }
     table {
       border: 0;
       width: 100%;
       border-spacing: 0;
     }
     table tr td {
       padding: 0;
     }
     .timestamp {
       color: #9097ad;
       font-size: 12px;
       line-height: 14px;
       padding-bottom: 5px;
     }
     .notification-text {
       font-size: 14px;
       line-height: 16px;
       color: #263040;
       padding-bottom: 30px;
     }
     .view-in-link a {
       text-decoration: none;
       background: #933aeb;
       border-radius: 10px;
       color: #ffffff;
       font-size: 14px;
       line-height: 16px;
       padding: 15px 35px;
       display: inline-block;
       font-weight: 500;
     }
     .ExternalClass {
       width: 100%;
     }
   </style>
 </head>
    <body style="padding: 0;">
     <table style="margin: 0; padding: 24px !important;">
       <tr style="margin: 0; padding: 0;">
         <th style="margin: 0; padding: 0 0 24px 0; text-align: left">
           <img src="cid:vezaLogo" style="width: 75px; display:inline-block;" alt="Veza logo" />
         </th>
       </tr>
       <tr>
         <td class="timestamp">{{WORKFLOW_TIME}}</td>
       </tr>
       <tr>
         <td class="notification-text">{{WORKFLOW_TEXT}}</td>
       </tr>
       <tr>
         <td class="view-in-link">
           <a href="{{WORKFLOW_URL}}" rel="noreferrer noopener" target="_blank"> View in Veza </a>
         </td>
       </tr>
     </table>
   </body>
</html>

Digest Emails

The following template is used by default for emails:

<!DOCTYPE html>
<html lang="en">
   <head>
      <title> Access Reviews Digest </title>
   </head>
   <body style="
      padding: 50px 5px 0px 50px;
      font-family: Arial, sans-serif;
      text-align: center;
      background-color: #f1efef;">

      <img src="cid:` + email.VezaLogo + `" alt="Veza Logo" style="padding: 20px;">

      <!-- Table Container -->
      <div style="
         max-width: 750px;
         margin: auto;
         padding: 15px 0 15px;
         background-color: white;
         border-radius: 10px;
         ">

         <!-- Table Header -->
         <div>
            <div style="font-size: 28px; color: black; margin: 2px; font-weight:600;"> My Reviews </div>
            <span style="font-size: 22px; color: black; font-weight: 600;"> {{DIGEST_NOTIFICATION_PERIOD}} </span>
         </div>

         <!-- Table -->
         {{DIGEST_NOTIFICATION_TABLE}}

         <a href="{{ACCESS_REVIEW_URL}}">
            <button style="
               display: inline-block;
               background-color: #3c7bfa;
               color: white;
               border: none;
               border-radius: 7.5px;
               font-size: 18px;
               cursor: pointer;
               text-align: center;
               line-height: 1.5em;
               padding: 12px 14px;
               font-weight: 400;
               ">
               Go to My Reviews
            </button>
         </a>
      </div>


      <div style="
         font-size: 16px;
         color: #666;
         padding-top: 20px;
         padding: 10px 10px;">
         Copyright &copy; 2024 Veza.
      </div>

      <div style="
         font-size: 16px;
         color: #666;
         padding: 10px;
         padding-bottom: 50px;">
         To manage notifications, visit
         <a href="{{SETTINGS_URL}}" style="color: #3c7bfa;"> settings </a>
      </div>
   </body>
</html>

Usage

The available notification events are: Here's the aligned table of usages with their corresponding values from the list below:

Event Type

API Usage Value

Description

Notes

Review Started

ACCESS_WORKFLOW_STARTED

Sent when a review is published

Sent to all reviewers

Review Completed

ACCESS_WORKFLOW_COMPLETED

Sent when a review is marked complete

Not sent for expired reviews

Reviewer Changed

ACCESS_WORKFLOW_REVIEWER_CHANGED

Sent when a reviewer is reassigned

Sent to new reviewers and previously assigned reviewers

Owner Changed

ACCESS_WORKFLOW_OWNER_CHANGED

Sent when ownership changes

Notifies old and new owners

Reminder: No Activity

ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY

Sent after a period of inactivity

Can be configured to escalate to managers

Reminder: Due Date

ACCESS_WORKFLOW_REMINDER_DUE

Sent based on due date proximity

Can be sent before, on, or after due date

Digest Notification

ACCESS_WORKFLOW_DIGEST_NOTIFICATION

Periodic summary of pending reviews

Configured globally at a tenant level

Approved Row

ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF

Sent when a row is approved and signed off

Typically used for notification only

Rejected Row

ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF

Sent when a row is rejected and signed off

Often used to trigger remediation workflows

Default workflow text

The built-in template for all messages uses a single {{WORKFLOW_TEXT}} placeholder in the subject and body. This default content depends on the notification event type, or "usage".

See the following list for the default workflow text for each notification event:

ACCESS_WORKFLOW_STARTED

Subject Text

Access Workflow --> Certification: A new certification was started on workflow {{WORKFLOW_NAME}}

Body Text

A new certification was started for workflow {{WORKFLOW_NAME}}

ACCESS_WORKFLOW_COMPLETED

Subject Text

Access Certification: A certification on workflow {{WORKFLOW_NAME}} has been completed

Body Text

A certification has been completed on workflow {{WORKFLOW_NAME}}

ACCESS_WORKFLOW_REVIEWER_CHANGED

Subject Text

Access Certification: Assigned reviewers changed on certification for workflow {{WORKFLOW_NAME}}

Body Text (Previous Reviewer)

On a certification for workflow {{WORKFLOW_NAME}} the assigned reviewers has changed from {{WORKFLOW_CERT_OLD_REVIEWERS}} to {{WORKFLOW_CERT_REVIEWERS}}.

Body Text (New Reviewer)

{{WORKFLOW_TEXT}}: On a certification for workflow {{WORKFLOW_NAME}} the assigned reviewers has changed to {{WORKFLOW_CERT_REVIEWERS}}.

ACCESS_WORKFLOW_OWNER_CHANGED

Subject Text

Access Workflow: A new owner assigned to workflow {{WORKFLOW_OWNER}}

Body Text

The owner of access workflow {{WORKFLOW_NAME}} has changed from {{WORKFLOW_OLD_OWNER}} to {{WORKFLOW_OWNER}}.

ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY

Subject Text

Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}

Body Text

User {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} hasn't made progress on the certification started on {{WORKFLOW_CERT_STARTED_ON_DATE}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}. User {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} has {{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_NEED_SIGN_OFF}} of {{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_TOTAL}} rows that need to be signed off.

ACCESS_WORKFLOW_REMINDER_DUE

Subject Text

Access Certification Reminder: Certification {{WORKFLOW_CERT_DUE_IN_PHRASE}} on workflow {{WORKFLOW_NAME}}

Body Text

The certification started on {{WORKFLOW_CERT_STARTED_ON_DATE}} for workflow {{WORKFLOW_NAME}} {{WORKFLOW_CERT_DUE_ON_PHRASE}}.

ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF

Subject Text

Access Review: Access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was approved in {{WORKFLOW_NAME}} Review

Body Text

In the access review {{WORKFLOW_NAME}}, access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was approved.

Please find more details below:
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}

ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF

Subject Text

Access Review: Access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was rejected in {{WORKFLOW_NAME}} Review

Body Text

In the access review {{WORKFLOW_NAME}}, access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was rejected.

Please revoke the access described below:
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}

ACCESS_WORKFLOW_DIGEST_NOTIFICATION
- Subject Text
  My Reviews - {{DIGEST_NOTIFICATION_PERIOD}}
- Body Text: See section for details.

Image Attachments

From the Veza UI, you can add images directly through the "Add images" option. These will be automatically encoded and included in your template.

For API-based template management, small images under 64kb can be attached when configuring a template. The image must be base64-encoded and specified in the attachments field of the API request.

To use an attachment you have uploaded in a template, specify it by attachment.name, for example:

<img src="cid:<name_of_attachment>"

To embed high-resolution images in your templates, you should serve the content from a public URL, and use HTML to link and style it.

Placeholders

Placeholders for all templates

Summary

Placeholder

Configuration Name

{{WORKFLOW_NAME}}

Configuration Text

{{WORKFLOW_TEXT}}

Configuration URL

{{WORKFLOW_URL}}

Configuration Time

{{WORKFLOW_TIME}}

Configuration Owner

{{WORKFLOW_OWNER}}

Configuration Description

{{WORKFLOW_DESCRIPTION}}

If a review (certification) exists for a configuration (workflow), the following placeholders are available:

Summary

Placeholder

Review Due On Date

{{WORKFLOW_CERT_DUE_ON_DATE}}

Review Last Activity On Date

{{WORKFLOW_CERT_LAST_ACTIVITY_ON_DATE}}

Review Last Activity On Time

{{WORKFLOW_CERT_LAST_ACTIVITY_ON_TIME}}

Review Last Activity By

{{WORKFLOW_CERT_LAST_ACTIVITY_BY}}

Review Last Updated On

{{WORKFLOW_CERT_LAST_UPDATED_ON_DATE}}

Review Last Updated On Full

{{WORKFLOW_CERT_LAST_UPDATED_ON_TIME}}

Review Last Updated By

{{WORKFLOW_CERT_LAST_UPDATED_BY}}

Review Started On Date

{{WORKFLOW_CERT_STARTED_ON_DATE}}

Review Started On Time

{{WORKFLOW_CERT_STARTED_ON_TIME}}

Review Created By

{{WORKFLOW_CERT_CREATED_BY}}

Review Completed On Date

{{WORKFLOW_CERT_COMPLETED_ON_DATE}}

Review Completed On Time

{{WORKFLOW_CERT_COMPLETED_ON_TIME}}

Review Completed By

{{WORKFLOW_CERT_COMPLETED_BY}}

Review Phrase

{{WORKFLOW_CERT_PHRASE}}

Dates and Times: For placeholders that refer to a timestamp, you can show the full "Time" or simple "Date" format:

{{WORKFLOW_CERT_STARTED_ON_TIME}} result: "Mon, Jan 2nd 2006, 3:04:05PM"
{{WORKFLOW_CERT_STARTED_ON_DATE}} result: "2006-01-02"

Digest notification placeholders

Unique placeholders are available for the ACCESS_WORKFLOW_DIGEST_NOTIFICATION usage:

Placeholder

Description

{{DIGEST_NOTIFICATION_PERIOD}}

The time period covered by the digest (e.g., "January 1 - January 7, 2024")

{{ACCESS_REVIEW_URL}}

Link to the Access Reviews overview (varies based on user role)

{{SETTINGS_URL}}

Link to the Access Review settings page where digest emails can be configured. Only admins and operators can view this page.

{{DIGEST_NOTIFICATION_TABLE}}

Formatted HTML table showing in-progress reviews.

The {{DIGEST_NOTIFICATION_TABLE}} placeholder generates a tabular summary of assigned reviews, including the:

Review name and link to the review
Due date (if applicable)
Total items needing review
Status indicators (e.g., New, Overdue)

DIGEST_NOTIFICATION_TABLE Raw HTML

The DIGEST_NOTIFICATION_TABLE placeholder translates to the following HTML table:

<!-- Table -->
<table style="
   border-collapse: collapse;
   width: 90%;
   margin: 20px auto;
   ">
   {{ range .Certifications }}
   <tr style="
      padding: 10px;
      ">
      <!-- Left Aligned -->
      <td style="text-align: left; padding: 10px;">
         <a href="{{ .CertUrl }}"
            style="
            text-decoration: none;
            color: #3c7bfa;
            font-size: 20px;
            font-weight: bold;">
            <span style="
               font-size: 20px;
               font-weight: bold;
               color: #3c7bfa;">
               {{ .CertName }}
            </span> <br>
            {{ if .DueDate }}
               <span style="
                  font-size: 15px;
                  font-weight: bold;
                  color: #666;
                  ">
                  Due {{ .DueDate }}
               </span>
            {{ end }}
         </a>
      </td>

      <!-- Right Aligned -->
      <td style="text-align: right; padding: 10px;">
         <a href="{{ .CertUrl }}"
            style="
            text-decoration: none;
            color: #3c7bfa;
            font-size: 20px;
            font-weight: bold;">
            <button style ="
               background-color: #d4d4d4;
               border: none;
               color: #666;
               padding: 6px 15px;
               text-align: center;
               margin: 2px 5px;
               cursor: pointer;
               font-size: 16px;
               border-radius: 31px;">
               {{ .WorkLeft }} need review
            </button>
            {{ if .Overdue }}
            <button style="
               background-color: #f7b5b5;
               border: none;
               color: #666;
               padding: 6px 15px;
               text-align: center;
               margin: 2px 5px;
               cursor: pointer;
               font-size: 16px;
               border-radius: 31px;
               ">
               Overdue
            </button>
            {{ else if .New }}
            <button style="
               background-color: aquamarine;
               border: none;
               color: #666;
               padding: 6px 15px;
               text-align: center;
               margin: 2px 5px;
               cursor: pointer;
               font-size: 16px;
               border-radius: 31px;">
               New
            </button>
            {{ end }}
         </a>
      </td>
   </tr>
   {{ end }}
</table>

ACCESS_WORKFLOW_OWNER_CHANGED placeholders

Summary

Placeholder

Workflow Old Owner

{{WORKFLOW_OLD_OWNER}}

ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY placeholders

Summary

Placeholder

Review Last Activity Days

{{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}}

Review Last Activity Phrase

{{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}

Review Last Activity Reviewer

{{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}}

Review Last Activity Rows Total

{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_TOTAL}}

Review Last Activity Rows Need Sign Off

{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_NEED_SIGN_OFF}}

Review Last Activity Rows Signed Off

{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_SIGNED_OFF}}

ACCESS_WORKFLOW_REMINDER placeholders

Summary

Placeholder

Review Due In Phrase

{{WORKFLOW_CERT_DUE_IN_PHRASE}}

Review Due Date Phrase

{{WORKFLOW_CERT_DUE_ON_PHRASE}}

Review Due Days

{{WORKFLOW_CERT_DUE_DAYS}}

ACCESS_WORKFLOW_REVIEWER_CHANGED placeholders

Summary

Placeholder

Review Old Reviewers

{{WORKFLOW_CERT_OLD_REVIEWERS}}

Review Current Reviewers

{{WORKFLOW_CERT_REVIEWERS}}

Placeholders: Rejected and Accepted Rows

Usages ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF and ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF have unique placeholders:

Summary

Placeholder

Number of impacted rows

{{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}}

List of approved or rejected rows

{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}

List of approved or rejected rows, including notes

{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_WITH_NOTES}}

List of approved or rejected rows without node IDs

{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_EXCLUDE_NODE_IDS}}

List of approved or rejected rows without node IDs, including notes

{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_WITH_NOTES_EXCLUDE_NODE_IDS}}

Examples:

Number of impacted rows:

"2 rows" | "1 row" | "x rows"

List of approved or rejected rows:

<p>[Result Id 1] From srcType1 "SrcName1" (srcId1) to destType1 "destName1" (destId1)</p>
<p>[Result Id 2] From srcType2 "SrcName2" (srcId2) to destType2 "destName2" (destId2)</p>

List of approved or rejected rows, including notes:

<p>[Result Id 1] From srcType1 "SrcName1" (srcId1) to destType1 "destName1" (destId1) because of "reason 1"</p>
<p>[Result Id 2] From srcType2 "SrcName2" (srcId2) to destType2 "destName2" (destId2) because of "reason 1"</p>

When including notes, rows approved or rejected without a note will fall back to:

<p>[Result Id 1] From srcType1 "SrcName1" (srcId1) to destType1 "destName1" (destId1)</p>

List of approved or rejected rows without node IDs:

<p>[Result Id 1] From srcType1 "SrcName1" to destType1 "destName1"</p>
<p>[Result Id 2] From srcType2 "SrcName2" to destType2 "destName2"</p>

List of approved or rejected rows without node IDs, including notes:

<p>[Result Id 1] From srcType1 "SrcName1" to destType1 "destName1" because "reason 1"</p>
<p>[Result Id 2] From srcType2 "SrcName2" to destType2 "destName2" because "reason 1"</p>

Placeholders: Phrases

Some placeholders represent a collection of strings and variables and are used to construct the default messages:

Phrase

Default Message

{{ACCESS_WORKFLOW_STARTED_PHRASE}}

"Access Workflow --> Certification: A new certification was started on workflow {{WORKFLOW_NAME}}"

{{ACCESS_WORKFLOW_COMPLETED_PHRASE}}

"Access Certification: A certification on workflow {{WORKFLOW_NAME}} has been completed"

{{ACCESS_WORKFLOW_REVIEWER_CHANGED_PHRASE}}

"Access Workflow: A new owner assigned to workflow {{WORKFLOW_NAME}}"

{{ACCESS_WORKFLOW_OWNER_CHANGED_PHRASE}}

"Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}"

{{ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY_PHRASE}}

"Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}"

{{ACCESS_WORKFLOW_REMINDER_DUE_PHRASE}}

"Access Certification Reminder: Certification {{WORKFLOW_CERT_DUE_IN_PHRASE}} on workflow {{WORKFLOW_NAME}}"

{{WORKFLOW_CERT_DUE_IN_PHRASE}}

"is due on {{WORKFLOW_CERT_DUE_ON_DATE}}" (if future) "was due on {{WORKFLOW_CERT_DUE_ON_DATE}}" (if past)

{{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}

"for {{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}} day" (if singular) "for {{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}} days" (if plural)