Notification Templates
Customizing email notifications for Access Reviews using the Veza UI or API.
Overview
Administrators can customize email notifications sent to reviewers and other stakeholders during access reviews. These emails can include instructions, unique branding, and placeholders for metadata specific to the review (such as the review name, due date, or owner). Each notification type (usage) can have its own customized template.
Notification templates support HTML and CSS. They can include links to external images or you can upload small files to Veza. The Access Reviews > Settings > Notifications tab provides a straightforward interface for creating and editing templates.
This document includes steps to configure templates in Veza, and a full reference for event types, default templates, and supported placeholders.
Managing notification templates
Using the settings page
Veza provides a built-in user interface for managing email notification templates. This is the recommended method for creating, editing, testing, and deleting customizations to notifications.
To add a template:
Browse to Access Reviews > Settings > Notifications tab
Click Add Template to create a new notification template
Creating a template on the Access Reviews settings page. Create the template by filling in the required fields:
Template configuration details. Template name: A descriptive name for the template
Notification subject: Email subject line (supports placeholders)
Notification body: The content of the email (supports HTML and placeholders)
Notification event: The type of event the email template will apply to (also referred to as the "usage")
In the Images section, click Add images (optional)
Provide a Name for the image (used to reference the image in the template)
Upload an image by dropping a file in the designated area, or clicking Browse to select a file (maximum file size: 64KB).
You can add multiple images by clicking Add images again.
Save the template. It will appear on the list of templates on the Notifications tab, where you can edit, remove, or test it.
See Placeholders, Usage and Default Workflow Text below for all usages and default email content.
Using the API
Advanced users can also manage notification templates programmatically using the API. See the API documentation for details.
Testing notification templates
You can test notification templates before implementing them in production:
Create and save your notification template through the UI
Navigate to the template list under Access Reviews > Settings > Notifications
Locate your template in the list and click the Test button in the Actions column
In the "Send Test Notification" dialog:
The template name will be pre-selected
Enter one or more recipient email addresses in the "Recipients" field (comma-separated)
Optionally add CC and BCC recipients
Click Send to deliver a test email
When testing templates, check that all placeholders are correctly replaced with sample values, verify HTML formatting displays as expected in email clients, and ensure that any links or buttons in the template are clickable and direct to the correct destinations. You should also confirm that any custom images are properly displayed.
To test a templates created via API:
Create the template using the appropriate API endpoint
Verify the template appears in the UI template list
Use the Test button in the UI to send a test email, or
Use the API test endpoint to send a test notification programmatically:
curl -X POST "{your_veza_url}/api/preview/notification-templates/{template_id}/test" \
-H "Authorization: Bearer {your_token}" \
-H "Content-Type: application/json" \
-d '{
"recipients": ["[email protected]"],
"cc": ["[email protected]"],
"bcc": ["[email protected]"]
}'Default Templates
See each section below for built-in HTML templates and placeholders:
Usage
Each template you create is associated with a specific notification event (referred to as usage in the API). In the UI, this appears as the Notification event dropdown when creating or editing a template.
The available notification events are: Here's the aligned table of usages with their corresponding values from the list below:
Review Started
ACCESS_WORKFLOW_STARTED
Sent when a review is published
Sent to all reviewers
Review Completed
ACCESS_WORKFLOW_COMPLETED
Sent when a review is marked complete
Not sent for expired reviews
Reviewer Changed
ACCESS_WORKFLOW_REVIEWER_CHANGED
Sent when a reviewer is reassigned
Sent to new reviewers and previously assigned reviewers
Owner Changed
ACCESS_WORKFLOW_OWNER_CHANGED
Sent when ownership changes
Notifies old and new owners
Reminder: No Activity
ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY
Sent after a period of inactivity
Can be configured to escalate to managers
Reminder: Due Date
ACCESS_WORKFLOW_REMINDER_DUE
Sent based on due date proximity
Can be sent before, on, or after due date
Digest Notification
ACCESS_WORKFLOW_DIGEST_NOTIFICATION
Periodic summary of pending reviews
Configured globally at a tenant level
Approved Row
ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF
Sent when a row is approved and signed off
Typically used for notification only
Rejected Row
ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF
Sent when a row is rejected and signed off
Often used to trigger remediation workflows
Default workflow text
The built-in template for all messages uses a single {{WORKFLOW_TEXT}} placeholder in the subject and body. This default content depends on the notification event type, or "usage".
See the following list for the default workflow text for each notification event:
ACCESS_WORKFLOW_STARTED
Subject Text
Access Workflow --> Certification: A new certification was started on workflow {{WORKFLOW_NAME}}Body Text
A new certification was started for workflow {{WORKFLOW_NAME}}
ACCESS_WORKFLOW_COMPLETED
Subject Text
Access Certification: A certification on workflow {{WORKFLOW_NAME}} has been completedBody Text
A certification has been completed on workflow {{WORKFLOW_NAME}}
ACCESS_WORKFLOW_REVIEWER_CHANGED
Subject Text
Access Certification: Assigned reviewers changed on certification for workflow {{WORKFLOW_NAME}}Body Text (Previous Reviewer)
On a certification for workflow {{WORKFLOW_NAME}} the assigned reviewers has changed from {{WORKFLOW_CERT_OLD_REVIEWERS}} to {{WORKFLOW_CERT_REVIEWERS}}.Body Text (New Reviewer)
{{WORKFLOW_TEXT}}: On a certification for workflow {{WORKFLOW_NAME}} the assigned reviewers has changed to {{WORKFLOW_CERT_REVIEWERS}}.
ACCESS_WORKFLOW_OWNER_CHANGED
Subject Text
Access Workflow: A new owner assigned to workflow {{WORKFLOW_OWNER}}Body Text
The owner of access workflow {{WORKFLOW_NAME}} has changed from {{WORKFLOW_OLD_OWNER}} to {{WORKFLOW_OWNER}}.
ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY
Subject Text
Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}Body Text
User {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} hasn't made progress on the certification started on {{WORKFLOW_CERT_STARTED_ON_DATE}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}. User {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} has {{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_NEED_SIGN_OFF}} of {{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_TOTAL}} rows that need to be signed off.
ACCESS_WORKFLOW_REMINDER_DUE
Subject Text
Access Certification Reminder: Certification {{WORKFLOW_CERT_DUE_IN_PHRASE}} on workflow {{WORKFLOW_NAME}}Body Text
The certification started on {{WORKFLOW_CERT_STARTED_ON_DATE}} for workflow {{WORKFLOW_NAME}} {{WORKFLOW_CERT_DUE_ON_PHRASE}}.
ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF
Subject Text
Access Review: Access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was approved in {{WORKFLOW_NAME}} ReviewBody Text
In the access review {{WORKFLOW_NAME}}, access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was approved. Please find more details below: {{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}
ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF
Subject Text
Access Review: Access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was rejected in {{WORKFLOW_NAME}} ReviewBody Text
In the access review {{WORKFLOW_NAME}}, access for {{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}} was rejected. Please revoke the access described below: {{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}
ACCESS_WORKFLOW_DIGEST_NOTIFICATION
Subject Text
My Reviews - {{DIGEST_NOTIFICATION_PERIOD}}Body Text: See Digest Notification Placeholders section for details.
Image Attachments
From the Veza UI, you can add images directly through the "Add images" option. These will be automatically encoded and included in your template.
For API-based template management, small images under 64kb can be attached when configuring a template. The image must be base64-encoded and specified in the attachments field of the API request.
To use an attachment you have uploaded in a template, specify it by attachment.name, for example:
<img src="cid:<name_of_attachment>"To embed high-resolution images in your templates, you should serve the content from a public URL, and use HTML to link and style it.
Placeholders
Use placeholders to include dynamic information in templates, such as decision timestamps, reviewer names, and other review or configuration metadata. Some placeholders are available depending on the template usage, and some are available for all templates, such as {{WORKFLOW_NAME}} and {{WORKFLOW_URL}}.
Placeholders for all templates
Summary
Placeholder
Configuration Name
{{WORKFLOW_NAME}}
Configuration Text
{{WORKFLOW_TEXT}}
Configuration URL
{{WORKFLOW_URL}}
Configuration Time
{{WORKFLOW_TIME}}
Configuration Owner
{{WORKFLOW_OWNER}}
Configuration Description
{{WORKFLOW_DESCRIPTION}}
If a review (certification) exists for a configuration (workflow), the following placeholders are available:
Summary
Placeholder
Review Due On Date
{{WORKFLOW_CERT_DUE_ON_DATE}}
Review Last Activity On Date
{{WORKFLOW_CERT_LAST_ACTIVITY_ON_DATE}}
Review Last Activity On Time
{{WORKFLOW_CERT_LAST_ACTIVITY_ON_TIME}}
Review Last Activity By
{{WORKFLOW_CERT_LAST_ACTIVITY_BY}}
Review Last Updated On
{{WORKFLOW_CERT_LAST_UPDATED_ON_DATE}}
Review Last Updated On Full
{{WORKFLOW_CERT_LAST_UPDATED_ON_TIME}}
Review Last Updated By
{{WORKFLOW_CERT_LAST_UPDATED_BY}}
Review Started On Date
{{WORKFLOW_CERT_STARTED_ON_DATE}}
Review Started On Time
{{WORKFLOW_CERT_STARTED_ON_TIME}}
Review Created By
{{WORKFLOW_CERT_CREATED_BY}}
Review Completed On Date
{{WORKFLOW_CERT_COMPLETED_ON_DATE}}
Review Completed On Time
{{WORKFLOW_CERT_COMPLETED_ON_TIME}}
Review Completed By
{{WORKFLOW_CERT_COMPLETED_BY}}
Review Phrase
{{WORKFLOW_CERT_PHRASE}}
Digest notification placeholders
Unique placeholders are available for the ACCESS_WORKFLOW_DIGEST_NOTIFICATION usage:
Placeholder
Description
{{DIGEST_NOTIFICATION_PERIOD}}
The time period covered by the digest (e.g., "January 1 - January 7, 2024")
{{ACCESS_REVIEW_URL}}
Link to the Access Reviews overview (varies based on user role)
{{SETTINGS_URL}}
Link to the Access Review settings page where digest emails can be configured. Only admins and operators can view this page.
{{DIGEST_NOTIFICATION_TABLE}}
Formatted HTML table showing in-progress reviews.
The {{DIGEST_NOTIFICATION_TABLE}} placeholder generates a tabular summary of assigned reviews, including the:
Review name and link to the review
Due date (if applicable)
Total items needing review
Status indicators (e.g., New, Overdue)
ACCESS_WORKFLOW_OWNER_CHANGED placeholders
Summary
Placeholder
Workflow Old Owner
{{WORKFLOW_OLD_OWNER}}
ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY placeholders
Summary
Placeholder
Review Last Activity Days
{{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}}
Review Last Activity Phrase
{{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}
Review Last Activity Reviewer
{{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}}
Review Last Activity Rows Total
{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_TOTAL}}
Review Last Activity Rows Need Sign Off
{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_NEED_SIGN_OFF}}
Review Last Activity Rows Signed Off
{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_SIGNED_OFF}}
ACCESS_WORKFLOW_REMINDER placeholders
Summary
Placeholder
Review Due In Phrase
{{WORKFLOW_CERT_DUE_IN_PHRASE}}
Review Due Date Phrase
{{WORKFLOW_CERT_DUE_ON_PHRASE}}
Review Due Days
{{WORKFLOW_CERT_DUE_DAYS}}
ACCESS_WORKFLOW_REVIEWER_CHANGED placeholders
Summary
Placeholder
Review Old Reviewers
{{WORKFLOW_CERT_OLD_REVIEWERS}}
Review Current Reviewers
{{WORKFLOW_CERT_REVIEWERS}}
Placeholders: Rejected and Accepted Rows
Usages ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF and ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF have unique placeholders:
Summary
Placeholder
Number of impacted rows
{{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}}
List of approved or rejected rows
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}
List of approved or rejected rows, including notes
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_WITH_NOTES}}
List of approved or rejected rows without node IDs
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_EXCLUDE_NODE_IDS}}
List of approved or rejected rows without node IDs, including notes
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_WITH_NOTES_EXCLUDE_NODE_IDS}}
Examples:
Number of impacted rows:
"2 rows" | "1 row" | "x rows"List of approved or rejected rows:
<p>[Result Id 1] From srcType1 "SrcName1" (srcId1) to destType1 "destName1" (destId1)</p>
<p>[Result Id 2] From srcType2 "SrcName2" (srcId2) to destType2 "destName2" (destId2)</p>List of approved or rejected rows, including notes:
<p>[Result Id 1] From srcType1 "SrcName1" (srcId1) to destType1 "destName1" (destId1) because of "reason 1"</p>
<p>[Result Id 2] From srcType2 "SrcName2" (srcId2) to destType2 "destName2" (destId2) because of "reason 1"</p>When including notes, rows approved or rejected without a note will fall back to:
<p>[Result Id 1] From srcType1 "SrcName1" (srcId1) to destType1 "destName1" (destId1)</p>List of approved or rejected rows without node IDs:
<p>[Result Id 1] From srcType1 "SrcName1" to destType1 "destName1"</p>
<p>[Result Id 2] From srcType2 "SrcName2" to destType2 "destName2"</p>List of approved or rejected rows without node IDs, including notes:
<p>[Result Id 1] From srcType1 "SrcName1" to destType1 "destName1" because "reason 1"</p>
<p>[Result Id 2] From srcType2 "SrcName2" to destType2 "destName2" because "reason 1"</p>Placeholders: Phrases
Some placeholders represent a collection of strings and variables and are used to construct the default messages:
Phrase
Default Message
{{ACCESS_WORKFLOW_STARTED_PHRASE}}
"Access Workflow --> Certification: A new certification was started on workflow {{WORKFLOW_NAME}}"
{{ACCESS_WORKFLOW_COMPLETED_PHRASE}}
"Access Certification: A certification on workflow {{WORKFLOW_NAME}} has been completed"
{{ACCESS_WORKFLOW_REVIEWER_CHANGED_PHRASE}}
"Access Workflow: A new owner assigned to workflow {{WORKFLOW_NAME}}"
{{ACCESS_WORKFLOW_OWNER_CHANGED_PHRASE}}
"Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}"
{{ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY_PHRASE}}
"Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}"
{{ACCESS_WORKFLOW_REMINDER_DUE_PHRASE}}
"Access Certification Reminder: Certification {{WORKFLOW_CERT_DUE_IN_PHRASE}} on workflow {{WORKFLOW_NAME}}"
{{WORKFLOW_CERT_DUE_IN_PHRASE}}
"is due on {{WORKFLOW_CERT_DUE_ON_DATE}}" (if future)
"was due on {{WORKFLOW_CERT_DUE_ON_DATE}}" (if past)
{{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}
"for {{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}} day" (if singular)
"for {{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}} days" (if plural)
Last updated
Was this helpful?