Customizing email notifications for Access Reviews using the Veza UI or API.
Last updated
Was this helpful?
Administrators can customize email notifications sent to reviewers and other stakeholders during access reviews. These emails can include instructions, unique branding, and placeholders for metadata specific to the review (such as the review name, due date, or owner). Each notification type (usage) can have its own customized template.
Notification templates support HTML and CSS. They can include links to external images or you can upload small files to Veza. The Access Reviews > Settings > Notifications tab provides a straightforward interface for creating and editing templates.
This document includes steps to configure templates in Veza, and a full reference for event types, default templates, and supported placeholders.
Veza provides a built-in user interface for managing email notification templates. This is the recommended method for creating, editing, testing, and deleting customizations to notifications.
To add a template:
Browse to Access Reviews > Settings > Notifications tab
Click Add Template to create a new notification template
Create the template by filling in the required fields:
Template name: A descriptive name for the template
Notification subject: Email subject line (supports placeholders)
Notification body: The content of the email (supports HTML and placeholders)
Notification event: The type of event the email template will apply to (also referred to as the "usage")
In the Images section, click Add images (optional)
Provide a Name for the image (used to reference the image in the template)
Upload an image by dropping a file in the designated area, or clicking Browse to select a file (maximum file size: 64KB).
You can add multiple images by clicking Add images again.
Save the template. It will appear on the list of templates on the Notifications tab, where you can edit, remove, or test it.
See Placeholders, Usage and Default Workflow Text below for all usages and default email content.
Advanced users can also manage notification templates programmatically using the API. See the API documentation for details.
You can test notification templates before implementing them in production:
Create and save your notification template through the UI
Navigate to the template list under Access Reviews > Settings > Notifications
Locate your template in the list and click the Test button in the Actions column
In the "Send Test Notification" dialog:
The template name will be pre-selected
Enter one or more recipient email addresses in the "Recipients" field (comma-separated)
Optionally add CC and BCC recipients
Click Send to deliver a test email
When testing templates, check that all placeholders are correctly replaced with sample values, verify HTML formatting displays as expected in email clients, and ensure that any links or buttons in the template are clickable and direct to the correct destinations. You should also confirm that any custom images are properly displayed.
To test a templates created via API:
Create the template using the appropriate API endpoint
Verify the template appears in the UI template list
Use the Test button in the UI to send a test email, or
Use the API test endpoint to send a test notification programmatically:
See each section below for built-in HTML templates and placeholders:
Each template you create is associated with a specific notification event (referred to as usage in the API). In the UI, this appears as the Notification event dropdown when creating or editing a template.
The available notification events are: Here's the aligned table of usages with their corresponding values from the list below:
Review Started
ACCESS_WORKFLOW_STARTED
Sent when a review is published
Sent to all reviewers
Review Completed
ACCESS_WORKFLOW_COMPLETED
Sent when a review is marked complete
Not sent for expired reviews
Reviewer Changed
ACCESS_WORKFLOW_REVIEWER_CHANGED
Sent when a reviewer is reassigned
Sent to new reviewers and previously assigned reviewers
Owner Changed
ACCESS_WORKFLOW_OWNER_CHANGED
Sent when ownership changes
Notifies old and new owners
Reminder: No Activity
ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY
Sent after a period of inactivity
Can be configured to escalate to managers
Reminder: Due Date
ACCESS_WORKFLOW_REMINDER_DUE
Sent based on due date proximity
Can be sent before, on, or after due date
Digest Notification
ACCESS_WORKFLOW_DIGEST_NOTIFICATION
Periodic summary of pending reviews
Configured globally at a tenant level
Approved Row
ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF
Sent when a row is approved and signed off
Typically used for notification only
Rejected Row
ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF
Sent when a row is rejected and signed off
Often used to trigger remediation workflows
The built-in template for all messages uses a single {{WORKFLOW_TEXT}} placeholder in the subject and body. This default content depends on the notification event type, or "usage".
See the following list for the default workflow text for each notification event:
ACCESS_WORKFLOW_STARTED
Subject Text
Body Text
ACCESS_WORKFLOW_COMPLETED
Subject Text
Body Text
ACCESS_WORKFLOW_REVIEWER_CHANGED
Subject Text
Body Text (Previous Reviewer)
Body Text (New Reviewer)
ACCESS_WORKFLOW_OWNER_CHANGED
Subject Text
Body Text
ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY
Subject Text
Body Text
ACCESS_WORKFLOW_REMINDER_DUE
Subject Text
Body Text
ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF
Subject Text
Body Text
ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF
Subject Text
Body Text
ACCESS_WORKFLOW_DIGEST_NOTIFICATION
Subject Text
Body Text: See Digest Notification Placeholders section for details.
From the Veza UI, you can add images directly through the "Add images" option. These will be automatically encoded and included in your template.
For API-based template management, small images under 64kb can be attached when configuring a template. The image must be base64-encoded and specified in the attachments field of the API request.
To use an attachment you have uploaded in a template, specify it by attachment.name, for example:
To embed high-resolution images in your templates, you should serve the content from a public URL, and use HTML to link and style it.
Use placeholders to include dynamic information in templates, such as decision timestamps, reviewer names, and other review or configuration metadata. Some placeholders are available depending on the template usage, and some are available for all templates, such as {{WORKFLOW_NAME}} and {{WORKFLOW_URL}}.
Summary
Placeholder
Configuration Name
{{WORKFLOW_NAME}}
Configuration Text
{{WORKFLOW_TEXT}}
Configuration URL
{{WORKFLOW_URL}}
Configuration Time
{{WORKFLOW_TIME}}
Configuration Owner
{{WORKFLOW_OWNER}}
Configuration Description
{{WORKFLOW_DESCRIPTION}}
If a review (certification) exists for a configuration (workflow), the following placeholders are available:
Summary
Placeholder
Review Due On Date
{{WORKFLOW_CERT_DUE_ON_DATE}}
Review Last Activity On Date
{{WORKFLOW_CERT_LAST_ACTIVITY_ON_DATE}}
Review Last Activity On Time
{{WORKFLOW_CERT_LAST_ACTIVITY_ON_TIME}}
Review Last Activity By
{{WORKFLOW_CERT_LAST_ACTIVITY_BY}}
Review Last Updated On
{{WORKFLOW_CERT_LAST_UPDATED_ON_DATE}}
Review Last Updated On Full
{{WORKFLOW_CERT_LAST_UPDATED_ON_TIME}}
Review Last Updated By
{{WORKFLOW_CERT_LAST_UPDATED_BY}}
Review Started On Date
{{WORKFLOW_CERT_STARTED_ON_DATE}}
Review Started On Time
{{WORKFLOW_CERT_STARTED_ON_TIME}}
Review Created By
{{WORKFLOW_CERT_CREATED_BY}}
Review Completed On Date
{{WORKFLOW_CERT_COMPLETED_ON_DATE}}
Review Completed On Time
{{WORKFLOW_CERT_COMPLETED_ON_TIME}}
Review Completed By
{{WORKFLOW_CERT_COMPLETED_BY}}
Review Phrase
{{WORKFLOW_CERT_PHRASE}}
Dates and Times: For placeholders that refer to a timestamp, you can show the full "Time" or simple "Date" format:
{{WORKFLOW_CERT_STARTED_ON_TIME}} result: "Mon, Jan 2nd 2006, 3:04:05PM"
{{WORKFLOW_CERT_STARTED_ON_DATE}} result: "2006-01-02"
Unique placeholders are available for the ACCESS_WORKFLOW_DIGEST_NOTIFICATION usage:
Placeholder
Description
{{DIGEST_NOTIFICATION_PERIOD}}
The time period covered by the digest (e.g., "January 1 - January 7, 2024")
{{ACCESS_REVIEW_URL}}
Link to the Access Reviews overview (varies based on user role)
{{SETTINGS_URL}}
Link to the Access Review settings page where digest emails can be configured. Only admins and operators can view this page.
{{DIGEST_NOTIFICATION_TABLE}}
Formatted HTML table showing in-progress reviews.
The {{DIGEST_NOTIFICATION_TABLE}} placeholder generates a tabular summary of assigned reviews, including the:
Review name and link to the review
Due date (if applicable)
Total items needing review
Status indicators (e.g., New, Overdue)
Summary
Placeholder
Workflow Old Owner
{{WORKFLOW_OLD_OWNER}}
Summary
Placeholder
Review Last Activity Days
{{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}}
Review Last Activity Phrase
{{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}
Review Last Activity Reviewer
{{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}}
Review Last Activity Rows Total
{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_TOTAL}}
Review Last Activity Rows Need Sign Off
{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_NEED_SIGN_OFF}}
Review Last Activity Rows Signed Off
{{WORKFLOW_CERT_LAST_ACTIVITY_ROWS_SIGNED_OFF}}
Summary
Placeholder
Review Due In Phrase
{{WORKFLOW_CERT_DUE_IN_PHRASE}}
Review Due Date Phrase
{{WORKFLOW_CERT_DUE_ON_PHRASE}}
Review Due Days
{{WORKFLOW_CERT_DUE_DAYS}}
Summary
Placeholder
Review Old Reviewers
{{WORKFLOW_CERT_OLD_REVIEWERS}}
Review Current Reviewers
{{WORKFLOW_CERT_REVIEWERS}}
Usages ACCESS_WORKFLOW_ROW_ACCEPTED_AND_SIGNEDOFF and ACCESS_WORKFLOW_ROW_REJECTED_AND_SIGNEDOFF have unique placeholders:
Summary
Placeholder
Number of impacted rows
{{REVIEW_ACCEPTED_REJECTED_ROWS_PHRASE}}
List of approved or rejected rows
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA}}
List of approved or rejected rows, including notes
{{REVIEW_ACCEPTED_REJECTED_ROWS_DATA_WITH_NOTES}}
Examples:
Number of impacted rows:
List of approved or rejected rows:
List of approved or rejected rows, including notes:
When including notes, rows approved or rejected without a note will fall back to:
Some placeholders represent a collection of strings and variables and are used to construct the default messages:
Phrase
Default Message
{{ACCESS_WORKFLOW_STARTED_PHRASE}}
"Access Workflow --> Certification: A new certification was started on workflow {{WORKFLOW_NAME}}"
{{ACCESS_WORKFLOW_COMPLETED_PHRASE}}
"Access Certification: A certification on workflow {{WORKFLOW_NAME}} has been completed"
{{ACCESS_WORKFLOW_REVIEWER_CHANGED_PHRASE}}
"Access Workflow: A new owner assigned to workflow {{WORKFLOW_NAME}}"
{{ACCESS_WORKFLOW_OWNER_CHANGED_PHRASE}}
"Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}"
{{ACCESS_WORKFLOW_REMINDER_NO_ACTIVITY_PHRASE}}
"Access Certification Reminder: Certification has had no activity from {{WORKFLOW_CERT_LAST_ACTIVITY_REVIEWER}} {{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}} on workflow {{WORKFLOW_NAME}}"
{{ACCESS_WORKFLOW_REMINDER_DUE_PHRASE}}
"Access Certification Reminder: Certification {{WORKFLOW_CERT_DUE_IN_PHRASE}} on workflow {{WORKFLOW_NAME}}"
{{WORKFLOW_CERT_DUE_IN_PHRASE}}
"is due on {{WORKFLOW_CERT_DUE_ON_DATE}}" (if future)
"was due on {{WORKFLOW_CERT_DUE_ON_DATE}}" (if past)
{{WORKFLOW_CERT_LAST_ACTIVITY_PHASE}}
"for {{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}} day" (if singular)
"for {{WORKFLOW_CERT_LAST_ACTIVITY_DAYS}} days" (if plural)
