Notification Templates for Lifecycle Management

Customizing email notifications for Lifecycle Management events and Access Requests.

Overview

Administrators can customize email notifications sent during Lifecycle Management and Access Request workflows. These emails can include instructions, unique branding, and placeholders for metadata specific to the event (such as entity names, action types, or request details). Each notification type (usage) can have its own customized template.

Notification templates support HTML and CSS. They can include links to external images or you can upload small files to Veza. This document includes steps to configure templates in Veza using the notifications API, and a reference for event types, default templates, and supported placeholders.

Template Management: Currently, notification templates can only be managed via the Notification Templates API. Template management through the Veza UI is not yet available.

Access Reviews Notification Templates: For access review workflow notifications, see Access Reviews Notification Templates.

Managing notification templates

Using the API

Administrators can manage notification templates programmatically using the Notification Templates API:

# Create a template
curl -X POST "{your_veza_url}/api/preview/notifications/email_templates" \
-H "Authorization: Bearer {your_token}" \
-H "Content-Type: application/json" \
-d '{
  "name": "Custom LCM Template",
  "usage": "LIFECYCLE_MANAGEMENT_CREATE_IDENTITY",
  "subject_template": "New Account Created: {{ENTITY_TYPE}}",
  "body_template": "<html><body>Hello,<br><br>A new {{ENTITY_TYPE}} account has been created for {{ENTITY_NAME}}.<br><br>Login: {{LOGIN_NAME}}</body></html>",
  "scope": "ALL"
}'

# List templates
curl -X GET "{your_veza_url}/api/preview/notifications/email_templates" \
-H "Authorization: Bearer {your_token}"

# Update a template
curl -X PUT "{your_veza_url}/api/preview/notifications/email_templates/{template_id}" \
-H "Authorization: Bearer {your_token}" \
-H "Content-Type: application/json" \
-d '{
  "value": {
    "id": "{template_id}",
    "name": "Updated Template Name",
    "subject_template": "Updated Subject",
    "body_template": "Updated body content"
  },
  "update_mask": {
    "paths": ["name", "subject_template", "body_template"]
  }
}'

# Delete a template
curl -X DELETE "{your_veza_url}/api/preview/notifications/email_templates/{template_id}" \
-H "Authorization: Bearer {your_token}"

For more information about these operations see Notification Templates API.

Testing notification templates

Use the email_templates:test_template endpoint to send a test email using a template created via API:

curl -X POST "{your_veza_url}/api/preview/notifications/email_templates:test_template" \
-H "Authorization: Bearer {your_token}" \
-H "Content-Type: application/json" \
-d '{
  "template": {
    "id": "{template_id}"
  },
  "recipients": {
    "to": ["[email protected]"],
    "cc": ["[email protected]"],
    "bcc": ["[email protected]"]
  }
}'

Default Templates

The system provides built-in templates for all Lifecycle Management and Access Request events. These templates use placeholders that are automatically replaced with actual values when notifications are sent.

Generic Failure Template

When specific event templates aren't available or when events fail, the system uses a generic failure template:

Subject: Lifecycle job {{EVENT_TYPE}} has failed

Body:

<html><body>
<br>
<br> Here is the notification that lifecycle job has failed. <br>
Error message: {{EVENT_ERROR_MESSAGE}}<br>
<br>
For reference:
<br> job_id: {{JOB_ID}}<br>
<br> identity_id: {{EVENT_IDENTITY_ID}}
<br> identity_name: {{EVENT_IDENTITY_NAME}}
<br> entity_type: {{ENTITY_TYPE}}
<br> entity_name: {{ENTITY_NAME}}
</body></html>

See Default Template Content for all default messages.

Lifecycle Management Events

Each template you create is associated with a specific notification event (referred to as usage in the API). The following event types are available for Lifecycle Management workflows, organized by functional area:

Identity Management Events

Event Type

API Usage Value

Description

Create Identity

LIFECYCLE_MANAGEMENT_CREATE_IDENTITY

Sent when a new identity/account is created

Create Identity Failed

LIFECYCLE_MANAGEMENT_CREATE_IDENTITY_FAILED

Sent when identity creation fails

Sync Identity

LIFECYCLE_MANAGEMENT_SYNC_IDENTITY

Sent when an identity is synchronized

Sync Identity Failed

LIFECYCLE_MANAGEMENT_SYNC_IDENTITY_FAILED

Sent when identity sync fails

Delete Identity

LIFECYCLE_MANAGEMENT_DELETE_IDENTITY

Sent when an identity is deleted

Delete Identity Failed

LIFECYCLE_MANAGEMENT_DELETE_IDENTITY_FAILED

Sent when identity deletion fails

Disable Identity

LIFECYCLE_MANAGEMENT_DISABLE_IDENTITY

Sent when an identity is disabled

Disable Identity Failed

LIFECYCLE_MANAGEMENT_DISABLE_IDENTITY_FAILED

Sent when identity disabling fails

Create Guest Account

LIFECYCLE_MANAGEMENT_CREATE_GUEST_ACCOUNT

Sent when a guest account is created

Create Guest Account Failed

LIFECYCLE_MANAGEMENT_CREATE_GUEST_ACCOUNT_FAILED

Sent when guest account creation fails

Relationship Management Events

Event Type

API Usage Value

Description

Add Relationship

LIFECYCLE_MANAGEMENT_ADD_RELATIONSHIP

Sent when a relationship is added

Add Relationship Failed

LIFECYCLE_MANAGEMENT_ADD_RELATIONSHIP_FAILED

Sent when adding relationship fails

Remove Relationship

LIFECYCLE_MANAGEMENT_REMOVE_RELATIONSHIP

Sent when a relationship is removed

Remove Relationship Failed

LIFECYCLE_MANAGEMENT_REMOVE_RELATIONSHIP_FAILED

Sent when removing relationship fails

Email Management Events

Event Type

API Usage Value

Description

Create Email

LIFECYCLE_MANAGEMENT_CREATE_EMAIL

Sent when an email is created

Create Email Failed

LIFECYCLE_MANAGEMENT_CREATE_EMAIL_FAILED

Sent when email creation fails

Write Back Email

LIFECYCLE_MANAGEMENT_WRITE_BACK_EMAIL

Sent when email is synced back

Write Back Email Failed

LIFECYCLE_MANAGEMENT_WRITE_BACK_EMAIL_FAILED

Sent when email sync back fails

Password Management Events

Event Type

API Usage Value

Description

Change Password

LIFECYCLE_MANAGEMENT_CHANGE_PASSWORD

Sent when a password is changed

Change Password Failed

LIFECYCLE_MANAGEMENT_CHANGE_PASSWORD_FAILED

Sent when password change fails

Reset Password

LIFECYCLE_MANAGEMENT_RESET_PASSWORD

Sent when a password is reset

Reset Password Failed

LIFECYCLE_MANAGEMENT_RESET_PASSWORD_FAILED

Sent when password reset fails

Entitlement Management Events

Event Type

API Usage Value

Description

Create Entitlement

LIFECYCLE_MANAGEMENT_CREATE_ENTITLEMENT

Sent when an entitlement is created

Create Entitlement Failed

LIFECYCLE_MANAGEMENT_CREATE_ENTITLEMENT_FAILED

Sent when entitlement creation fails

Rename Entitlement

LIFECYCLE_MANAGEMENT_RENAME_ENTITLEMENT

Sent when an entitlement is renamed

Rename Entitlement Failed

LIFECYCLE_MANAGEMENT_RENAME_ENTITLEMENT_FAILED

Sent when entitlement renaming fails

Sync Entitlement

LIFECYCLE_MANAGEMENT_SYNC_ENTITLEMENT

Sent when an entitlement is synced

Sync Entitlement Failed

LIFECYCLE_MANAGEMENT_SYNC_ENTITLEMENT_FAILED

Sent when entitlement sync fails

Actions and Workflows Events

Event Type

API Usage Value

Description

Custom Action

LIFECYCLE_MANAGEMENT_CUSTOM_ACTION

Sent when a custom action is performed

Custom Action Failed

LIFECYCLE_MANAGEMENT_CUSTOM_ACTION_FAILED

Sent when custom action fails

Action Succeed

LIFECYCLE_MANAGEMENT_ACTION_SUCCEED

Sent when an action succeeds

Action Failed

LIFECYCLE_MANAGEMENT_ACTION_FAILED

Sent when an action fails

Workflow Task Failed

LIFECYCLE_MANAGEMENT_WORKFLOW_TASK_FAILED

Sent when a workflow task fails

Extraction Event Failed

LIFECYCLE_MANAGEMENT_EXTRACTION_EVENT_FAILED

Sent when extraction processing fails

Access Reviews Events

Event Type

API Usage Value

Description

Create Access Review Queued

LIFECYCLE_MANAGEMENT_CREATE_ACCESS_REVIEW_QUEUED

Sent when access review is queued

Create Access Review

LIFECYCLE_MANAGEMENT_CREATE_ACCESS_REVIEW

Sent when access review is created

Safety Events

Event Type

API Usage Value

Description

Safety Limit Reached

LIFECYCLE_MANAGEMENT_SAFETY_LIMIT_REACHED

Sent when safety limits are reached

Access Request Events

Event Type

API Usage Value

Description

Access Request Created

LIFECYCLE_MANAGEMENT_ACCESS_REQUEST_CREATED

Sent when an Access Request is created

Access Request Action Run

LIFECYCLE_MANAGEMENT_ACCESS_REQUEST_ACTION_RUN

Sent when Access Request actions start running

Access Request State Changed

LIFECYCLE_MANAGEMENT_ACCESS_REQUEST_STATE_CHANGED

Sent when Access Request state changes

Access Request Approver Assigned

LIFECYCLE_MANAGEMENT_ACCESS_REQUEST_APPROVER_ASSIGNED

Sent when new approvers are assigned

Access Request Succeed

LIFECYCLE_MANAGEMENT_ACCESS_REQUEST_SUCCEED

Sent when Access Request succeeds

Access Request Failed

LIFECYCLE_MANAGEMENT_ACCESS_REQUEST_FAILED

Sent when Access Request fails

Default Template Content

Veza provides built-in email templates for all event types, organized by functional area below. These templates include standard placeholders and can be customized or replaced with your own templates.

Identity Management Templates

CREATE_IDENTITY

Subject: New Hire Notification: {{ENTITY_TYPE}} account created
Body:

<html><body>
Hello,<br>
<br>
Here is the information for your new-hire: {{ENTITY_NAME}} <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
Login Name: {{LOGIN_NAME}} <br>
<br>
</body></html>

CREATE_GUEST_ACCOUNT

Subject: New {{ENTITY_TYPE}} Guest Account Created: {{ENTITY_NAME}}
Body:

<html><body>
Hello,<br>
<br>
New {{ENTITY_TYPE}} Guest Account Created <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
Name: {{ENTITY_NAME}} <br>
Login Name: {{LOGIN_NAME}} <br>
Invite Sent: {{SENT_INVITE}} <br>
<br>
</body></html>

SYNC_IDENTITY

Subject: Sync Identity Notification: {{ENTITY_TYPE}} account synced
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} attributes have been synced <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
<br>
</body></html>

DELETE_IDENTITY

Subject: Identity Deleted Notification: {{ENTITY_TYPE}} has an account deleted
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} has been deleted <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
<br>
</body></html>

DISABLE_IDENTITY

Subject: Identity Disabled Notification: {{ENTITY_TYPE}} has an account disabled
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} has been disabled <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
<br>
</body></html>

Relationship Management Templates

ADD_RELATIONSHIP

Subject: New Relationship Added Notification: {{ENTITY_TYPE}} has an account with new relationship to a {{RELATIONSHIP_ENTITY_TYPE}}
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} has a new relationship to {{RELATIONSHIP_ENTITY_NAME}} <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
Relationship Type: {{RELATIONSHIP_ENTITY_TYPE}} <br>
<br>
</body></html>

REMOVE_RELATIONSHIP

Subject: Relationship Removed Notification: {{ENTITY_TYPE}} has an account whose relationship was remove from a {{RELATIONSHIP_ENTITY_TYPE}}
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} has a relationship removed from {{RELATIONSHIP_ENTITY_NAME}} <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
Relationship Type: {{RELATIONSHIP_ENTITY_TYPE}} <br>
<br>
</body></html>

Email Management Templates

CREATE_EMAIL

Subject: New Email Notification: {{ENTITY_TYPE}} has an account with new email
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} has a new email address <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
Email: {{EMAIL}} <br>
<br>
</body></html>

WRITE_BACK_EMAIL

Subject: New Write Back Email Notification: {{ENTITY_TYPE}} has had an email sync to it
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} has the newly created email synced back to it <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
Email: {{EMAIL}} <br>
<br>
</body></html>

Password Management Templates

CHANGE_PASSWORD

Subject: Password Change Notification: {{ENTITY_TYPE}} has an account with a new password
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} has a password <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
Login Name: {{LOGIN_NAME}} <br>
New Password: {{LOGIN_PASSWORD}} <br>
<br>
</body></html>

RESET_PASSWORD

Subject: Reset Password Notification: {{ENTITY_TYPE}} has had their password reset
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} has had their password reset <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
Login Name: {{LOGIN_NAME}} <br>
Temporary Password: {{LOGIN_PASSWORD}} <br>
<br>
</body></html>

Entitlement Management Templates

CREATE_ENTITLEMENT

Subject: Create entitlement notification: an entry of {{ENTITY_TYPE}} is created
Body:

<html><body>
Hello,<br>
<br>
An entry of {{ENTITY_TYPE}} is created: {{ENTITY_NAME}} <br>
<br>
</body></html>

RENAME_ENTITLEMENT

Subject: Rename entitlement notification: an entry of {{ENTITY_TYPE}} is renamed
Body:

<html><body>
Hello,<br>
<br>
An entry of {{ENTITY_TYPE}} is renamed with new name: {{ENTITY_NAME}} <br>
<br>
</body></html>

SYNC_ENTITLEMENT

Subject: Sync entitlement notification: an entry of {{ENTITY_TYPE}} is renamed
Body:

<html><body>
Hello,<br>
<br>
An entry of {{ENTITY_TYPE}} has been re-synced with the target system: {{ENTITY_NAME}} <br>
<br>
</body></html>

Access Request Templates

ACCESS_REQUEST_COMPLETE

Subject: Access Request {{ACCESS_REQUEST_TYPE}} for {{ACCESS_REQUEST_ENTITY_NAME}} has {{SUCCEED_OR_FAILED}}
Body:

<html><body>
Hello,<br>
<br>
{{ACCESS_REQUEST_ENTITY_NAME}} has been {{ACCESS_REQUEST_TYPE}} with: {{ACCESS_REQUEST_TARGET_NAME}}.<br>
<br>
User Type: {{ACCESS_REQUEST_ENTITY_TYPE}} <br>
Target Type: {{ACCESS_REQUEST_TARGET_TYPE}} <br>
<br>
</body></html>

ACCESS_REQUEST_CREATED

Subject: {{ACCESS_REQUEST_SOURCE_TYPE}} for {{ACCESS_REQUEST_ENTITY_NAME}} is {{ACCESS_REQUEST_STATE}}
Body:

<html><body>
Hello,<br>
<br>
The request is currently in {{ACCESS_REQUEST_STATE}} state.
<br>
For details: {{ACCESS_REQUEST_URL}}
<br>
</body></html>

ACCESS_REQUEST_FAILED

Subject: {{ACCESS_REQUEST_SOURCE_TYPE}} for {{ACCESS_REQUEST_ENTITY_NAME}} is failed
Body:

<html><body>
Hello,<br>
<br>
The request is failed, with an error message: {{EVENT_ERROR_MESSAGE}}
<br>
For details: {{ACCESS_REQUEST_URL}}
<br>
</body></html>

ACCESS_REQUEST_STATE_CHANGED

Subject: {{ACCESS_REQUEST_SOURCE_TYPE}} for {{ACCESS_REQUEST_ENTITY_NAME}} is {{ACCESS_REQUEST_STATE}}
Body:

<html><body>
Hello,<br>
<br>
The request is currently in {{ACCESS_REQUEST_STATE}} state.
<br>
For details: {{ACCESS_REQUEST_URL}}
<br>
</body></html>

ACCESS_REQUEST_APPROVER_ASSIGNED

Subject: {{ACCESS_REQUEST_SOURCE_TYPE}} for {{ACCESS_REQUEST_ENTITY_NAME}} in {{ACCESS_REQUEST_STATE}} as new assigned approvers
Body:

<html><body>
Hello,<br>
<br>
The request currently in {{ACCESS_REQUEST_STATE}} state has new been assigned new approvers.
<br>
For details: {{ACCESS_REQUEST_URL}}
<br>
</body></html>

Error and Failure Templates

ACTION_FAILED

Subject: Action Failed: {{ACTION_NAME}} for identity {{IDENTITY_NAME}}
Body:

<html><body>
Hello,<br>
<br>
Action has failed.<br>
<br>
Identity: {{IDENTITY_NAME}}<br>
Action Name: {{ACTION_NAME}}<br>
Action Type: {{ACTION_TYPE}}<br>
Workflow Name: {{WORKFLOW_NAME}}<br>
Error Message: {{EVENT_ERROR_MESSAGE}}<br>
<br>
</body></html>

WORKFLOW_TASK_FAILED

Subject: Workflow Failed: {{WORKFLOW_NAME}} for identity {{IDENTITY_NAME}}
Body:

<html><body>
Hello,<br>
<br>
Workflow has failed.<br>
<br>
Identity: {{IDENTITY_NAME}}<br>
Workflow Name: {{WORKFLOW_NAME}}<br>
Error Message: {{EVENT_ERROR_MESSAGE}}<br>
<br>
</body></html>

EXTRACTION_EVENT_FAILED

Subject: Lifecycle Management extraction processing failed for {{DATASOURCE_ID}}
Body:

<html><body>
Hello,<br>
<br>
Extraction processing has failed.<br>
<br>
Datasource: {{DATASOURCE_ID}}<br>
Error Message: {{EVENT_ERROR_MESSAGE}}<br>
<br>
</body></html>

Access Review Templates

CREATE_ACCESS_REVIEW_QUEUED

Subject: Create Access Review Queued Notification: for identity {{IDENTITY_NAME}}
Body:

<html><body>
Hello,<br>
<br>
An access review has been queued for {{IDENTITY_NAME}} <br>
<br>
</body></html>

CREATE_ACCESS_REVIEW

Subject: Create Access Review Notification: for identity {{IDENTITY_NAME}}
Body:

<html><body>
Hello,<br>
<br>
An access review has been created for {{IDENTITY_NAME}} <br>
<br>
</body></html>

Safety and Custom Action Templates

SAFETY_LIMIT_REACHED

Subject: Safety Limit Reached Notification: Policy {{POLICY_NAME}} has stopped processing identity changes
Body:

<html><body>
Hello,<br>
<br>
The safety limit for policy {{POLICY_NAME}} has been reached. No further identity changes were processed.<br>
</body></html>

CUSTOM_ACTION

Subject: New Custom Action Notification: {{ENTITY_TYPE}} has performed a custom action
Body:

<html><body>
Hello,<br>
<br>
{{ENTITY_NAME}} has performed a custom action <br>
<br>
Account Type: {{ENTITY_TYPE}} <br>
Message: {{EVENT_ERROR_MESSAGE}} <br>
<br>
</body></html>

Image Attachments

From the Veza UI, you can add images directly through the "Add images" option. These will be automatically encoded and included in your template.

Image Requirements: For API-based template management, small images under 64kb can be attached when configuring a template. The image must be base64-encoded and specified in the attachments field of the API request.

To use an attachment you have uploaded in a template, specify it by attachment.name, for example:

<img src="cid:<name_of_attachment>"

To embed high-resolution images in your templates, you should serve the content from a public URL, and use HTML to link and style it.

Placeholders

Use placeholders to include dynamic information in templates, such as entity names, action types, timestamps, and other event metadata. Placeholders are automatically replaced with actual values when notifications are sent.

Identity and Entity Information

Placeholder

Description

{{ENTITY_TYPE}}

The type of entity (e.g., "ActiveDirectoryUser", "OktaUser")

{{ENTITY_NAME}}

The name of the entity/identity

{{LOGIN_NAME}}

The login/username for the account

{{LOGIN_PASSWORD}}

The password (for password-related notifications)

{{EMAIL}}

Email address associated with the identity

Relationship Information

Placeholder

Description

{{RELATIONSHIP_ENTITY_TYPE}}

Type of the related entity

{{RELATIONSHIP_ENTITY_NAME}}

Name of the related entity

Action and Job Information

Placeholder

Description

{{ACTION_NAME}}

Name of the action being performed

{{ACTION_TYPE}}

Type of action

{{ACTION_JOB_ID}}

Unique identifier for the action job

{{SUCCEED_OR_FAILED}}

Status indicator ("succeeded" or "failed")

{{SENT_INVITE}}

Whether an invite was sent (for guest accounts)

Access Request Information

Placeholder

Description

{{ACCESS_REQUEST_TYPE}}

Type of Access Request

{{ACCESS_REQUEST_ENTITY_NAME}}

Name of the entity requesting access

{{ACCESS_REQUEST_ENTITY_TYPE}}

Type of the requesting entity

{{ACCESS_REQUEST_TARGET_TYPE}}

Type of the target resource

{{ACCESS_REQUEST_TARGET_NAME}}

Name of the target resource

{{ACCESS_REQUEST_URL}}

URL to view the Access Request details

{{ACCESS_REQUEST_STATE}}

Current state of the Access Request

{{ACCESS_REQUEST_SOURCE_TYPE}}

Source type of the Access Request

Event and Error Information

Placeholder

Description

{{EVENT_TYPE}}

Type of lifecycle event

{{JOB_ID}}

Job identifier

{{EVENT_ERROR_MESSAGE}}

Error message for failed events

{{EVENT_IDENTITY_ID}}

Identity ID associated with the event

{{EVENT_IDENTITY_NAME}}

Identity name associated with the event

Policy and Workflow Information

Placeholder

Description

{{POLICY_NAME}}

Name of the lifecycle policy

{{WORKFLOW_NAME}}

Name of the workflow

{{ACTION_ID}}

Action identifier

{{WORKFLOW_ID}}

Workflow identifier

{{DATASOURCE_ID}}

Datasource identifier

PreviousIdentity Override Attributes NextIntegrations

Last updated 1 day ago

Was this helpful?