Customize email message contents

This topic describes how to customize the email messages used to facilitate log in and device enrollment for users, as well as other notifications.

You can upload your company logo and customize the wording and styles for these email messages.

Modify an email template

The following procedure describes how to modify an email template.

To modify an email template:

  1. Go to Settings > Customization > Account Customization.

  2. Click the template that you want to edit.

    The following templates are available:

    Template Name Purpose

    MFA Challenge

    An email message sent to users when they log in to the user portal or the Identity Administration portal.

    Required: You must enable authentication policy controls and select “Email Confirmation code” as one of the multifactor authentication options. See How to define authentication requirements.

    When users get this email, they can click “Continue with authentication” or enter the one-time passcode on the log in screen to complete the log in. Do not change href='{AuthLink}' or {AuthCode}.

    MFA Challenge with Code

    An email message sent to users when they log in to the user portal or the Identity Administration portal.

    Required: You must enable authentication policy controls and select “Email Confirmation code” as one of the multifactor authentication options. See How to define authentication requirements.

    When users get this email, they enter the one-time passcode on the log in screen to complete the log in. Do not change {AuthCode}.

    Device Enrollment

    A email message sent to the user to help them enroll the device in CyberArk Identity.

    Required: You either selected Skip MFA for invite-based enrollment when you enabled users to enroll devices or you initiated a one time invitation. See One time enrollment invitation.

    When users get this message, they click the link to download and install the CyberArk Identity mobile app. Do not change {EnrollLink}.

    Bulk User Import Report

    An email message sent after a bulk user import that indicates how many accounts were created out of the total requested and lists the names from the file for whom accounts could not be created (see Create CyberArk Cloud Directory users in bulk).

    Do not change {CreatedUsers}, {TotalUsers}, or {FailedSummary}.

    Bulk OATH Token Import Report

    An email message sent after a bulk import of OATH tokens that indicates the number of successful tokens imported out of the total and percentage of failed imports. See Enable OATH OTP.

    Do not change:

    {TotalSuccess}

    {TotalRecord}

    {% if TotalFailed > 0%}

    {% endif %}

    {FailedSummary}

    Bulk Corporate Owned Device Import Report

    An email message sent after a bulk import of corporate owned devices that shows the number of successful devices imported out of the total and percentage of failed imports. See How to select the policy service for device management.

    Do not change:

    {TotalSuccess}

    {TotalRecord}

    {% if TotalFailed > 0%}

    {% endif %}

    {FailedSummary}

    Invite User

    Note: This message is sent only to directory service user collections (for example AD/LDAP groups) that support the email attribute. The message is sent to the user collection email, not the users'.

    This message uses the user’s company account (that is, Active Directory/LDAP) credentials to authenticate the user. Do not change
    href='{LoginLink}'.

    Invite User with OTP

    An email sent to the users you selected in the Invite users procedure to simplify log in to the user portal. The user can also use this message to enroll a device.

    This message contains the users’ CyberArk Identity account name and uses it and a one-time passcode to authenticate the user. If the user chooses enroll a device, the link takes them to the Add Device screen in the user portal.

    Do not change the following:

    login name: {UserName}

    href='{LoginLink}'

    href='{UploadLink}'

    Directory Synchronization Report

    An email message sent to the recipients specified in the Email address for report delivery field in the Identity Administration portal Settings > Provisioning page. The email includes information for new users or a change in status to existing users that are synchronized with the source directory for specified applications.

    The email message is sent once a synchronization job is complete. The progress of the job can be viewed in the Job History page (Status column).

    Do not change the following:

    {{ReportURL}}

    {{AllProvJobsURL}}

    {{PreviewReport}}

    Also see Outbound provisioning for more information on the job history for provisioned jobs.

    Forgot User Name

    Email message sent to users when they initiate a password reset. The email includes a click-able user name that users can use to define a new password.

    Do not change {UserList}.

    Confirm Password Change

    Email message sent to users when they have changed their password.

    CyberArk Identity Connector Failure Notification

    Email message sent to specified users when CyberArk Identity connectorcan't reach a connector.

    Application Access Request

    Email message sent to request access to an application as part of the Workflow feature. SeeManage application access requests.

    Do not change the following:

    {{AppName}}

    {{Requestor}}

    {{Reason}}

    {{% for approver in Approve}}

    {{approver}}

    {{% end for %}}

    Application Access Request Approved

    Email message sent when an application access request is approved as part of the Workflow feature. See Manage application access requests.

    Do not change the following:

    {{% for approver in Approvers}}

    {{approver}}

    {{% end for %}}

    Application Access Request Failed

    Email message sent when a request for application access fails as part of the Workflow feature. See Manage application access requests.

    Do not change the following:

    {{Error}}

    {{AppName}}

    {{Requestor}}

    Application Access Request Rejected

    Email message sent when an approver denies a request for application access as part of the Workflow feature. See Manage application access requests.

    Do not change the following:

    {{% for approver in Approvers}}

    {{approver}}

    {{% endfor %}}

    {{% if Reason!=””%}}

    {{Reason}}

    {{% endif %}}

    Sign-up Awaiting Approval

    As part of the Identity Verification workflow, this email is sent to users waiting for approval from a designated approver to access an application where they initiated the sign-up process. For more information on configurations that have an Identity Verification solution integrated into CyberArk Identity, see Configure an Identity Verification workflow

    Sign-up Rejected

    As part of the Identity Verification workflow, this email is sent to users if the approver rejects the application sign-up request. For more information on configurations that have an Identity Verification solution integrated into CyberArk Identity, see Configure an Identity Verification workflow

    Sign-up Request Failed

    As part of the Identity Verification workflow, this email is sent to users if the sign-up request has not been sent to the Identity Administration portal. For more information on configurations that have an Identity Verification solution integrated into CyberArk Identity, see Configure an Identity Verification workflow

    Sign-up Request Review

    As part of the Identity Verification workflow, this email is sent to the approver stating that a user application sign up request is waiting for the approver to review the request. For more information on configurations that have an Identity Verification solution integrated into CyberArk Identity, see Configure an Identity Verification workflow

    Invite External User

    As part of the Identity Verification workflow, this email is sent to users when their request for an application sign-up is approved. For more information on configurations that have an Identity Verification solution integrated into CyberArk Identity, see Configure an Identity Verification workflow

    Password for new accounts

    An email is sent to the manager, user, or a specific email address containing passwords while provisioning users from:

    • HR System to AD

    • Workday to Cloud Directory

    • Cloud Directory to AD

    The email attachment includes attributes that are used in the provisioning rule (including the custom attributes). You can add additional attributes in the attachment by editing the script in the Script Editor. Go to Settings > Users > Inbound Provisioning > Attributes > Attribute Mapping Script to add additional attributes in the script. See Inbound Provisioning from CyberArk Cloud Directory.

    By default, the script will have a username and password. For example, you can add location as an attribute that is part of the provisioning attribute mapping.

    You can use the following script to add attributes to the email attachment.

    customCSVAttachment("FirstName: " + sc.TargetUserRecord.GivenName+", EmployeeID: "+sc.TargetUserRecord.EmployeeId+ ", Info: "+sc.TargetUserRecord.info);

  3. Update the template as needed.

    The following table describes the changes you can make.

    Field Description

    Language

    Use the Language drop down list to configure the template for the corresponding language. For example, if you have password confirmation change information that is specific to your Japanese users, you can add that information to the “Confirm Password Change” template by selecting Japanese in the drop down list.

    Email Subject

    Update the Email Subject, Display Name, and Email Address of the recipient if necessary.

    Display Name

    Use the Script Editor to make changes to your email message.

    Email Address

    Click Preview to see the message from the end user’s perspective.

  4. Click Upload associated with the Email Image heading to upload your company logo for the email.

  5. Click Save.

Reset an email template

To reset the template to its default values, right-click the template, then click Reset.