About EmpowerID Notifications and Emails
When identity lifecycle events occur—access requests submitted, passwords expiring, group memberships changing—administrators need automated notification delivery to ensure governance requirements are met and participants are informed. Without automated notifications, critical approvals can be delayed and policy violations may go undetected.
EmpowerID provides a notification system that delivers automated, policy-driven messages across identity lifecycle events, business requests, and system alerts. The system includes over 100 pre-configured email templates for common scenarios such as onboarding, approval requests, password management, and access changes.
Policy Engine Architecture
The EmpowerID notification system uses a policy engine that evaluates rules to determine:
- Which events trigger notifications
- Who receives notifications based on participant type and role
- How notifications are delivered (Inbox, Email, or both)
- When escalation or renotification occurs
The policy engine evaluates preferences in the following order:
- Individual user preferences — If configured for a specific user
- Role-based preferences — Based on Management Role membership
- Organizational defaults — System-level fallback configuration
When no preference is explicitly configured, the system applies organizational defaults. Administrators can audit notification delivery through logs and inbox views.
Notification Delivery Channels
Based on policy evaluation, notifications are delivered through one or both of the following channels:
- Inbox (UI) — EmpowerID Notification Inbox
- Email — Based on message templates and policy triggers
Notification Categories
EmpowerID supports the following notification categories based on event type and recipient role:
Lifecycle Notifications
- Onboarding Emails — Sent to newly created persons and their managers when provisioned via the CreatePerson workflow
- Personal Notifications — Password-related messages, expiration warnings, and other user-specific alerts
Access Request Notifications
- Approval Emails — Sent to requesters and approvers when items require approval
- Business Request Notifications — Triggered throughout the request lifecycle (detailed in the section below)
Role-Based Notifications
- Management Role Notifications — Sent to individuals who hold a Management Role with notification permissions
- Group Membership Change Alerts — Sent to members of the Group Membership Change Alerts Management Role when group membership changes
- Group Owner Notifications — Sent directly to group owners when membership changes occur
Dynamic Hierarchy Alerts
If enabled and the target group is mail-enabled, alerts are sent to people, Management Roles, or groups configured as recipients. Recipients are managed through the AssignPeopleToAlerts, AssignManagementRolesToAlerts, and AssignGroupsToAlerts workflows.
Business Request Notifications
Business Request Notifications are triggered when users submit access requests through the IT Shop. These notifications involve multiple participants—requesters, approvers, managers, and target users—and are governed by policies that determine who is notified at each stage of the approval workflow.
Notification Flow
- A user submits a request → A Business Request Event is raised
- The Notification Policy Engine evaluates whether to notify participants based on preferences and defaults
- Notifications are sent to initiators, approvers, managers, and others based on the Business Request event type and participant role
Business Request Events
EmpowerID defines the following Business Request Events that trigger notifications:
| Event Name | Description |
|---|---|
| Created | Triggered when a Business Request is created. Commonly used to notify initiators' managers. |
| Open | Used in multi-step approval flows to notify the next approver after prior approval. |
| Approver Set | Raised when an approver is manually assigned to a step. |
| Commented | Triggered when a comment is added to the request. |
| Fulfillment Ready | Sent when an individual request item is approved and ready for fulfillment. |
| Fulfillment Completed | Sent when the fulfillment of an individual item is complete. |
| Completed | Sent when the overall request or step is completed. |
| Renotification | Used in escalation policies to remind approvers of pending requests. Applies at item and item-approval-step levels. |
Business Request Participants
Participant types are determined by the BusinessRequestParticipantType table. These define who receives which notifications during the request lifecycle.
| Participant Type | Description |
|---|---|
| Initiator | Person who submitted the request |
| TargetPerson | Person receiving the assignment or resource |
| InitiatorManager | Manager of the request initiator |
| TargetPersonManager | Manager of the person receiving the assignment |
| Approver | Approver assigned to the step |
| Approver Manager | Manager of the approver |
| Potential Approver | Delegated or candidate approvers |
| Commenter | Person who adds a comment to the request |
Notification Scope Levels
Notification events are evaluated at four distinct levels of granularity:
| Level | Description |
|---|---|
| Business Request | The overall submission or cart |
| Business Request Item | Individual request items within the cart |
| Business Request Approval Step | Step-level approval status for the full request |
| Business Request Item Approval Step | Per-item approval decisions |
Message Templates
EmpowerID delivers notifications using message templates that are associated with Business Request Events and participant types. Each template defines the content, subject line, and formatting for notifications triggered by specific workflow activities.
Templates are customizable through the EmpowerID Web UI. Administrators can modify existing templates or create new ones to meet organizational requirements. Template customization includes:
- Email subject and body content
- Dynamic field insertion (requester name, resource name, approval link, etc.)
- HTML formatting and branding
- Conditional logic based on event context
Templates are triggered automatically by workflow activity and policy rules. Administrators do not manually send notifications—the policy engine evaluates events and applies the appropriate template based on configuration.
Notification Configuration
Administrators configure notification behavior through two complementary mechanisms:
Notification Policies
Notification policies define the rules for when notifications are sent and to whom. Each policy specifies:
- The Business Request event that triggers the notification (Created, Open, Completed, etc.)
- The scope level (Business Request, Item, Approval Step, or Item Approval Step)
- The participant type who receives the notification (Initiator, Approver, Manager, etc.)
- The priority order when multiple policies match the same event
- The email template used for message content
When multiple policies match a single event, the policy with the highest priority (lowest number) determines which notification is sent. For example, if policies with priority 1, 3, and 5 all match an event, only the priority 1 policy generates a notification.
Notification Preferences
Notification preferences determine whether end users can customize which notifications they receive. When "Allow User Config" is enabled for a notification, users can disable it through the My Identity application. When disabled, the organizational policy is enforced for all users.
This separation allows administrators to:
- Enforce critical notifications that users cannot disable
- Provide flexibility for non-critical notifications
- Balance organizational governance with user experience
Daily Digest Reports
In addition to event-driven notifications, EmpowerID supports scheduled daily digest reports through the Notification Report Subscription feature. These reports deliver summaries of pending tasks, expiring access, and owned resources to subscribers on a scheduled basis.
Daily digest reports are separate from Business Request notifications and are configured through different system settings and compiler jobs.
Related Articles
- Notification Policies and Preferences - Configure policies, preferences, and daily digest reports
- Subscribing Users to Alerts - Manage alert subscriptions for group changes and dynamic hierarchies
Notification templates and delivery preferences are configurable through the EmpowerID Web UI. See the Notification Policies and Preferences section for detailed configuration procedures.