Configuring email notifications

2.5 Configuring email notifications

You can configure MyID to send a notification to the credential owner when a derived credential is requested. This email message contains information on the owner, the certificate, and the job that was created for the request of the derived credential.

2.5.1 Setting up email

To set up MyID to enable email notifications, see the Setting up email section in the Advanced Configuration Guide.

2.5.2 Editing the request email template

To edit the email template:

From the Configuration category, select Email Templates.

You can also launch this workflow from the Connections and Notifications section of the More category in the MyID Operator Client. See the Using Connections and Notifications workflows section in the MyID Operator Client guide for details.
Select the Derived Credential Requested template, then click Modify.
Select the Enabled option to enable or disable the template.

Disabling the template prevents the notifications from being sent.
Edit the Template Body.

The body contains HTML text, and allows you to include codes in the template that are substituted for information about the request when the email is sent.

You can use the following substitution codes:
- %dn – Distinguished name.
- %sn – Certificate serial number.
- %expiry – Certificate expiry date.
- %issuer – Issuer name
- %Person:vPeopleUserAccounts:LogonName – Logon name of the credential owner.
- %Job:vJobsWithJobID:JobID – ID of the request job.
- %Job:vJobsWithJobID:Status – status of the request job.
- %Job:vJobsWithJobID:InitiationDate – initiation date of the request job.
- %Job:vNewRequestEmailCodes:CredentialProfileName – credential profile requested for the derived credential.
Click Save.

2.5.3 Editing the cancellation email template

To edit the email template:

From the Configuration category, select Email Templates.

You can also launch this workflow from the Connections and Notifications section of the More category in the MyID Operator Client. See the Using Connections and Notifications workflows section in the MyID Operator Client guide for details.
Select the Cancel Card template, then click Modify.
Select the Enabled option to enable or disable the template.

Disabling the template prevents the notifications from being sent.
Edit the Template Body.

The body contains HTML text, and allows you to include codes in the template that are substituted for information about the request when the email is sent.

You can use the following substitution codes:
- %Device:vDevicesWithDeviceID:SerialNumber – serial number of the canceled device.
- %Device:vDevicesWithDeviceID:DeviceTypeName – type of the canceled device.
Click Save.

2.5.4 Obtaining the email address

If the user is unknown to MyID (that is, the original credential was issued by a different system):

the Synchronize new accounts with directory configuration option is set, if MyID can link the account to the directory and that directory account contains an email address, it sends the notification to that address; otherwise, it sends the email notification to the address from the deriving certificate.
If the Synchronize new accounts with directory configuration option is not set, MyID attempts to obtain the email address from the deriving certificate and sends the notification to that address.

If the user is known to MyID (that is, there is already an account in MyID for the user):

If the Update email address from derivation configuration option is set, MyID attempts to obtain the email address from the deriving certificate and sends the notification to that address; it also updates the email address in the MyID account with the address from the certificate. If there is no email address in the certificate, it uses the email address in the MyID account.
If the Update email address from derivation configuration option is not set, MyID sends the notification to the email address in the MyID account.

If MyID cannot obtain an email address from any source, it does not attempt to send an email notification.

2.5.5 Requiring an email address

You are recommended to configure the credential profile for the derived credential to require an email address.

To require an email address:

From the Configuration category, select Operation Settings.

You can also launch this workflow from the Configuration Settings section of the More category in the MyID Operator Client. See the Using Configuration Settings workflows section in the MyID Operator Client guide for details.
Click the Issuance Processes page.
Set the following option:
- Requisite User Data – set this option to Yes.
  
  This option makes the Requisite User Data section appear in the Credential Profiles workflow.
Click Save changes.
From the Configuration category, select Credential Profiles.

You can also launch this workflow from the Credential Configuration section of the More category in the MyID Operator Client. See the Using Credential Configuration workflows section in the MyID Operator Client guide for details.
Click New to create a new credential profile, or select an existing credential profile and select Modify.
Select the Requisite User Data option.
Set the Email option to Required for Request.
Complete the rest of the credential profile configuration.

2.5.6 Updating the email address

If you set the Update email address from derivation option (on the Certificates page of the Operation Settings workflow) to Yes, if MyID obtains an email address from the deriving certificate, it updates the person's record within MyID with this address.