Configure and Manage Email Notifications
To help increase security, you can configure Cloud Access Service (CAS) to automatically send a confirmation email to users when specific events occur. The following table describes what happens when each configuration option is enabled.
| Configuration Option | Result When Enabled |
|---|---|
| Authenticator registration | Emails are sent following user action related to registered iOS, Android, and Windows authenticators only. They are not sent for user management of other authenticators, such as FIDO authenticators. |
| Authenticator deletion | Emails are sent after a user adds or deletes a credential or deletes a registered authenticator. If an administrator deletes a user's credential or authenticator, the user is notified in the RSA Authenticator app but does not receive an email. If an administrator deletes a user's credential or authenticator, the user is notified in the iOS, Android, or Windows app but does not receive an email. |
| FIDO Authenticator registration | Emails are sent after a user registers a FIDO authenticator. |
| Emergency Access Code generated | Emails are sent when the administrator generates the Emergency Access Code in the Cloud Administration Console. The emails are not triggered by any other administrator or user action, such as when the user enters the OTP to authenticate. |
| Hardware Authenticator registration | Emails are sent after a user registers a hardware authenticator with CAS. |
| RSA DS100 registration | Emails are sent after a user registers RSA DS100 FIDO or OTP credential. |
| Change Password | Emails are sent after a user changes their passwords successfully. |
| Code for Reset Password | Emails are sent to users with a reset link and a one-time code that enable them to reset their password. The email notification also includes the expiration time of the code. |
| Enrollment Code Sent by Administrator | Emails are sent to users with an enrollment URL and one-time code that enable them to log into My Page and register their first authenticator. The email notification also includes the expiration time of the code. |
| OATH HOTP OTP Hardware Authenticator registration | Emails are sent after a user registers an OATH HOTP OTP authenticator. |
| Damaged authenticator reported by the user | Emails are sent after a user reports the authenticator as damaged. |
| Lost authenticator reported by the user | Emails are sent after a user reports the authenticator as lost. |
| Stolen authenticator reported by the user | Emails are sent after a user reports the authenticator as stolen. |
| Unusable authenticator reported by the user for reasons other than loss, theft, or damage | Emails are sent after a user reports the authenticator as unusable. |
| Anomaly Detection (Password Spraying) | Emails are sent to Super Administrators to notify them of specific suspicious authentication attempts. |
| Authenticator platform usage enforcement | Emails are sent to users to notify them that their organization is restricting the use of the RSA Authenticator app on a specific operating system. The message advises them to migrate the app to a supported operating system before the grace period expires. |
Non-Configurable Email Notifications
The following emails are sent automatically and cannot be configured.
| Event | Description |
|---|---|
| Validation Code Requested by User | Emails are sent to a user with a code and its validity period to log in to My Page for authenticator enrollment or recovery. |
| Send Temporary Password to New User | Emails are sent to a new user with a temporary password and login instructions. |
Fulfillment-Related Email Notifications
The following email notifications are automatically sent only when the Send Emails to Requesters and Approvers option is enabled for a My Page SSO application in the app’s Fulfillment tab (for example, see Add an OIDC Application).
| Event | Description |
|---|---|
App access request creation sent to requestor | Emails are sent to a requester confirming an access request, including roles and date. |
Action needed for app access request sent to approver | Emails are sent to an approver to review and approve an access request. |
App access request status updated sent to requestor | Emails are sent to a requester with the updated status of an access request. |
Role updated sent to approver | Emails are sent to an approver notifying them of changes to a user’s role. |
Request auto approved as both requester and approver are the same | Emails are sent to a requester and an approver when a request is automatically approved because they are the same person. |
Before you begin
You must be a Super Administrator for the Cloud Administration Console.
Procedure
In the Cloud Administration Console, click My Account > Company Settings and select the Email Notifications tab.
(Optional) Click Upload Logo, and select the logo to include in the email. The file must be in JPG or PNG format, and no larger than 50 KB. The maximum logo size is 220 x 80 pixels.
If you do not specify a logo, the email does not include a logo. To delete an existing logo, click the minus sign.
In the From Email Address field, specify the email address from which the email will be sent.
In the From Display Name field, specify the display name of the sender, for example, Jan Smith.
The From email address is noreply@securid.com. You cannot change it. Using the example above, the email address looks like this: Jan Smith <noreply@securid.com>
If necessary, be sure to whitelist noreply@securid.com, so the emails are delivered to users.
(Optional) In the Signature field, specify the signature that appears at the bottom of the email. For example, you might add a name, job title, address, or contact information.
Enable or disable configurable events as needed. You can select multiple events at once. By default, all configurable events are enabled for new customers.
Click Preview Email to review the email. Subject and body cannot be modified.
Click Save Settings.
(Optional) Click Publish Changes to activate the settings immediately.
Notes:
The emails are sent in the language of the registered device containing an authentication app. For example, if the device uses Spanish, the emails are sent in Spanish. If an administrator generates an Emergency Access Code for a user and the user did not register a device, the emails are sent in English.
Anomaly Detection email notifications are sent in English.
Related Articles
Email Notifications are not using Default Email Account in RSA Identity Governance and Lifecycle 6.x and 7.0 Number of Views Customize E-mail Notifications Number of Views How to define email recipients of emails defined in RSA Identity Governance & Lifecycle email templates Number of Views How to modify or disable the 'Redirect All Email To' Email Test Option when the application is unavailable in RSA Identity… Number of Views RSA Lifecycle and Governance will cease sending emails when email server goes down and does not resume when the email serv… Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
