To improve the security of Self-Service accounts, you can configure Self-Service to send e-mail notifications to users when selected events occur.
You can enable the following Self-Service events to send e-mail notifications:
Password changes (RSA or LDAP passwords only when changed by the user through the Self-Service Console)
PIN changes and when a blocked PIN is unblocked
On-demand authentication delivery option changes
Emergency access requests
Token resynchronization requests
E-mail notifications to users about changes to their accounts can contain a link to the Self-Service Console on the web tier. This link enables users to go directly to the Self-Service Console where they can check their accounts.
The URL used to access the Self-Service Console varies depending on your deployment type. By default, Authentication Manager assumes that end users connect directly to the Self-Service Console installed on the primary instance. If your deployment includes a web tier where the end users connect through a load balancer or virtual host, your end users must use the appropriate URL for the Self-Service Console.
To include a link to the Self-Service Console in an e-mail notification, change the default URL in the notification to point to the virtual host or load balancer. This does not change the actual URL of the Self-Service Console, nor does it validate that the Self-Service Console is reachable through the specified URL.
If the e-mail address attribute is editable and Self-Service is configured to send e-mail notifications for changes to the user’s profile or on-demand authentication delivery option, Authentication Manager sends a notification to both the old and new e-mail addresses when the e-mail address is changed.