Configure E-mail Notifications for Self-Service User Account Changes

To improve the security of Self-Service accounts, you can configure Self-Service to send e-mail notifications to users when selected events occur.

You can enable the following Self-Service events to send e-mail notifications:

  • Profile changes

  • Password changes (RSA or LDAP passwords only when changed by the user through the Self-Service Console)

  • PIN changes and when a blocked PIN is unblocked

  • On-demand authentication delivery option changes

  • Emergency access requests

  • Token resynchronization requests

E-mail notifications to users about changes to their accounts can contain a link to the Self-Service Console on the web tier. This link enables users to go directly to the Self-Service Console where they can check their accounts.

The URL used to access the Self-Service Console varies depending on your deployment type. By default, Authentication Manager assumes that end users connect directly to the Self-Service Console installed on the primary instance. If your deployment includes a web tier where the end users connect through a load balancer or virtual host, your end users must use the appropriate URL for the Self-Service Console.

To include a link to the Self-Service Console in an e-mail notification, change the default URL in the notification to point to the virtual host or load balancer. This does not change the actual URL of the Self-Service Console, nor does it validate that the Self-Service Console is reachable through the specified URL.

In the e-mail notifications template, you can customize the field labels, message text, and add, remove, or reorder the e-mail tags. For descriptions of the e-mail tags, syntax, and default values, see E-mail Template Example for the Self-Service Console.

If the e-mail address attribute is editable and Self-Service is configured to send e-mail notifications for changes to the user’s profile or on-demand authentication delivery option, Authentication Manager sends a notification to both the old and new e-mail addresses when the e-mail address is changed.

Before you begin

Configure the SMTP Mail Service


  1. In the Security Console, go to Setup > Self-Service Settings.

  2. Under Customization, click E-Mail Notifications for User Account Changes.

  3. To change the default URL for e-mail notifications for user account changes, do one of the following.

    • If you do not have a web tier. Under Configure Default Self-Service Console URL, enter the primary instance URL and port.

      The format for the URL is:



      hostname is the fully qualified hostname of the primary instance.

    • If you have a web tier. Under Configure Default Self-Service Console URL, enter the virtual host URL and port.

      The format for the URL is:



      virtual-hostname is the fully qualified hostname of the virtual host.

      port is the virtual host port.

  4. Under E-mail Notifications, select one or more events to initiate an e-mail notification to users.

  5. Under E-mail Template, edit the Subject and Body fields.

    You cannot use angle brackets (< >) in e-mail templates.

  6. Click Save.