Configuring an Email Message mechanism

The Email Message mechanism provides arbitrary information about a user via either email, webpage, or JSON for consumption by users or applications.

Before you begin

Before using the Email Message mechanism, an SMTP server connection must first be configured. For more information about how to configure the SMTP server connection, see Managing server connections.

About this task

This mechanism can be used in conjunction with the Info Map mechanism. The Info Map mechanism populates some session info and potentially enriches the session further through user mapping. The Email Message mechanism then provides this information to the user via email.

For example, for a forgotten username:

  • The user initiates the forgot username flow.
  • The user is prompted to enter his or her email and date of birth.
  • The user provides the details.
  • The Info Map mechanism performs a lookup based on the information and enriches the session with the user name.
  • The Email Message mechanism sends an email that provides the user name to the user.

If this mechanism is not used in conjunction with the Info Map mechanism, only information from the Verify Access credential will be made available.

To use values in the Verify Access credential or session information added by the Info Map mechanism, add wrapping @ signs to the attribute identifier in the same way as they are used in macros. For example, to make use of a user's credential that contains the attribute firstName in the template page:


...
This is the welcome page for @firstName@
...
Note: The attribute identifier is case sensitive. For example, @firstname@ cannot be used to reference the attribute firstName.

You can use the Email Message mechanism to send messages in HTML format. See HTML format for OTP email messages.

Procedure

  1. Log in to the local management interface.
  2. Click AAC.
  3. Under Policy, click Authentication.
  4. Click Mechanisms.
  5. Click Email Message.
  6. Click the Properties tab.
    1. Select a property that you want to configure.
    2. Click Modify Property.
    3. Enter the value for that property.
    4. Click OK.
  7. Take note of the properties for the mechanism.
    Email Attribute Identifier

    The name of the attribute that contains the email address to be used.

    If this attribute is not set, the system always displays the template HTML page to the user.

    Default value: emailAddress

    Email Sender Value

    The value to use in the sender field of an email.

    Email Template

    The path to the template XML file to be used when sending an email to the user.

    Default value: /authsvc/authenticator/sessionattributeresponse/email_message.xml
    Note: The default value omits the locale portion of the path, which you can see in the templates page view.
    Error Template

    The path to the template HTML file to be used when displaying an error message to the user.

    Default value: /authsvc/authenticator/sessionattributeresponse/error.html

    Server Connection
    This field defines the SMTP connection that is used to send the email. You can select the SMTP server from the drop-down list.
  8. Click Save.

What to do next

After you have configured the mechanism, a message that indicates the changes are not deployed will be displayed. Deploy changes when you are finished. For more information, see Deploying pending changes.

After deploying the changes, you can create policies that include this mechanism. For more information, see Creating an authentication policy.