Recertification default notifications

IBM Security Identity Manager provides default templates for user, account, and access recertification notifications.

Default recertification templates

The default templates exist in LDAP and cannot be modified. An administrator can view the default templates in the recertification policy interface and copy them there. The following labels are the default template names for the account and access recertification policy recertification email:

• Delete Account
• Mark Access
• Mark Account
• Remove Access
• Suspend Account

The following labels are the default template names for the account and access recertification policy rejection email:

• Access Marked
• Access Removed
• Account Deleted
• Account Marked
• Account Suspended

The following labels are the default template names for the user recertification policy recertification e-mail:

• User Recertification Pending

The following labels are the default template names for the user recertification policy rejection e-mail:

• User Recertification Rejected

Properties file values

To change templates, you can use all the key=value statements in the CustomLabels.properties file, or create our own properties and values.

These properties are referenced by the default templates. The properties can be modified if to reword some of the templates while keeping the same parameter substitutions. We can either modify these defaults, or make up our own keys and reference them from the templates.

The properties include the following items.

recertOn={0} on {1}recertTemplateSubject=Recertification required 
  for account {0} on service {1}recertTemplateAccessSubject=Recertification required 
  for account {0} on access {1}recertTemplateBody=You have received a recertification request 
  for account {0} on service {1} owned by {2}.
recertTemplateAccessBody=You have received a recertification request 
  for account {0} on access {1} owned by {2}.
recertDeclineSuspendsBody=Rejection of this recertification request 
  will result in the suspension of account {0} on {1}.
recertDeclineDeletesBody=Rejection of this recertification request 
  will result in the deletion of account {0} on {1}.
recertDeclineMarksBody=Rejection of this recertification request 
  will result in account {0} on {1} being marked as rejected for 
  recertification.
recertDeclineDeletesAccessBody=Rejection of this recertification 
  request will result in the deletion of access {0}.
recertDeclineMarksAccessBody=Rejection of this recertification request 
  will result in access {0} being marked as rejected for recertification.
recertDeclinedAcctSuspendedSubj=Account {0} on service {1} has been 
  suspended due to rejection of a recertification request recertDeclinedAcctDeletedSubj=Account {0} on service {1} has been 
  deleted due to rejection of a recertification request recertDeclinedAcctMarkedSubj=Account {0} on service {1} has been 
  marked as rejected for recertification due to rejection 
  of a recertification request recertDeclinedAccessDeletedSubj=Account {0} on access {1} has been 
  deleted due to rejection of a recertification request recertDeclinedAccessMarkedSubj=Account {0} on access {1} has been 
  marked as rejected for recertification due to rejection of a 
  recertification request recertDeclinedAcctSuspendedBody=The account {0} on service {1} owned 
  by {2} has been suspended due to rejection of a recertification request.
recertDeclinedAcctDeletedBody=The account {0} on service {1} owned 
  by {2} has been deleted due to rejection of a recertification request.
recertDeclinedAcctMarkedBody=The account {0} on service {1} owned 
  by {2} has been marked as rejected for recertification due to 
  rejection of a recertification request.
recertDeclinedAccessDeletedBody=The account {0} on access {1} owned 
  by {2} has been deleted due to rejection of a recertification request.
recertDeclinedAccessMarkedBody=The account {0} on access {1} owned 
  by {2} has been marked as rejected for recertification due to 
  rejection of a recertification request.
userRecertTemplateSubject=Recertification required for user {0}userRecertTemplateBody=You have received a recertification request 
  for user {0}. The recertification includes their membership in {1} role(s)
  and ownership of {2} account(s). Please indicate whether the user still 
  requires these resources.
userRecertDeclinedSubj=Recertification request rejected for user {0}userRecertDeclinedBody=One or more resources for user {0} have been
  rejected during recertification.
userRecertRolesRejectedLabel=The following roles were rejected:
userRecertAccountsRejectedLabel=The following accounts were rejected,
  along with all groups associated with the accounts:
userRecertGroupsRejectedLabel=The following groups were rejected,
  but the account was accepted:
userRecertAcctLabel=Account "{0}" on service "{1}"
userRecertGroupLabel=Group "{0}" for account "{1}" on service "{2}"

Parent topic: Recertification policies