Configure an Email Message mechanism
The Email Message mechanism provides arbitrary information about a user via either email, webpage, or JSON for consumption by users or applications.
Before using the Email Message mechanism, an SMTP server connection must first be configured. For information about how to configure the SMTP server connection, see Manage server connections.
This mechanism can be used in conjunction with the Info Map mechanism. The Info Map mechanism populates some session info and potentially enriches the session further through user mapping. The Email Message mechanism then provides this information to the user via email.
For example, for a forgotten username:
- The user initiates the forgot username flow.
- The user is prompted to enter his or her email and date of birth.
- The user provides the details.
- The Info Map mechanism performs a lookup based on the information and enriches the session with the user name.
- The Email Message mechanism sends an email that provides the user name to the user.
If this mechanism is not used in conjunction with the Info Map mechanism, only information from the Verify Access credential will be made available.
To use values in the Verify Access credential or session information added by the Info Map mechanism, add wrapping @ signs to the attribute identifier in the same way as they are used in macros. For example, to make use of a user's credential containing the attribute firstName in the template page:
... This is the welcome page for @firstName@ ...The attribute identifier is case sensitive. For example, @firstname@ cannot be used to reference the attribute firstName.
We can use the Email Message mechanism to send messages in HTML format. See HTML format for OTP email messages.
Steps
- Log in to the local management interface.
- Click AAC.
- Under Policy, click Authentication.
- Click Mechanisms.
- Click Email Message.
- Click the Properties tab.
- Select a property to configure.
- Click Modify Property.
- Enter the value for that property.
- Click OK.
- Take note of the properties for the mechanism.
- Email Attribute Identifier
The name of the attribute containing the email address to be used.
If this attribute is not set, the system always displays the template HTML page to the user.
Default value: emailAddress
- Email Sender Value
The value to use in the sender field of an email.
- Email Template
The path to the template XML file to be used when sending an email to the user. Default value: /authsvc/authenticator/sessionattributeresponse/email_message.xml The default value omits the locale portion of the path, which we can see in the templates page view.
- Error Template
The path to the template HTML file to be used when displaying an error message to the user.
Default value: /authsvc/authenticator/sessionattributeresponse/error.html
- Server Connection
- This field defines the SMTP connection used to send the email. We can select the SMTP server from the drop-down list.
- Click Save.
What to do next
After we have configured the mechanism, a message that indicates the changes are not deployed will be displayed. Deploy changes when we are finished. For information, see Deploying pending changes.
After deploying the changes, we can create policies that include this mechanism. For more information, see Create an authentication policy.
- HTML format for OTP email messages
The HTML format for One-Time Password (OTP) email messages includes an identifying header of the ISAM host that sent the message.
Parent topic: Authentication