Email templates

After you upgrade to Identity Engine, learn about the changes to email templates.

Change summary Classic Engine: The default expiration of email links is one hour. You customize the expiration times in a password policy for self-service password reset or in the Security > Multifactor menu for Email Authentication factor.

Identity Engine: The default expiration of email links is five minutes, and you can customize that in five-minute increments up to 30 minutes. You configure the expiration of email links for self-service password reset, self-service account unlock, and multifactor authentication in one place: the Email Authenticator under the Security > Authenticators menu.

Admin experience

Both Classic Engine and Identity Engine now use Velocity Template Language, so you no longer have to select different templates according to your configuration. The enhanced functionality that currently allows for One-Time Password (OTP) code remains in the following templates:

  • Active Directory Password Reset
  • Active Directory Password Unlock
  • LDAP Forgot Password
  • Reset Authenticator
  • Unlock Authenticator

The term multifactor authenticators doesn’t automatically change to security methods in the email body text. If you want to use the updated wording, update the email templates manually or reset the email templates to their default state.

After the upgrade to Identity Engine, all of your customizations remain intact. Verify your templates to ensure they perform as expected.

User experience

There are no changes to the user experience, except for minor text updates:

  • The message “Can't use the link? Enter a code instead: (recoveryToken Placeholder)” appears in the password reset and account unlock templates.
  • Title references to multifactor authentication changed to security method.
Related topics Customize an email template