Email templates

Some email templates have new names and features in Identity Engine. Refer to the following tables to see what changed.

Action Classic Engine Email Template Identity Engine Email Template Changes
Self Service password reset (SSPR) for Okta-sourced users Forgot Password Forgot Password Added: “Can't use the link? Enter a code instead: (recoveryToken Placeholder)”
Self Service Unlock (SSU) for Okta-sourced user Self-Service Unlock Account Self-Service Unlock Account Added: “Can't use the link? Enter a code instead: (recoveryToken Placeholder)”
SSPR for AD-sourced users Active Directory Password Reset Active Directory Password Reset Added: “Can't use the link? Enter a code instead: (recoveryToken Placeholder)”
SSPR for LDAP-sourced users LDAP Forgot Password LDAP Forgot Password Added: “Can't use the link? Enter a code instead: (recoveryToken Placeholder)”
SSU for AD-sourced users Active Directory Self-Service Unlock Account Active Directory Self-Service Unlock Account Added: “Can't use the link? Enter a code instead: (recoveryToken Placeholder)”
Security notification: MFA Enrolled

MFA Factor Enrolled

Changed:

Email display name in Admin Console

Changed:

Email subject “MFA Factor enrolled” to “Security method enrolled”

Authenticator Enrolled

Changed: “Multi-factor authentication” to “security method”

Changed: “{factor Placeholder}” to “{authenticator Placeholder}”

Security notification: MFA Reset

MFA Factor Reset

Changed:

Email display name in Admin Console

Changed:

Email subject “MFA Factor Reset” to “Security method reset”

Authenticator Reset

Changed: “Multi-factor authentication” to “security method”

Changed: “{factor Placeholder}” to “{authenticator Placeholder}”

Identity Engine changes the Forgot Password/Account password reset email template.

Classic Engine Identity Engine

Identity Engine changes the MFA Factor Enrolled email template.

Classic Engine Identity Engine

What happens to email templates after you upgrade?

After the upgrade to Identity Engine, all of your customizations remain intact. Verify your templates to ensure they perform as expected.

The term multifactor authenticators doesn’t automatically change to security methods. If you want to use the updated wording, you must update the email templates manually, or reset the email templates to their default state.

Expiration of email links

In Classic Engine, the default expiration of email links is one hour. You customized the expiration times in a password policy for self-service password reset, or in the Security > Multifactor menu for Email Authentication factor.

In Identity Engine, the default time for expiration is five minutes, and you can customize that in five-minute increments up to 30 minutes. You configure the expiration of email links for self-service password reset, self-service account unlock, and multifactor authentication in one place: the Email Authenticator under the Security > Authenticators menu.