Skip to content

Email templates

WSO2 Identity Server organizations use several email templates to send email notifications to users.

Note

Email templates in WSO2 Identity Server

The following is a comprehensive list of email templates that are available in WSO2 Identity Server.

Note

Some of the email templates below should contain URLs to redirect the user for certain actions. Learn how to generate these URLs in the URLs in email templates section.

Template ID Description
LiteUserEmailConfirmation

ResendLiteUserEmailConfirmation
These emails are generated when you create an account in WSO2 Identity Server.
EmailConfirm

AccountConfirmation

ResendAccountConfirmation
These emails are sent when a user creates an account in your WSO2 Identity Server organization. The email will prompt the user to confirm their account/email
VerifyEmailOnUpdate This email is generated when the user changes the email associated with the account.
AccountIdRecovery This email is generated when a user requests an account ID recovery.
PasswordReset

resendPasswordReset

AdminForcedPasswordReset

resendAdminForcedPasswordReset

These emails involve password resets. Depending on whether the user or the administrator initiates the password reset, separate emails are generated.
initiateRecovery This email is generated when a user initiates a password reset using security questions.
passwordResetSuccess This email is generated when a user successfully resets the password.
AdminForcedPasswordResetWithOTP

resendAdminForcedPasswordResetWithOTP
These emails are generated when a user initiates password reset using OTP. The email template can display the OTP using the {{ confirmation-code }} literal.
TemporaryPassword This email is generated when a user is offered a temporary password by the administrator. The email template can display the temporary using the {{ temporary-password }} literal.
AccountLockAdmin

AccountUnlockAdmin

AccountEnable

AccountDisable

These emails are generated when a user account is enabled or disabled.
AccountLockFailedAttempt This email is generated when a user account gets locked due to a specified number of failed login attempts. The email template can display the lock duration using the {{ lock-duration }} literal.
AccountUnlockTimeBased This email is generated when a user account is unlocked automatically once the lock duration exceeds.
UnseenDeviceLogin This email is generated when the logs in to using an unrecognized device. The email template can display the time of login using the {{ login-time }} literal.
idleAccountReminder This email is generated when there is no activity in the user account for a specified amount of time.
TOTP This email is generated when the user is given a TOTP to log in. The email template can display the token using the {{ token }} literal
OneTimePassword This email is generated when a user is given a new password to log in. The email template can display the password using the {{ otp-password }} literal
EmailOTP

ResendEmailOTP
These emails are generated when a user is given a one-time password to sign in to an application. The email templates can display the password using the {{ OTPCode }} literal.
magicLink This email is generated when a user logs in with a magic link. The application name and the expiry time of the link can be accessed by the literals {{ application-name }}, and {{ expiry-time }} respectively.
AskPassword

resendAskPassword

These emails are generated when a user is asked to create a password for the newly created account.
selfSignUpNotify

selfSignUpSuccess

These emails are generated when a user uses self sign-up to register in your organization.

URLs in email templates

Some email templates in WSO2 Identity Server should contain URLs which users can click to complete an action. Explained below are those URLs and in which email templates these URLs should contain.

  • URL to confirm a user account

    {{ account.recovery.endpoint-url }}/confirmliteuserregistration.do?confirmation={{ confirmation-code }}&callback=https://{{ server.placeholder.websiteHostName }}/early-access
    

    This URL is used in the LiteUserEmailConfirmation and ResendLiteUserEmailConfirmation templates.

  • URL to confirm an email address

    {{ account.recovery.endpoint-url }}/confirmregistration.do?confirmation={{ confirmation-code }}&userstoredomain={{ userstore-domain }}&username={{ url:user-name }}
    
    This URL is used in the EmailConfirm template.

  • URL to confirm a user account

    {{ account.recovery.endpoint-url }}/confirmregistration.do?confirmation={{ confirmation-code }}&userstoredomain={{ userstore-domain }}&username={{ url:user-name }}&spId={{ spId }}
    
    This URL is used in the AccountConfirmation and ResendAccountConfirmation.

  • URL to verify an updated email address.

    {{ account.recovery.endpoint-url }}/confirmregistration.do?confirmation={{ confirmation-code }}&userstoredomain={{ userstore-domain }}&username={{ url:user-name }}
    
    This URL is used in the VerifyEmailOnUpdate template.

  • URL to reset a password

    {{ account.recovery.endpoint-url }}/confirmrecovery.do?confirmation={{ confirmation-code }}&userstoredomain={{ userstore-domain }}&username={{ url:user-name }}&callback={{ callback }}&spId={{ spId }}&type=reset
    

    This URL is used in the PasswordReset and resendPasswordReset templates.

  • URL to reset a password (admin forced)

    {{ account.recovery.endpoint-url }}/confirmrecovery.do?confirmation={{ confirmation-code }}&userstoredomain={{ userstore-domain }}&username={{ url:user-name }}&type=reset
    

    This URL is used in the AdminForcedPasswordReset and resendAdminForcedPasswordReset templates.

  • URL to generate a password for a newly created account

    {{ account.recovery.endpoint-url }}/confirmrecovery.do?confirmation={{ confirmation-code }}&userstoredomain={{ userstore-domain }}&username={{ url:user-name }}&type=invite
    

    This URL is used in the AskPassword and resendAskPassword templates.

  • URL generate magic links

    {{ carbon.product-url }}/commonauth?mlt={{ ma\Token }}
    

    This URL is used in the magicLink template.

  • URL to prompt the user to access My Account after a user self signs up.

    {{ authentication.endpoint-url }}?client_id=MY_ACCOUNT&t={{ tenant-domain }}&relyingParty=MY_ACCOUNT&type=oidc&sp=My+Account&isSaaSApp=true&authenticators=BasicAuthenticator:LOCAL
    

    This URL is used in the selfSignUpNotify and selfSignUpSuccess templates.

Note

Be sure to use proper HTML URL encoding when including above URLs in email templates.

Literals in email templates

Email templates use literals to display dynamic information on email templates. The following are the template literals that are accessible for all email templates in WSO2 Identity Server.

General literals

The following literals about the user are accessible for all email templates.

Literal Description
{{ user-name }} Name of the user account.
{{ user.claim.givenname }} Given name of the user.
{{ userstore-domain }} Name of the user store.
{{ organization-name }} Name of the organization. Insert this placeholder where you want to display the organization's name in a human readable format.
{{ tenant-domain }} Domain name specific to the organization. For organization (root), this is a human-readable domain name. For organizations, a UUID is used to uniquely identify them. Utilize this placeholder within URL paths to denote the tenant.

Note

Organizations (root) created before October 2022 will utilize \{\{ tenant-domain \}\} as the placeholder to represent the organization name. As this placeholder may not provide the organization name in a human-readable format, consider updating it to \{\{ organization-name \}\} as needed for clarity and ease of understanding.


Branding literals

You can use the following literals and customize email templates to fit the branding of your organization.

You can configure the values of these literals from the WSO2 Identity Server Console. Refer to the branding documentation to learn more.

Literal Descriprion
{{ organization.logo.img }} Organization logo
{{ organization.logo.altText }} Logo alternative text
{{ organization.copyright.text }} Copyright text
{{ organization.support.mail }} Support email
{{ organization.color.primary }} Primary color
{{ organization.color.background }} Email background color
{{ organization.font }} Email font
{{ organization.font.color }} Email body font color
{{ organization.button.font.color }} Email button font color