eADM
eADM
Breadcrumbs

How to Create an Email Alert for Expiring Permissions

To prevent a sudden loss of access when manually assigned permissions expire, you can create a message flow that automatically notifies managers in advance.

This process involves two main steps:

  1. Creating a rule set to identify permissions that are nearing their expiration date.

  2. Creating a message flow that uses the rule set to send a detailed email notification to the user's manager.


Step 1: Create the Rule Set

First, create the rule set that will trigger the notification. This single set of rules will apply to all user permissions, so you don't need to create separate rules for each type of permission.


Rule Configuration

The rule set requires two lines of logic:

  1. Find Expiring Permissions: This rule identifies all users with a permission that will expire in less than 14 days.

    • Attribute: [FOREACH;ObjectPermission;ExpiryDate<[NOW+14]&Object.Id=[Id];SystemRole.Name,ExpiryDate;Rettighet,Utløpsdato:eadm]

    • Condition: Has value

  2. Prevent Duplicate Alerts: This rule ensures that the notification is sent only once for each expiring permission.

    • Attribute: [COUNTMESSAGESENT;]

    • Condition: Is equal to

    • Argument: 0


Step 2: Create the Message Flow

Now that the rule is in place, you can build the message flow that will compose and send the email.

  1. Go to Message Flows and create a new flow.

  2. Configure the basic settings:

    • Medium: Email

    • Recipient: Manager

  3. In the Rule Set field, select the rule set you created in the previous step.


Email Body Configuration

To provide a helpful notification, the email body should list the specific permissions that are about to expire. This is done using a FOREACH function in the message text.

The following code iterates through all permissions that are about to expire for the user and lists their name and expiration date; [FOREACH;ObjectPermission;Manual=true&Object.Id=[Id];SystemRole.Name,ExpiryDate;Permission,Expiration Date]



Note: For best results, click the Source code (</>) Click the button in the message text editor and paste the HTML code below. This will create a clean, well-formatted email.


HTML

<p>Hei</p>
<p>$[DisplayName] has one or more permissions that will expire within 14 days:</p>
<p>$[FOREACH;ObjectPermission;Manual=true&Object.Id=[Id];SystemRole.Name,ExpiryDate;Rettighet,Utløpsdato]</p>
<p>All permissions with an expiration date will be removed automatically on that date. If $[GivenName] still requires access, you must extend the access period. Click here to extend the period for the permissions.</p>
<p>&nbsp;</p>
<p>Mvh</p>
<p>IT Department</p>
<p>&nbsp;</p>


Step 3: Preview and Activate

Before enabling the flow, use the Preview feature to ensure the email displays correctly. The preview will show an actual example of the final notification, populated with user and permission data.

If you are satisfied with the result, activate and save the message flow.