Send Different Activation Emails to Newly Created ...

ValAtanassov · ‎2025 Jan 31

When you hire new employees, one of your first tasks is to create accounts for them. But is it possible for the different users to get different activation emails when the accounts are created in SAP Cloud Identity services via an automated user provisioning process?

The answer is yes - you can configure different email template sets for account activation of newly created users based on user specific values of the attributes when Cloud Identity Services acts as an authenticating identity provider.

But how exactly to do this?

Well, this is what we are trying to explain in this blog. As an example scenario we will use the SAP SuccessFactors Onboarding scenario where the users are replicated from a SuccessFactors system to SAP Cloud Identity services by the Identity Provisioning service. In a nutshell: "When a new hire is created in SAP SuccessFactors Onboarding, they’re provisioned in Identity Authentication and the provisioned users receive an activation email that they can use to set the password and access their SAP SuccessFactors application." (Setting up SAP Identity Authentication Service for New Hires Using System for Cross-domain Identity ...)

However, we don’t aim to cover the end-to-end onboarding scenario, just the customization of the activation emails. Let’s assume that we have the following three divisions in the company: EMEA, APJ, NA and the onboarding users for each of them should receive a different account activation email.

So, in the SCIM API of SAP SuccessFactors these values are returned in the “division” attribute (part of the SCIM Enterprise schema) of the onboarding users.

Let's start with the configuration steps.

Prerequisites

You must be an administrator in SAP Cloud Identity Services with the Manage Tenant Configuration role enabled.

Create and Configure Custom Email Template Sets in Cloud Identity Services

1. Access the administration console->Application & Resources->Email Templates.

2. Create custom email templates for the different divisions.
Choose the Add button, name the set, and save. Repeat this for every division providing the respective names for them - EMEA, APJ, NA.

As a result, the new template sets appear in the list on the left:

3. Create template files in plain text and HTM.
a. Choose the On-Behalf Registration tab and select Default template for that set from the list on the left. Initially only the English version is available.
b. Open the plain text version, copy and paste it in a new file, edit the text, name it, and save it as a .txt file (repeat this step for every division)
c. Open the HTML version, copy and paste it in a new file, edit the text, name it and save it as a .html file (repeat this step for every division)

4. Choose the On-Behalf Registration tab -> select the EMEA template for that set from the list on the left -> choose Add Language and fill in the fields in the pop-up -> Save. For the files filed use the .txt and .html files that you created in Step 3.

Once created, every template set receives a unique ID. When the template set is selected in the list the ID is visible in the URL of the administration console and follows the pattern: https://<sap-identity-services-host>/admin/#/emailTemplateSets/<email-template-set-id>/…
Thus, we can extract the ID value after “emailTemplateSets/” till the next “/”

In our specific scenario, the IDs are:
EMEA - d490de93-f633-42b7-b31f-78bf12efedea
APJ - de464cea-023a-4f51-b9dc-77eb435c034a
NA - bf9d92c6-89c2-4305-81f0-4f5c4bb9216b

Configure the Target System

1. Access the administration console->Identity Provisioning->Target Systems

2. Find the target system that corresponds to the Cloud Identity Services tenant (part of the user provisioning flow for onboarding users from SAP SuccessFactors). See Configure Transformations in SAP Cloud Identity Services - Identity Provisioning

3. Go to Transformation tab, switch to JSON editor.

4. Choose Edit.

4. Find the following fragment:

       {

          "condition": "$.userType == 'ONBOARDEE'",

          "constant": "%ias.onboardee.email.template.id.attribute%",

          "targetPath": "$.emailTemplateSetId",

          "scope": "createEntity"

        },

and substitute it with the following one:

 {

          "condition": "($.userType == 'ONBOARDEE') && ($['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['division'] == 'EMEA')",

          "constant": "d490de93-f633-42b7-b31f-78bf12efedea",
          "targetPath": "$.emailTemplateSetId",

          "scope": "createEntity"

        },

        {

          "condition": "($.userType == 'ONBOARDEE') && ($['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['division'] == 'APJ')",

          "constant": "de464cea-023a-4f51-b9dc-77eb435c034a",

          "targetPath": "$.emailTemplateSetId",

          "scope": "createEntity"

        },

        {

          "condition": "($.userType == 'ONBOARDEE') && ($['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['division'] == 'NA')",

          "constant": "bf9d92c6-89c2-4305-81f0-4f5c4bb9216b",

          "targetPath": "$.emailTemplateSetId",

          "scope": "createEntity"

        },

6. Add a description, save and confirm the transformation changes.

Result

When the new employee is created in SAP SuccessFactors Onboarding, and provisioned in Cloud Identity Services, the provisioned users receive different activation emails depending on the division they are part of. Following the link in the activation mail they can use to set the password and access their SAP SuccessFactors application.

christianchopra · ‎2025 Apr 21

The issue with this post is that it doesnt explain how division is being sent. Right now the issue i have is that the division is not getting passed from SAP SuccessFactors to IAS

Spaet · ‎2025 Jun 02

Hi everyone

Do you know if we can include the user id from lms (login name in ias) into the ias mail text?

KR
Olga

vuongdv

Hi @ValAtanassov ,

Can I do the same with Learning-only users?

Thank you,

Vuong