These settings specify the files that are to be sent by APS when the associated event occurs. There is no such thing as "most restrictive" setting in these cases; the last applicable setting will be used.
File names may contain full or relative paths or no path at all. APS will use the Directory setting in the [MAIL] section to locate files, if required.
File names may contain attribute replacement specifications, such as /Mail/{preferredLanguage}/Disabled.email.
Multiple files may be specified, separated by a semicolon (";"). If so, APS will send all of them, if possible. This is useful when one file should be sent to the user and another to an administrator.
The format of these files is described in the section entitled Email Templates.
If no mail is to be sent for a specific event, comment out or leave the setting blank.
If your User Directory does not have valid email addresses, you should not use these settings, except to send mail to internal personnel (fixed email addresses).
For Windows NT users, APS looks at the Description field in the user's entry. Within that field, APS looks for the string Email:. The text immediately following, up to the end of the description field or the next space, will be used as the user's email address.
Default: none
Recommended: Yes, to user
Complexity Level: Intermediate
This setting specifies the file(s) to send when a disabled user tries to authenticate. This is useful to tell the user that they have entered correct information, but their user record is currently disabled. Note that if passwords are reset (see the Reset Passwords setting on page 71) users will fail authentication and not see this mail. This is only sent when they successfully authenticate, then are rejected by APS because the record is disabled.
This event supports a macro called DisabledReason. This will contain the reason code(s) associated with why the user is disabled.
Disabled User Mail=Disabled.email
Default: none
Recommended: Yes, to user and administrator
Complexity Level: Intermediate
This setting specifies the file(s) to send when the maximum failure count is exceeded and the user is not going to be allowed to login. This is a very secure way to notify a user (or administrator) of a possible attack on the system, since a hacker will not receive the mail (and thus the user id is not confirmed and the hacker will continue attempts that can never succeed). The user will be notified why his mistaken logins do not work and that his account is disabled.
Administrators can be notified of the attack. This is often very usefully overridden for Administrator accounts, since it can be used to notify system or security administrators of attempts to access the system (most sites will not want System Administrator notification for all Max Failure events, only attacks on administrator accounts).
When this mail is sent, a macro called FailureCount can be included in the mail text itself. Its value is the actual number of failed attempts.
Max Failures Mail=MaxFailures.email
Max Failures Mail={@Administrators} MaxFailures.email; AdminMaxFailures.email
Default: none
Recommended: Yes, to administrator
Complexity Level: Advanced
When an account is under programmatic attack and the Max Failures setting is in effect, APS disables the user and sends the Max Failures Mail when the failure count first reaches the value of Max Failures. Presumably, Max Failures Mail will be sent to the user.
This setting, Ongoing Failures Mail, specifies the file(s) to send as the attack continues. Each Max Failures attempts will trigger the sending of the file(s) indicated in this setting. Under normal circumstances, this mail is sent to an internal administrator to notify that person that the attack continues.
Often, sites will configure this mail to go through an SMTP/Pager gateway so that the administrator is notified in real-time.
When this mail is sent, a macro called FailureCount can be included in the mail text itself. Its value is the actual number of failed attempts. It is often useful to include {SM_USERSESSIONIP} (note the braces) in the body of the mail so that the client IP address (the source of the attack) can be identified. This address is not necessarily trustworthy; it can be spoofed.
Ongoing Failures Mail=MoreAttacks.email
Default: none
Recommended: Yes, to user and administrator
Complexity Level: Intermediate
If the user is disabled because he is inactive, this setting is used to find the file to send as mail. This setting is used during the authentication process and by the APSExpire utility.
Inactive User Mail=InactiveOnline.email
Inactive User Mail={%APSExpire="YES"} NotifyInactiveUsers.email
Default: none
Recommended: no
Complexity Level: Advanced
This setting controls the mail file sent when a user's password actually expires (not when he enters the grace period). This is sent when the user is disabled because of password expiration. It can be used both for online expiration and by APSExpire.
Expired Password Mail= ExpiredPasswordOnline.email
Expired Password Mail={%APSExpire="YES"} NotifyExpiredPassword.email
Default: none
Recommended: no
Complexity Level: Advanced
If the user will be forced to change his password, this setting specifies the file that will be sent as email. It is not very useful, since redirection will actually force the password to be changed. It is not used by APSExpire.
Force Change Mail=ForceChangePassword.email
Default: none
Recommended: Yes
Complexity Level: Intermediate
If the user must be warned that his password will expire, but does not yet have to change the password, the file specified by this setting is sent.
This is actually a very useful setting. Consider, for your site, using this setting instead of redirecting the user. By using email (presumably either containing the URL that the user can use to change their password or instructions as to where a link can be located on your site), you will not interrupt the user's workflow to request an optional password change.
This setting can be used by APSExpire. If, for example, a typical user of your site only is expected to log in quarterly, but password expiration warnings are given 10 days before expiration, users will rarely ever actually see such a warning at login time. You can use this setting with APSExpire to warn users even when they are not logging in frequently.
Password Warning Mail={%APSAdmin!="YES"} PasswordWarningOnline.email
Password Warning Mail={%APSAdmin="YES"} NotifyPasswordWarning.email
Default: none
Recommended: Yes
Complexity Level: Intermediate
If the Max Inactivity and Inactivity Warning settings are specified, APSExpire can send a user email before the user's account actually expires. For very important customers, mail could be sent to an administrator instead of (or in addition to) the user. This setting specifies the file(s) to send.
This mail is only sent by APSExpire and only if a user will expire and warnings are to be sent.
Inactivity Warning Mail=InactivityWarning.email
Default: none
Recommended: Yes
Complexity Level: Advanced
If APSExpire actually disables a user for inactivity, this setting specifies the mail file(s) that it should send. This is a separate setting from the mail sent if user expiration is detected during the login process, but is often the same file.
Inactivity Disabled Mail=InactivityDisabled.email
Default: none
Recommended: No
Complexity Level: Advanced
When a user changes their password, the change is confirmed on the screen. As an option, APS can also send mail to confirm the password change. This is generally unnecessary.
A special macro is available for this mail only. This macro contains the user's new password and may be inserted into the mail using the text %PASSWORD%. It is generally not a good idea to do this, however.
Change Confirmation Mail=ChangeConfirmation.email
|
Copyright © 2014 CA.
All rights reserved.
|
|