Skip to main content
Skip table of contents

How to Create an Email Alert for Expiring Permissions

To prevent the sudden loss of access when manually assigned permissions expire, you can create a message flow that automatically notifies managers in advance.

This process involves two main steps:

  1. Creating a Rule Set to identify permissions that are nearing their expiration date.

  2. Creating a Message Flow that uses the rule set to send a detailed email notification to the user's manager.

Step 1: Create the Rule Set

First, create the rule set that will trigger the notification. This single set of rules will work for all user permissions, so you don't need to create separate rules for each type of permission.

Rule Configuration

The rule set requires two lines of logic:

  1. Find Expiring Permissions: This rule finds all users with a permission that will expire in less than 14 days.

    • Attribute: [FOREACH;ObjectPermission;ExpiryDate<[NOW+14]&Object.Id=[Id];SystemRole.Name,ExpiryDate;Rettighet,Utløpsdato:eadm]

    • Condition: Has value

  2. Prevent Duplicate Alerts: This rule ensures that the notification is only sent once per expiring permission.

    • Attribute: [COUNTMESSAGESENT;]

    • Condition: Is equal to

    • Argument: 0

Step 2: Create the Message Flow

With the rule set in place, you can now build the message flow that will compose and send the email.

  1. Navigate to Message Flows and create a new flow.

  2. Configure the basic settings:

    • Medium: Email

    • Recipient: Manager

  3. In the Rule Set field, select the rule set you created in the previous step.

Email Body Configuration

To provide a helpful notification, the email body should list the specific permissions that are about to expire. This is done using a FOREACH function in the message text.

The following code iterates through all expiring permissions for the user and lists their name and expiration date; [FOREACH;ObjectPermission;Manual=true&Object.Id=[Id];SystemRole.Name,ExpiryDate;Rettighet,Utløpsdato]

Recommended Email Template

Note: For best results, click the Source code (</>) button in the message text editor and paste the HTML code below. This provides a clean, well-formatted email.

CODE 
HTML
CODE 
<p>Hei</p>
<p>$[DisplayName] has one or more permissions that will expire within 14 days:</p>
<p>$[FOREACH;ObjectPermission;Manual=true&Object.Id=[Id];SystemRole.Name,ExpiryDate;Rettighet,Utløpsdato]</p>
<p>All permissions with an expiration date will be removed automatically on that date. If $[GivenName] still requires access, you must extend the access period. Click here to extend the period for the permissions.</p>
<p>&nbsp;</p>
<p>Mvh</p>
<p>IT Department</p>
<p>&nbsp;</p>

Step 3: Preview and Activate

Before enabling the flow, use the Preview function to ensure the email appears correctly. The preview will show a real example of the final notification, populated with user and permission data.

If you are satisfied with the result, activate and save the message flow.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close