How do I send an email on an specific role assignement?

jvicente · March 16, 2026, 12:07pm

On Sailpoint IIQ 8.4:

When a specific Role is assigned, i need to send a notificatión email to a group of users. How can i do that? I think it can be done with specific scripts on the LCM workflow, but i don´t know wich is the standard method

msingh900 · March 16, 2026, 12:29pm

If you are using standard workflow like LCM Workflow, then use the variables for email in the LCM Workflow to send notification. As this would be standard way of achieving this usecase.

neel193 · March 16, 2026, 12:54pm

@jvicente Do you mean IIQ Roles? If yes, modifying the LCM workflow for just single role, is not a wise approach..

If it works for you, you can send an email in the after provisioning rule of the application associated with IIQ Role. You can get the plan over there and accordingly send the notification.

kallajayaram · March 16, 2026, 1:01pm

Hi @jvicente ,

Do you want to send the notification email to the approvers and Owners of the role, or other Users?

igaqaiseriqbal · March 16, 2026, 1:13pm

You’re on the right track with the LCM workflow. There’s no built-in checkbox for this, but the cleanest way is to add a step in the LCM Provisioning workflow that fires after provisioning completes.

In that step, check if the provisioned role matches your target role, then fire off an email using context.sendEmailNotification(). Quick tip: put your recipients in a Workgroup and email that instead of hardcoding addresses.

if (plan != null) {
    for (AccountRequest accReq : plan.getAccountRequests()) {
        for (AttributeRequest attrReq : accReq.getAttributeRequests()) {
            if ("assignedRoles".equals(attrReq.getName()) && 
                "Your Special Role Name".equals(attrReq.getValue())) {
                // send your email template here
            }
        }
    }
}

If you’d rather not touch the workflow, an After Provisioning Rule on the application works too but the workflow approach gives you better visibility and control over the notification lifecycle.

Peddapolu · March 16, 2026, 1:14pm

Hi @jvicente , One question: are these roles auto-assigned based on the assignment rule , or does the user place a request through the Manage User Access Page?

Thanks,

PVR.

ryan_toornburg · March 16, 2026, 5:40pm

An After provisioning Rule is the cleanest way to go, especially if it is only for one role.

naveenkumar3 · March 16, 2026, 11:44pm

It All depends on where do you want to make changes. You can update your lcm workflow to achieve this, but not all changes required making changes at the platform.

What i would suggest is create a custom attribute at the role level, says Email template, and use that attribute for sending any notification, when the role is assigned to the user.

jvicente · March 17, 2026, 6:48am

For other users, not the approvers or owners

santhirajumunganda · March 17, 2026, 9:16am

Hi @jvicente can you try this one below, this example rule notifies the application owner if an Identity is assigned the Super User role in the application.
Similar logic would apply to users being added to a specific Active Directory group, etc.

import sailpoint.object.*;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
// examine provisioning result to see if Identity has been added to Admin group
System.out.println("running after provisioning rule");
String requester;
if ( plan != null ) {
List accounts = plan.getAccountRequests();
if ( ( accounts != null ) && ( accounts.size() > 0 ) ) {
 for ( AccountRequest account : accounts ) {
 if (( account != null ) &&
 ( AccountRequest.Operation.Create.equals(account.getOperation())
 || AccountRequest.Operation.Modify.equals(account.getOperation()))) {
 //Check if adding someone to "super" role
AttributeRequest attrReq = account.getAttributeRequest("role");
 if (attrReq != null) {
 if ("super".equals(attrReq.getValue())) {
 String nativeIdent = plan.getNativeIdentity();
List requesters = plan.getRequesters();
if (!(null == requesters || void == requesters)) {
 Identity reqIdent = requesters.get(0);
requester = reqIdent.getName();
 } else {
 requester = "No requester recorded";
 }
// email application owner if they find “super” role
Identity appOwner = application.getOwner();
System.out.println("owner:" + appOwner.toXml());
System.out.println("email:" + appOwner.getEmail());
String templateName = "NewSuperUser";
EmailTemplate template = (EmailTemplate)
context.getObject(EmailTemplate.class, templateName);
template.setTo(appOwner.getEmail());

 EmailOptions options = new EmailOptions();
options.setSendImmediate(true);
options.setNoRetry(true);
options.setVariable("nativeIdentity", nativeIdent);
options.setVariable("requester", requester);
 context.sendEmailNotification(template, options);
 }
 }
 }
 }
 }
}

Thanks
Raju

Topic		Replies	Views
Sending email to outside team for further access provisioning IIQ Discussion and Questions email-templates , identityiq , provisioning	13	169	September 19, 2025
Email Notification and/or Work Item Assignment post approval/provisioning IIQ Discussion and Questions identityiq , provisioning , work-items , notifications	1	40	December 15, 2025
"After Provisioning Rule" for IIQ Role Assignment IIQ Discussion and Questions identityiq , provisioning	9	242	March 21, 2025
Add email attribute and email template to Business Role Form IIQ Discussion and Questions workflows , identityiq , roles	8	132	March 30, 2025
Approval Email Notification is not getting trigerred for Role requests IIQ Discussion and Questions workflows , identityiq	8	827	April 30, 2024

How do I send an email on an specific role assignement?

Related topics