Template Name

Purpose

Forgot Password Denied

Triggered during Self-Service Password Reset (SSRP) if the user cannot reset the password due to insufficient factors or an invalid status.

Account Lockout

Sent when an account is locked, provided the password policy rule for Send lockout email to user is enabled.

Email Factor verification

Sent to users to verify an email address change performed in Okta. NOTE: This is not available via API.

Authenticator Enrolled

Sent when a user successfully sets up an eligible authenticator based on enrollment policies found in Security > Authenticators > Enrollment.

Authenticator Reset

Triggered when an administrator performs the Reset Authenticators action from Directory > People > select the user > More Actions.

Password Changed

Triggered when a user updates their password in Settings > Security Methods or performs SSRP. This is enabled in Security > General > Security notification emails.
NOTE: Currently, there is no way to enable this for Admins.

User Bootstrapped Activation

Triggered when using a YubiKey.

Campaign Overdue Reminder

This is for the Identity Governance component.
This a SKU/Feature that can be seen from Admin Console > Identity Governance > Access Certifications.
NOTE: If that is not enabled then this is coming from the Campaign Notifications.

• Suppressing End-User Access Certification Emails
• Campaign settings

LDAP or AD User Activation

Sent to Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) users upon activation if the Activation emails option is enabled in the integration settings. This typically happens after user import.

• Configure Active Directory import and account settings

LDAP or AD Forgot Password

Sent to LDAP or AD users when starting an SSRP flow.

LDAP or AD Forgot Password Denied

Sent to LDAP or AD users if they are not permitted to perform an SSRP.

LDAP or AD Self-Service Unlock Account

Sent to LDAP users if the password policy allows unlocking an account after failed attempts.