Skip to end of metadata
Go to start of metadata


This mechanism is used to notify users about relevant changes in midPoint and/or connected resources. For example, a user (or user's boss, or the person who requested the operation, the security manager, etc) may be notified when one of user's accounts is created, modified, or removed. Or, when the midPoint user record is created, when the password is changed, or when he has a new work item to process. There are many such situations imaginable.

Currently there are the following basic kinds of notifications:

  1. User notifications. These are related to midPoint user record, e.g. its creation, modification or removal.
  2. Resource object notifications. These are related to objects on resources, e.g. creation, modification, or removal of accounts, groups, etc.
  3. Workflow notifications. These are generated e.g. when a work item is created or completed, or when a workflow process instance is started or finished.
  4. Access certification notifications. They are sent e.g. when a campaign is started, closed or about-to-be-closed, or when a response is requested from a reviewer.
  5. Task notifications. These are created when a task is started or finished. They are useful e.g. to notify in cases when a recurring task (like a reconciliation or live sync) ends with a failure.
  6. Custom notifications. These can be used for any other purposes.

Some simple examples

Configuration of notifications is currently done within SystemConfiguration object. Some examples are shown below:

General Notifier Example

A bit of theory related to event handling

When something potentially of interest occurs, an event is generated. This event is then processed by one or more event handlers, as prescribed in <notificationConfiguration> section.

There are the following kinds of event handlers.


A notifier is a module that transforms an event to zero, one or more notifications. Examples are:

simpleUserNotifierUser notification

Generates notifications about user records.

simpleResourceObjectNotifierResource object notificationGenerates notifications about resource objects (e.g. accounts).
userPasswordNotifierUser notificationGenerates notifications about user passwords.
accountPasswordNotifierAccount notificationGenerates notifications about account passwords.
simpleWorkflowNotifierWorkflow notificationGenerates notifications about start/completion of work items (i.e. user tasks) and about start/completion of workflow process instances.
simpleCampaignNotifier, simpleCampaignStageNotifierCertification notificationGenerates notifications about certification campaigns.
simpleTaskNotifierTask notificationGenerates notifications about tasks.
generalNotifier This is a general purpose notifier that is driven by expressions, which transform an event into a notification.


A filter is a component that does not generate notifications, but passes through (or filters out) defined subsets of notifications. There are currently the following kinds of filters:

categorypasses one or more defined categories of events: resource object-related events ("resourceObjectEvent"), user-related events ("modelEvent"), work item-related events ("workItemEvent"), workflow-related events ("workflowProcessEvent"), or any workflow-related events ("workflowEvent" - currently this means "either workItemEvent or workflowProcessEvent")
statuspasses or filters events based on their status: success, alsoSuccess, failure, onlyFailure, inProgress (with a bit different sets of acceptable values and their semantics for account/user/workflow events)
operationpasses or filters events based on the kind of operation that was executed or attempted to: add, modify, or delete
expressiona generic filter that evaluates an expression and passes/filters event based on the result
objectKindpasses or filters events based on the kind of resource object they deal with (account, entitlement, generic)
objectIntentpasses or filters events based on the intent of resource object they deal with

A filter can be specified as part of a notifier - in that case it defines which classes of events get processed by that notifier. Or a filter can be a standalone part of a handler chain (see below).

Special kinds of handlers

There are two special kinds of handlers:

Handler chain (chained)Contains sequentially ordered event handlers (notifiers, filters, forks, other chains). Processing within a chain continues until an event is filtered out. (Please note that filtering is done only by filters; all notifiers simply pass all events along.)
Fork (forked)Splits processing of an event into more handlers "in parallel". (We expect this kind of handler will be used only occassionally, however, we have implemented in for completeness.)

Executing the handlers

When an event is created, all the handlers defined at the level of <notificationConfiguration> are executed.

Some more advanced examples:


For instructions how to configure notifiers, filters, and transports please see administrator's guide.

Custom notifications

These are briefly described in the Sending custom notifications HOWTO.

See Also


  • No labels