Email Template Descriptions

Verification emails

If you turn on the Verification Email, users who sign up on a database connection will receive a message asking to confirm their email address by clicking on a URL included in the message.

In addition to the common variables available for all email templates, the Verification Email provides the url variable that refers to the URL that the user will have to click. You will use it in the Message field to create a link that the user can follow, as in this example:

Redirect To results for verification email template

You can configure a Redirect To URL to send the users to after the email verification action was attempted. By default, Auth0 includes the following parameters:

  • success with value true or false indicating whether the email verification was successful

  • message with an additional description of the outcome. Some possible values are:

    • Your email was verified. You can continue using the application. (with success=true)

    • This URL can be used only once (with success=false)

    • Access expired. (with success=false)

    • User account does not exist or verification code is invalid. (with success=false)

    • This account is already verified. (with success=false)

For some errors, the user may be sent to the Generic Error Page page instead of the Redirect To URL.

You can prevent sending the email addresses on the redirect links by updating the email templates using the Management API. For example:

PATCH /api/v2/email-templates/reset_email { "includeEmailInRedirect": false } or,

PATCH /api/v2/email-templates/verify_email { "includeEmailInRedirect": false }

The target URL handler should be prepared to gracefully handle other possible messages as well.

Welcome emails

Once a user verifies their email address, they will receive a Welcome Email. If you turn off the Verification Email feature, the Welcome Email will be sent to the user when they sign-up (or log in for the first time).

In addition to the common variables available for all email templates, the following are available to the Welcome template:

  • If the user is logged in through an Organization:

    • organization.id

    • organization.display_name

    • organization.name

    • organization.metadata

    • organization.branding.logo_url

    • organization.branding.colors.primary

    • organization.branding.colors.page_background

Change password emails

If a user requests a password change, they will receive a Change Password email that contains a URL link. When the user clicks on the link, a Password Reset page will be presented to enter the new password.

In addition to the common variables available for all email templates, the following are available to the User Invitation template:

  • url: URL that the user will select to change their password. You can use it in the Message field to create a link that the user can follow, as in this example: <a href="https://auth0.com/docs/{{ url }}">Click here to change your password</a>

  • If the user is logged in through an Organization:

    • organization.id

    • organization.display_name

    • organization.name

    • organization.metadata

    • organization.branding.logo_url

    • organization.branding.colors.primary

    • organization.branding.colors.page_background

Redirect To results for change password template

You can configure a Redirect To URL to send the users to after the password change action was attempted. By default, Auth0 includes the following parameters:

  • success with value true or false indicating whether the password change was successful

  • message with an additional description of the outcome. Some possible values are:

    • You can now login to the application with the new password. (with success=true)

    • This URL can be used only once (with success=false)

    • Access expired. (with success=false)

    • The operation cannot be completed. Please try again. (with success=false)

The target URL handler should be prepared to gracefully handle other possible messages as well.

For some errors, the user may be sent to the Generic Error Page page instead of the Redirect To URL.

Blocked account emails

If a user attempts to log in ten or more times unsuccessfully from the same IP address, the user account will be locked and they will receive a Blocked Account email. Once the user receives this email, they will not be able to login from that IP address again until they click on the link contained in the email.

If the user successfully logs in before they exhaust their ten allowed attempts, the counter is reset.

In addition to the common variables available for all email templates, the following ones are available in the Blocked Account Email template:

  • user.source_ip

  • user.city

  • user.country

  • If the user is logged in through an Organization:

    • organization.id

    • organization.display_name

    • organization.name

    • organization.metadata

    • organization.branding.logo_url

    • organization.branding.colors.primary

    • organization.branding.colors.page_background

This template also provides the url variable that should be used to create the link that the user needs to follow. For example:

<a href="https://auth0.com/docs/{{ url }}">Click here to unblock your account</a>

Redirect To results for blocked account email templates

You can configure a Redirect To URL to send the users to after the account unblocking action was attempted. When redirecting, Auth0 will include the following parameters:

  • email indicating the email of the user

  • success with value true or false indicating whether the account unblocking was successful

  • message with an additional description of the outcome. Some possible values are:

    • Your account has been unblocked. (with success=true)

    • This URL can be used only once (with success=false)

    • Access expired. (with success=false)

The target URL handler should be prepared to gracefully handle other possible messages as well.

Breached password alert emails

This email type is sent whenever Auth0 detects that the user is trying to access the application using a password that has been leaked by a third party. These emails are only set after enabling Breached Password Detection in the Attack Protection section of the dashboard. To learn more, see Breached Password Detection.

In addition to the common variables available for all email templates, the following ones are available for the Breached Password Alert emails:

  • If the user is logged in through an Organization:

    • organization.id

    • organization.display_name

    • organization.name

    • organization.metadata

    • organization.branding.logo_url

    • organization.branding.colors.primary

    • organization.branding.colors.page_background

Enrollment emails for MFA

This email will be generated when an MFA enrollment invitation is sent. The message will contain a link that, when visited, will show the MFA enrollment experience.

In addition to the common variables available for all email templates, the link variable is available in this email type, containing the URL that you will use to construct the link for this action, as in this example:

<a href="https://auth0.com/docs/{{ link }}">Enroll your MFA device</a>

Unlike other email templates, the correct variable name is link and not url. Also, the connection.name variable is not available on this email template type.

Verification code emails for MFA

This email will be generated when you use email as an MFA method and request a verification code to be sent. In addition to the common variables available, the template provides a code variable to render the code used for MFA verification. For example:

<div>Your code is: {{ code }}</div>

User invitation emails

If a user is invited to become a member of an Organization, they will receive a User Invitation email that contains a URL link. When the user clicks on the link, they will be redirected to your default login route. To learn more, see Configure Default Login Routes.

When a user accepts an invitation, their email address will be marked as verified.

If the user accepts an invitation through federated login, then the identity provider must return the email address that matches the email address to which the invitation was sent. The email verification will not be overridden with the value returned by the identity provider on subsequent logins.

In addition to the common variables available for all email templates, the following are available to the User Invitation template:

  • User invitation information (all information derived from the user invitation ticket):

    • inviter.name

    • app_metadata

    • user_metadata

    • roles.id

    • roles.name

    • roles.description

  • Organization information:

    • organization.id

    • organization.display_name

    • organization.name

    • organization.metadata

    • organization.branding.logo_url

    • organization.branding.colors.primary

    • organization.branding.colors.page_background

To localize emails, you can set the locale to be sent in user_metadata when creating an invitation. To learn more, see Customize Email Templates: Multilingual Email Templates.

Redirect results for user invitation email templates

You must configure a default login route, to which users will be sent after selecting the link to accept the invitation. When redirecting, Auth0 will include the following parameters:

  • invitation: ID of the invitation ticket

  • organization: ID of the organization to which the user is being invited

  • organization_name: Name of the organization to which the user is being invited

For example, if you have an organization-enabled application with an Application Login URI set to https://myapp.com/login, then the link sent in the email invitation that an end-user receives will be: https://myapp.com/login?invitation={invitation_ticket_id}&organization={organization_id}&organization_name={organization_name}.

The target login route should initiate a transaction to /authorize that contains the provided invitation and organization key-value pairs. It should also be prepared to gracefully handle other possible messages.

Passwordless emails

Unlike the previous email templates types, this email template is not configured from the Email Templates section. Instead, it's part of the settings for the Email Passwordless Connection.

The Passwordless Email is sent when a passwordless access is requested, either by code (the user receives a code that types in the application) or by a link (the user clicks on a link and is taken directly to the application).

You can use all the common variables available in all templates, plus the following variables defined specifically for the Passwordless Email template:

  • send, which will contain a value of link, link_ios, link_android or code depending on the type of passwordless email requested.

  • code with the one-time-use code to access the application

  • link with the link that can be clicked by the user to gain access to the application (only for link-type passwordless emails)

  • request_language will have the language code of the user request, if available

  • operation, which will be change_email if this is a passwordless email change operation.

The default template uses the above variables to do something like this:

<!-- Email change content -->
{% if operation == 'change_email' %}
  <p>Your email address has been updated.</p>
{% else %}
  <!-- Signup email content -->
  {% if send == 'link' or send == 'link_ios' or send == 'link_android' %}
    <p>Click and confirm that you want to sign in to {{ application.name }}. This link will expire in five minutes.</p>
    <a href="https://auth0.com/docs/{{ link }}">Sign in to {{ application.name }}</a>
    {% elsif send == 'code' %}
    <p>Your verification code is: <b>{{ code }}</b></p>
  {% endif %}
{% endif %}

In the Passwordless Email template only the email property of the user object is available.

Learn more