[midPoint] HowTo: Welcome mail send only once

Thu Aug 21 10:13:34 CEST 2025

Dear Ivan,

Once again, thank you! This is exactly what I needed. Somehow I missed this part of the documentation. Shame on me...

With best regards,
Mike

Sent with [Proton Mail](https://proton.me/mail/home) secure email.

On Thursday, August 21st, 2025 at 10:06 AM, Ivan Noris via midPoint <midpoint at lists.evolveum.com> wrote:

> Hi Mike,
>
> variable event.focusPassword (or event.getFocusPassword() ) should contain the user password in userPasswordNotifier.
>
> Please see https://docs.evolveum.com/midpoint/reference/support-4.9/misc/notifications/configuration/, especially the chapter "Expression Variables" to see the most important variables accessible in notifications.
>
> Ivan
>
> On 21. 8. 2025 9:39, mikhail.nikolaenko wrote:
>
>> Here’s a polished version of your message with improved grammar, clarity, and flow while keeping the tone professional but friendly:
>>
>> ---------------------------------------------------------------
>>
>> Hi Ivan,
>>
>> Thank you very much for the quick response! I used accountPasswordNotifier as it appeared in many samples to notify users about their new password. However, the userPasswordNotifier you suggested does sound more appropriate. As I understand it, the account password notifier is triggered for every account with a password.
>>
>> My problem, however, is that I haven’t found a way to access the password in plain text. In the accountPasswordNotifier, I use event.plaintextPassword, but this doesn’t work in the user password notifier since the event object doesn’t contain the plaintextPassword property. I’ll try to investigate this further, perhaps with the debugger, to see what kind of events and context are available in this notifier.
>>
>> Coming back to my main issue. After re-reading the documentation you shared, I realized that filters can also be used with password notifiers. So I added:
>>
>> <operation>add</operation>
>>
>> and now I’m getting exactly what I need out of the box.
>>
>> So once I’m able to read the password from the userPasswordNotifier context, I’ll have the complete solution.
>>
>> Once again, thank you for your help.
>>
>> Best regards,
>> Mike
>>
>> ---------------------------------------------------------------
>>
>> Would you like me to make it slightly more concise (business-like), or keep this friendly and detailed tone?
>>
>> On Monday, August 18th, 2025 at 4:36 PM, Ivan Noris via midPoint [<midpoint at lists.evolveum.com>](mailto:midpoint at lists.evolveum.com) wrote:
>>
>>> Hi Mike,
>>>
>>> what about trying userPasswordNotifier? It is very similar to accountPasswordNotifier, but it uses midPoint password and not account password.
>>>
>>> If you create users and generate their passwords in a single step, this might well be what you want.
>>>
>>> See also: https://docs.evolveum.com/midpoint/guides/notifications-howto/
>>>
>>> Best regards,
>>>
>>> Ivan
>>>
>>> On 18. 8. 2025 12:12, mikhail.nikolaenko via midPoint wrote:
>>>
>>>> Hello dear community,
>>>>
>>>> We have the following business requirement: when a new user is created, the system must send a welcome email to their private email address containing some text and the initial password.
>>>>
>>>> My first idea was to use simpleUserNotifier for the addoperation. However, I was not able to find a way to access the newly generated password.
>>>>
>>>> As an alternative, I used accountPasswordNotifier, and from there I can send the welcome email with the password. This works, but now I need to ensure that it happens only once.
>>>>
>>>> As soon as the email is successfully sent (sure we could not be sure if it was delivered, but at least send operation has been completed without error), no further emails should be triggered by password changes in midPoint. My first thought was to follow a common approach by using a custom attribute like isWelcomeMailSent, and setting it to true once the email has been sent.
>>>>
>>>> So my question is: how can I modify a person attribute at the moment the email is sent? Is it possible to do this directly from the notification script? Or perhaps I was wrong, and there is actually a way to access the new password in the add operation context?
>>>>
>>>> Best regards,
>>>> Mike
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>>
>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>> --
>>> Ivan Noris
>>> Expert Identity Engineer
>>> evolveum.com
>
> --
> Ivan Noris
> Expert Identity Engineer
> evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250821/de1d2b7a/attachment.htm>