Multiple Email Addresses EventHandlerFramework


Is it possible to work with multiple email addresses in the event handler framework?

In our ldap we have configured multiple email addresses, a first for the company and a second (private) one for recovery actions.

In PrivacyIdea we have configured a fallback process in which the user can delete their token if they have lost it or whatever…
After deleting they get a qrcode with a temporary (3 days) totp token. This totp token should be sent to the private email address but how can we use this attribute in the framework? Do we need this to be done by scripting?


you can configure your LDAP-resolver to map the second emailaddress into another attribute.

best regards


we have configured the ldap resolver to map the private email attribute.

{ “email” : “mail”, “surname” : “sn”, “givenname” : “givenName”, “groups” : “eduPersonAffiliation”, “pmail” : “homeEmailAddress” }

Our problem or question is: how to use the private email address in the UserNotificationHandler? In this, the possibilities are preselected, like token_owner or admin…

do you use the primary email for anything (login)?
If not, you could map the private address to the email-attribute.

The UserNotificationHandler users the users email attribute or mobile phone…

You can map any attribute like you did with “pmail”. However, you can not use it in the UserNotHand.
If you want to use pmail, you can use the ScriptHandler and create your own notification script.


thanks for answering. I am a fan of the ScriptHandler but if more scripts are needed, the maintainability becomes more complicated.

Could it be a solution to address the user attributes by tags like in the email body of the UserNotificationHandler?
For example {} or if you have an array {[0]}.

maybe for a future release…

In your case, is the user the acting user or the tokenowner?

Would happen here:


the acting user will be the token. If he/she disables the token (in the gui) they will receive an email with the fallback token to their private email address.

For this process, I wanted to use the provided event handler framework.
1.) User login in to gui and disables the token
2.) Script is called → creating the totp token
3.) An email ist send with the qrcode to the user

We integrated the privacyidea system with our ldap. In the ldap we have configured 2 email addresses for the users (1x company and 1x private). The private one is for the recovery process if something happens with the login data.

A good comment or question of @AAuer was/is: Do we use the company email address in the privacyidea? At the moment NO but what will be in the future?!

I see the tags dict. But the dict is only used in the email block. It would be nice to use it in html select list of the “to” option.

Interesting. So the point would be

Actions: sendmail

And then you would want to have like

To: Userattribute

and then be able to choose a user attribute that contains an alternate email address.

(So this again would be different then before).

Yes, something like this. If this wasn’t clear before, it is my English that is to blame.

1 Like

Opened and issue.

You are welcome to participate.