Info: Contacts and Approvers


Contacts, Approvers, and Recipients are used throughout our product to do several things and some of these functions work together such as Notifications and Workflow. Contacts and Approvers can be either Security groups or individual users. If you use Security groups, anyone from that group will be the Contact/Approver. Using an individual user sets you up for a single point of failure.

  1. Assign Workflow Approvers
  2. Send Notifications through SMTP channel objects
  3. Secure control through Policy
  4. Deliver scheduled Reports
  5. Utilize Macros to dynamically get object fields

More Info:


Workflow uses Approvers. Approvers can be set on Certificate objects or Application objects. You can see from the screenshot below.

  • Workflows can select an Approver by choosing the Identity listed on a certificate or an application dynamically.
  • Workflows can select an Approver by specifically specifying an Approver by static Identity.
  • Workflows can select an Approver dynamically by entering a macro.

Tip: You could use the macro to select a Policy Object Contact. If you assign the Workflow at a specific Policy object it will affect that Policy object as well as all subordinate objects causing that Contact to be the Approver for that whole Policy structure. Since the Contact on the policy object is not lockable you should set the contact on the Policy Object under either Application or Certificate where applicable.


You can define multiple SMTP Channel objects to send notifications to different recipients such as the contact for each application that consumes a given certificate, the certificate contact, the system administrator, and a certificate approver.

  1. Email to Consumer (SMTP) Emails a notification message to the contacts assigned to the applications that consume the target certificate. This channel is used to provide notification for certificate expiration events.
  2. Email to Owner (SMTP) Emails a notification message to the certificate contacts. This channel is used to provide notification for certificate expiration events.
  3. Email to Parent (SMTP) Emails a notification message to the contacts assigned to the target certificate’s parent object. This channel is used to provide notification for certificate expiration and Discovery survey events.
  4. Email to System Administrator (SMTP) Emails a notification message to the local master administrator account (Admin). Important: The local master administrator account is created during installation. You must configure an email address for this account in order for this Channel object to work. This channel is used to provide notification for critical system events such as a notification channel failure.
  5. Email to Ticket Approver (SMTP) Emails an approval request to a workflow ticket approver. Important: This channel provides workflow approval request notifications.



Contacts can be assigned on the Policy objects themselves or on the Policy object under Applications, Certificates, or Devices. You can set the contact to affect all subordinate objects by setting the value for the Contact or by locking the value on the Applications, the Certificate tab, or the Device tab. Default system notifications are sent to the contact Identities on the objects.



Contacts can be set on Report folders or on the reports themselves. They can be set on the Settings tab or on the Setup & Delivery tab. They are used to either establish ownership and/or email delivery by selecting the E-Mail Publishing option of Email to Contact(s): you can also select to specify addresses.





Macros provide a flexible macro language that allows administrators to call variable input for system configuration fields. This macro language is particularly useful when configuring system notifications and workflows. Using the macro language, administrators can dynamically populate fields such as message recipient or sender for SMTP notifications, workflow approver for certificate approvals, or certificate names and locations for certificate expiration notices.  

The Venafi Encryption Director Macro language allows administrators to call variable content for the following system configuration fields:

• SMTP Notifications

• Message Sender

• Message Recipient

• Message Subject

• Message Body

• SNMP Messages

• Application Workflows

• Certificate Approver

• Reason Code Descriptions


  • Getting the contact of an object:

For example: $IdentityMember[$Config[$Event.Component$,"Contact",",\"]$]$

  • Getting the Approver of an object:

For example: $IdentityMember[$Config[$Event.Component$,"Approver",",\"]$]$

  • Get the value of the Contact or Approver email value, Config can reference Contact or Approver, and the Event.Component references the Certificate or Application object.

For example: $IdentityEmail[$Config[$Event.Component$,"Contact"|"Approver",",\"]$]$


Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request