Configuring notifications and reports

Admins can create custom notification objects that can be applied to policies and reports. This will determine which admins or users are notified when a policy is violated and what the custom message says.

Admins will need to configure the notifications object under one of the pages under Protect > Notifications and then configure which objects are used on the Protect > Policies page when you are setting up your policy action lines.

Under Protect > Notifications, you will see three primary options for notifications and a fourth option for other messages.



  • Inline Popup: This is where you can configure the inline messages that appear when a user violates a policy in real time.
  • User Emails: These will be email notifications to the individual users who are violating the policy.
  • Group Emails: These will be email notifications that you can send to an entire group. These groups are sourced from the IAM > Users and Groups page and will be a drop-down that you can select from. Typically, this will be used to email specific IT or admin groups based on the policy violation and severity.
  • Other Messages: The messages page allows admins to customize various messages that will display for users such as if they land on the Forcepoint ONE SSE login portal page or when triggering a policy action such as a blocked file or the watermark being applied to the file.

You can also notify administrators by email when alerts are generated by setting Report Settings under Analyze > Logs > Settings. These are independent of emails and notifications that are sent out when individual policy rules or DLP matches are triggered.