The default configuration is for the e-mail notification to go only to the user. The policies that ship with Identity Manager use the e-mail address from the Identity Vault object for the user that is affected.
However, you can configure the password synchronization policies so that e-mail notifications also go to the administrator. To do this, you must modify the Identity Manager script for one of the policies.
Send a Blind Copy to the administrator by defining the token with the administrator's e-mail address.
To copy an administrator, modify the policy that generates the e-mail (such as PublishPasswordEmails.xml, in which the policy looks up the e-mail address to send notifications) and add an additional <arg-string> element with the administrator's e-mail address.
The following example illustrates the additional arg-string element:
<arg-string name="to">
<token-text>Admin@company.com</token-text>
</arg-string>
Make sure to restart the driver after making these changes.