A given expiration, pending, issued or denied alert can have only one event handler action associated with it. For example, an alert can run one PowerShell script but not also a second PowerShell script or also an event logging task. Alerts configured with a PowerShell or renewal event handler can also send out email messages. However, be aware that your PowerShell script will run once for every certificate and every email recipient, so if your alert has three email recipients, your script will run three times for each certificate. If this is not the desired behavior, you can set up separate alerts for email messages and your PowerShell script. Alerts configured with an event logger event handler will log events to the event log instead of sending email messages. If you want to both log to the event log and send email messages for a given alert configuration, you need to set up two separate alerts.
A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. (via an alert test, for example) they will run in the context of the Keyfactor API application pool account. If they are triggered by a scheduled task (an alert run automatically, for example), they will run in the context of the Keyfactor Command Service account. Keep this in mind if your configuration of the PowerShell script is going to use Windows Authentication to reach back into Keyfactor Command or perform another task requiring authentication.