By default, Identity Portal is using the "Forgotten Password" task from Identity Manager and the password is displayed on screen.  You can configure that task within Identity Manager to send an email instead, and that would be reflected in Identity Portal.  To configure the "Forgotten Password" task to email the temporary password, first ensure that email notifications are configured for the IM environment and then follow these steps as documented in the IM Bookshelf:

1. In the User Console, choose Roles and Tasks, Admin Tasks, Modify Admin Task.
2. Select the Forgotten Password task.
3. On the Profile tab, click Business Logic Task Handlers. The Business Logic Task Handlers screen opens. The BLTHGenerateTemporaryPassword handler should appear in the list of handlers.
4. Click the right arrow icon to edit the properties for the handler.
5. In the Property field, click the minus icon to delete the ShowPwdOnScreen property.
6. In the Property field, type in ShowPwdOnScreen again.
7. In the Value field, enter: false
8. Click Add.

Submit the changes to the task in Identity Manager.  In Identity Portal, restart the CAIM connector.

If instead, you want to use the "Forgotten Password Reset" task so users can reset the password themselves, follow these steps:

1. In the CA Identity Portal Admin UI, click on Setup > Connectors and then the CAIM connector.
2. Go to the Tasks tab on the CAIM connector and change the task name from "Forgotten Password" to "Forgotten Password Reset".
3. Save the change.
4. In CA Identity Manager, enable Web Services for the "Forgotten Password Reset" admin task and submit that change.
5. Restart the CAIM connector in Identity Portal.

At this point you disabled the Password being showed in a popup to User.

Create a PolicyXpress to send the Password by e-mail.