Okta Self-Service Registration

Okta Self Service Registration (SSR) allows end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. to self-register into your custom appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. or the Okta Homepage. Once enabled, a Sign up link appears in the Okta Sign-In widget. This link takes usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. to a new Create Account registration form based on a customized registration policy.

The Okta Sign-In Widget is a JavaScript widget that allows you to customize the Okta sign-In experience. For more details about using the Okta Sign-in widget, see Okta Sign-In Widget Guide. Using SSR requires Okta Sign-in widget version 2.9 or later.

This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.

Configure a Self-Service Registration Policy

The first step to enabling Self Service Registration is configuring a SSR policy to design and manage the end-user registration experience. You can choose the fields you want to include on the Create Account registration form, specify how the fields are ordered, and mark which are required.

Note:

  • Once enabled, we enforce uniqueness for all primary email addresses.
  • Upon registering, end users need only to provide an email address. Okta automatically uses that email address as the end user’s username and primary email address.

  1. From the Administrative Dashboard, hover over Directory drop-down menu.
  2. Scroll down to Self-Service Registration.
  3. Click the Enable Registration button.

You can configure settings for the following:

  • Define a password policy.
  • Configure the displayed fields on the Create Account registration form.
  • Define the work flow end users follow after registration. For details, see Self-Service Registration Work flows below.

ACCOUNT

  • Self-service registration: Select Enable.
  • Add to Sign-In widget: Select this option if you want to add a Sign Up link in your Okta hosted Sign-In page. Selecting the option here eliminates the need to configure the link via JavaScript in the Custom Sign In page editor.
  • Assign to group: After self-registering, users are automatically added to the group(s) you specify here. These group(s) determine the password policy enforced for password complexity requirements during registration.

You can only enter existing groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.. If no group is specified, Okta applies the Default password policy. For details on creating password policies, see Authentication.

REGISTRATION FORM

From here, you can configure the fields that are displayed in the Create Account registration form.

Email and password are required for registration and are displayed at the top of the Create Account registration form. You can customize the label that is displayed for these fields by modifying the Login field form label and Password field form label fields.

Note: Upon registering, end users need only to provide an email address. Okta automatically uses that email address as the end user’s username and primary email address.

Registration form fields

Use the + Add Field button to create additional fields within the Create Account registration form. Choose from the list of attributes taken from the Okta user profile configured for your orgThe Okta container that represents a real-world organization. within the Profile Editor. To manage the Okta user profile, click Configure the Okta user profile.

For each field, you can:

  • Drag and drop the fields to change the field list order.
  • Use Form label to enter the labels you want to appear in the widget.
  • Select the Required check box to mark a field as required.

Note: The registration form supports string, number, Boolean, and integer data types, as well as enum data types for strings, numbers, and integers.

POST-REGISTRATION

Select your choice of registration work flows for your users, and direct them to the appropriate end point (your org’s Okta Homepage or custom app/portal). For details, see Self-Service Registration Work flows below.

Activation requirements: If you want to send end users a Register Activation email automatically, select User must verify email address to be activated.

If left unchecked, and end users are not required to verify their email address in order to be activated, Okta sends a Registration Verification email based on Okta email templates. For details about using the Okta email templates, see Email and SMS Options. This choice opts out of enforcing email verification.

Enable the Widget for Self-Service Registration

Whether you are using the Okta-hosted Sign-in page (URL) or hosting your own Okta Sign-in widget (Dev URL), you must add two strings to the Okta Sign-In widget to enable the Sign up link and registration form in the widget. In the widget HTML, add the following configuration parameters directly under var config = {{{config}}};

config['features.registration'] = true;

config['authScheme'] = 'SESSION';

The following demonstrates how organizations using the Okta-hosted Sign-in page can enable registration in the widget; however, the added configuration parameters and specified location within the widget HTML are the same in both hosting models.

  1. From the Administrative Dashboard, hover over the Settings drop-down menu.
  2. Choose Customization.
  3. Click the Custom Sign In tab.
  4. In the HTML edtior, add the following strings directly under var config = {{{config}}}; as shown in the illustration below.

config['features.registration'] = true;

config['authScheme'] = 'SESSION';

After you publish the custom sign-in widget, the Sign-up link should appear in the Okta Sign-In widget.

This is an Early Access feature. To enable it, please contact Okta Support.

End-User Self-Service Registration Experience

Once your registration policy and the Sign-in widget are configured and enabled, end users can click the Sign-up link in the Okta Sign-in widget, which launches the Create Account registration form. They fill out the fields you configured in the SSR Registration Policy.

Note: Upon registering, end users need only to provide an email address. Okta automatically uses that email address as the end user’s username and primary email address.

Self-Service Registration Work Flows

Self Service Registration currently supports two registration work flow options.

Make email verification mandatory

After registering their information, end users are immediately sent an email to verify their email address. Users must click the link within the email to complete the registration process. Users are then redirected to your app or to your org’s Okta Homepage—signing in is no longer required.

The lifetime of the emailed link is dictated by the Activation emails are valid for… setting on the General page under the Security menu (Administrator Dashboard > Security > General page).

Make email verification optional

After registration, end-users are immediately redirected to your custom app/portal or to your org’s Okta Homepage. Okta then sends the user an email requesting verification of their email address.

Turn off Security Image and Security Questions

Okta normally prompts new users to choose a security image and security questions during their initial sign in. For Self-Service Registration, these options must be disabled.

To disable the security image, do the following:

  1. From the Administrative Dashboard, hover over the Settings drop-down menu.
  2. Choose Customization.
  3. Scroll down to Optional User Account Fields, and click the Edit button.
  4. Disable the Security image option and click the Save button.

To disable security questions, do the following:

Note: The steps below must be completed for each active policy (Default, Legacy, etc.).

  1. From the Administrative Dashboard, hover over the Security drop-down menu.
  2. Choose Authentication.
  3. Click the Edit button to make changes.
  4. Scroll down to Account Recovery.
  5. Uncheck Security question under the Additional self-service recovery option.
Top