Enable self-service registration

Self Service Registration (SSR) allows end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. to self-register into a custom appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. or the Okta Homepage. After you enable SSR, a Sign up link appears in the Okta Sign-In widget. This link takes users to a new Create Account registration form based on a customized registration policy.

The Okta Sign-In Widget is a JavaScript widget that allows you to customize the Okta sign-In experience. For more details about using the Okta Sign-in widget, see Okta Sign-In Widget Guide.


Configure a self-service registration policy

This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, contact Okta Support.

Configure an SSR policy to design and manage the end-user registration experience. You can choose the fields you want to include on the Create Account registration form, specify how those fields are ordered, and mark which of the fields are required.


  • When the policy is enabled, Okta enforces uniqueness for all primary email addresses.
  • Upon registering, end users need only to provide an email address. Okta automatically uses that email address as the end user’s username and primary email address.

  1. In AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, go to Directory > Self-Service Registration.
  2. Click Enable Registration.

You can configure settings for the following:

  • Define a password policy. Note that the following Complexity requirements are not supported for a self-service registration password policy:
    • Does not contain first name
    • Does not contain last name
  • Configure the displayed fields on the Create Account registration form.
  • Define the work flow that your end users will follow after they register. For details, see Self-service registration workflows.


You can only enter existing groups. If no group is specified, Okta applies the Default password policy. For details on creating password policies, see Authentication.


From here, you can configure the fields that are displayed in the Create Account registration form.

Email and password are required for registration and are displayed at the top of the Create Account registration form. You can customize the label that is displayed for these fields by modifying the Login field form label and Password field form label fields.

Note: Upon registering, end users need to provide an email address. Okta automatically uses that email address as the end user’s username and primary email address.

Registration form fields

Use the + Add Field button to create additional fields within the Create Account registration form. Choose from the list of attributes taken from the Okta user profile configured for your orgThe Okta container that represents a real-world organization. within the Profile Editor. To manage the Okta user profile, click Configure the Okta user profile.

For each field, you can:

  • Drag and drop the fields to change the field list order.
  • Use Form label to enter the labels you want to appear in the widget.
  • Select the Required check box to mark a field as required.

Note: The registration form supports string, number, Boolean, and integer data types, as well as enum data types for strings, numbers, and integers.


Select your choice of registration work flows for your users, and direct them to the appropriate end point (your org’s Okta Homepage or custom app/portal). For details, see Self-Service Registration Work flows below.

Activation requirements: If you want to send end users a Register Activation email automatically, select User must verify email address to be activated.

If you leave this check box unselected, and end users are not required to verify their email address in order to be activated, Okta sends a Registration Verification email based on Okta email templates. For details about using the Okta email templates, see Email and SMS Options. This choice opts out of enforcing email verification.

Turn off the security image and security questions

Okta normally prompts new users to choose a security image and security questions during their initial sign in. For Self-Service Registration, these options must be disabled.

To disable the security image, do the following:

  1. In Admin Console, go to Settings > Customization.
  2. In Optional User Account Fields, click Edit.
  3. Disable the Security image option, and then click Save.

To disable security questions, do the following:

Note: The steps below must be completed for each active policy (Default, Legacy, and so on).

  1. In Admin Console, go to Security > AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect..
  2. Click Edit to make changes.
  3. In the Account Recovery section, clear the Security question check box under the Additional self-service recovery option.

Enable the widget for self-service registration

Whether you are using the Okta-hosted Sign-in page (URL) or hosting your own Okta Sign-in widget (Dev URL), you must add two strings to the Okta Sign-In widget to enable the Sign up link and registration form in the widget. In the widget HTML, add the following configuration parameters directly under var config = {{{config}}};

config['features.registration'] = true;

config['authScheme'] = 'SESSION';

Note: To enable the Custom Sign In HTML editor, you must have a custom URL domain configured.

The following demonstrates how organizations using the Okta-hosted Sign-in page can enable registration in the widget; however, the added configuration parameters and specified location within the widget HTML are the same in both hosting models.

  1. In Admin Console, go to Settings > Customization.
  2. Click the Custom Sign In tab.
  3. In the HTML editor, add the following strings directly under var config = {{{config}}}; as shown in the illustration below.

config['features.registration'] = true;

config['authScheme'] = 'SESSION';

After you publish the custom sign-in widget, the Sign-up link should appear in the Okta Sign-In widget.

Self-service registration experience for end users

This is an Early Access feature. To enable it, contact Okta Support.

After your registration policy and the Sign-in widget are configured and enabled, end users can click the Sign-up link in the Okta Sign-in widget, which launches the Create Account registration form. They fill out the fields that you configured in the SSR Registration Policy. See Register for an Okta account.

Note: Upon registering, end users need to provide an email address. Okta automatically uses that email address as the end user’s username and primary email address.

Self-service registration workflows

Self-service registration currently supports two registration workflow options.

Make email verification mandatory

After registering their information, end users are immediately sent an email to verify their email address. Users must click the link within the email to complete the registration process. Users are then redirected to your app or to your org’s Okta Homepage—signing in is no longer required.

The lifetime of the emailed link is dictated by the Activation emails are valid for… setting on the General page under the Security menu (Administrator Dashboard > Security > General page).

Make email verification optional

After registration, end-users are immediately redirected to your custom app/portal or to your org’s Okta Homepage. Okta then sends the user an email requesting verification of their email address.