Enable and configure a self-service registration policy

Deprecation notice: Okta is deprecating Self-Service Registration (SSR) from the Okta Classic Engine for customers that don't currently use the feature. However, SSR remains supported for customers already using it on Okta Classic Engine. For orgs using the Okta Identity Engine, SSR is now part of the profile enrollment policy feature. See End-user registration for information about the expanded features available in the Okta Identity Engine. For any questions or concerns, contact your Customer Success Manager (CSM) or Okta Support.

You use a self-service registration policy to let users self register for application access. When creating your policy, you can choose the fields you want to include on the Create Account registration form, specify how those fields are ordered, and mark which of the fields are required.

When you enable a self-service registration policy, Okta enforces uniqueness for all primary email addresses. When registering, users need to provide their email address. Okta automatically uses the email address for the username and primary email address.

The self-service registration password policy does not support does not contain first name and does not contain last name complexity requirements.

  1. In the Admin Console, go to DirectorySelf-Service Registration.
  2. Click Edit.
  3. In the Self-service registration list, select Enabled.
  4. Complete these fields:
    • Add to Sign-In widget: Optional. Select this option if you want to add a Sign Up link to your custom, Okta hosted sign in page. Selecting the option also eliminates the need to configure a link using JavaScript in the custom sign In page editor.
    • Assign to group: Enter the names of existing groups that users will be added to automatically when they self register. Group membership determines which password policy is applied during registration. You can only enter existing groups. If no group is specified, Okta applies the Default password policy. For details on creating password policies, see Authentication.
  5. In the REGISTRATION FORM area, complete these fields:
    • Login field form label: Optional. Enter a label for the Email field on the Create Account registration form.

    • Password field form label: Optional. Enter a label for the Password field on the Create Account registration form.

    • Registration form fields: Select the fields you want included on the Create Account registration form. You can accept the default field label value, or optionally enter a field name in the Form label field. Select the Required check box to make the field mandatory. To require additional fields, click Add Field. To change the priority of a field, click and drag it to a new location. To remove a field, click X.

      The registration form supports string, number, Boolean, and integer data types, as well as enum data types for strings, numbers, and integers.

  6. In the POST REGISTRATION area, complete these fields:
    • Activation requirements: Optional. Select User must verify email address to be activated to automatically send users a register activation email. If you don't select the check box, and users are not required to verify their email address for activation, a Registration Verification email using Okta email templates is sent. See Email and SMS Options.

    • Default redirect: Select User dashboard to redirect users to your org’s Okta homepage, or select Custom URL to redirect users to your custom app, OIDC portal, or SAML portal.

  7. Click Save.
  8. Optional. If you added fields to the registration form in step 5, go to DirectoryProfile Editor.
    1. Select the profile that contains your new attribute.
    2. Find the new attribute, and then click its information icon.
    3. In the User permission drop-down box, select Read - Write.
    4. Click Save Attribute. End users can modify this field after registration in their settings page.