Self-service registration

The self-service registration (SSR) functionality enables end users to sign up for your services. You can configure the registration using either the Sign-In Widget hosted by Okta or with a custom embedded authentication solution.

For details on implementing the sign-in authentication for your application, see the sign users in guide.

When new end users click Sign up in the Sign-In Widget, they’re shown the enrollment form. This form is where they can fill out the fields you configured in the profile enrollment policy. Okta automatically uses the email address for the end user’s username and primary email address.

After end users complete the enrollment form, Okta sends them a link and a one-time password (OTP) to verify their email address and complete the registration process. The activation email satisfies possession assurance through the email authenticator. Other authentication prompts can appear, depending on the authentication settings in your sign-on policies. See Authentication policies and Global session policies.

After end users satisfy all the authentication requirements, Okta automatically registers them in your org. They’re also provisioned to the appropriate groups defined by the profile enrollment policy. Okta then redirects the end users to your app or your org's Okta End-User Dashboard.

If your org doesn't use password-optional authentication, you can still configure the email verification to be optional. After registration, Okta immediately redirects end users to your custom application or your org's Okta End-User Dashboard. The end user is sent a welcome email using the Registration - Email Verification template. Clicking the verification link demonstrates ownership of the email authenticator, but it isn't a requirement for the user to complete the sign-in process.

If you enable SSR and the end user attempts to sign in with a username that doesn't exist in the org, Okta returns a warning message that there’s no account with that username.

However, if SSR is disabled for your app and the end user enters a username that doesn't exist in the org, they are prompted to enter a password but won't be able to sign in. In this scenario, the option to sign up for an account isn't shown on the Sign-In Widget. You must have an alternate method to create the accounts for new users. See Add users manually.

Related topics

Progressive enrollment

Sign-in flows

End user sign-in process

End-user experience