Self-service registration

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

The self-service registration (SSR) functionality in Okta gives end users the power to sign up for your services using either the Okta-hosted Sign-In Widget or a custom embedded authentication solution.

For details on implementing authentication for your application using either the Okta Sign-In Widget or a custom solution, see the Sign users in guide on the Okta developer documentation site.

When new users click Sign up in the Sign-In Widget, they are presented with an enrollment form where they can fill out the fields you configured in the profile enrollment policy. Okta automatically uses the email address as the end user’s username and primary email address.

After end users register, Okta sends them a link to verify their email address and complete the registration process. The activation email satisfies possession assurance through the email authenticator. Additional authentication prompts may appear, depending on the authentication settings in your sign-on policies. See Authentication policies and Global Session Policies.

After satisfying all authentication requirements, end users are registered and provisioned to the appropriate groups defined by the profile enrollment policy. Okta then redirects them to your app or your organization's Okta home page.

If your org doesn't use password-optional authentication, you can configure the email verification step to be optional. After registration, Okta immediately redirects end users to your custom application or your organization's Okta home page. The end user is sent a verification email, but clicking the verification link isn't a requirement for the user to complete the sign-in process.

If SSR is enabled and the end user enters a username that doesn't exist in the org, Okta returns a warning message that there is no account with that username.

If SSR is disabled for your app and the end user enters a username that doesn't exist in the org, they are prompted to enter a password but aren't permitted to sign in. In this scenario, the option to sign up for an account isn't displayed on the Sign-In Widget. You must have an alternate method to create the accounts for new users. See Add users manually.

Related topics

Progressive enrollment

Sign-in flows

End user sign-in process