Self-Service Registration

The Self-Service Registration (SSR) functionality enables end users to sign up for your services. You can configure the registration using either the Sign-In Widget hosted by Okta or with a custom authentication solution embedded on your server.

For details on implementing the sign-in authentication for your application, see the sign users in guide.

When new end users sign up, the Sign-In Widget shows the enrollment form. Here they can fill out the fields you configured in the profile enrollment policy.

After end users complete the enrollment form, Okta sends them a link and a one-time password (OTP) to verify their email address and complete the registration process. The activation email satisfies possession assurance through the email authenticator. Other authentication prompts can appear, depending on the authentication settings in your sign-on policies. See Authentication policies and Global session policies.

After end users satisfy all the authentication requirements, Okta automatically registers them in your org. Okta also provisions them to the appropriate groups defined by the profile enrollment policy. Okta then redirects the end users to your app or your Okta End-User Dashboard.

If your org doesn't use password-optional authentication, you can still configure the email verification to be optional. After registration, Okta immediately redirects end users to your custom application or your End-User Dashboard. The end user is sent a welcome email using the Registration - Email Verification template. Clicking the verification link demonstrates ownership of the email authenticator, but it isn't a requirement for the user to complete the sign-in process.

If you enable SSR and the end user attempts to sign in with a username that doesn't exist in the org, Okta returns a warning message that there’s no account with that username.

If SSR is enabled but the sign up link doesn't appear, ensure that either your app is available to all users or that the groups assigned in the profile enrollment policy are also assigned to the app.

If you disable SSR for your app and the end user enters a username that doesn't exist in the org, the Sign-In Widget prompts them to enter a password but they can't sign in. In this scenario, the Sign-In Widget doesn't display the option to sign up for an account. You must have an alternate method to create the accounts for new users. See Add users manually.

Related topics

Progressive enrollment

flows

End user sign-in process

End-user experience