Create a custom profile enrollment form

You can create or edit a custom profile enrollment form for progressive enrollment scenarios. End users are prompted for input during their next sign-in attempt if a required attribute is missing from their profile.

Before you begin

The attributes added to the profile enrollment form must exist in the default user profile for Okta Universal Directory. Both base and custom attributes are permitted. See About profile types.

The User permission for each attribute must be set to Read-Write before the end user can update the attribute using the profile enrollment form.

See Understand attribute rules for the profile enrollment form for a complete summary on adding, editing, and deleting profile attributes.

Super admin access is required to modify the profile enrollment form.

Procedure

Task 1 - Customize the form sign-in options

The profile enrollment form shown to end users can be customized with a header at the top and a confirmation button at the bottom.

Use the following procedure to change these labels:

  1. In the Admin Console, go to Security > Profile Enrollment.

  2. Under the Actions column for the policy you want to update, select the Edit icon.

  3. In the Profile enrollment section, click Edit to modify the options.

  4. Under Customize label, enter the text you want to show your end users:

    • Form header: The text at the top of the enrollment form. For example, Sign in or Log in to your personal account.

    • Submit button: The text displayed on the confirmation button. For example, Submit or Log in.

Task 2 - Create the custom profile enrollment form

Use the following procedure to create the customized enrollment form that Okta will use to add end user information to their profiles:

  1. In the Admin Console, go to Security > Profile Enrollment.

  2. Under the Actions column for the policy you want to update, select the Edit icon.

  3. The Profile enrollment form section shows the profile attributes that the enrollment form collects from end users. When you create the policy, these fields are populated using the attributes that are marked as required in the Universal Directory default profile.

  4. Default fields show up first in the enrollment form. However, you can change the order of the attributes by clicking and dragging each attribute under the Order column. This changes the order shown on the enrollment form displayed to the end user.

  5. Use the Edit or Delete actions to modify or remove any attributes from the enrollment form. If these actions are not present, those attributes can't be changed or removed from the profile enrollment form. See Understand attribute rules for the profile enrollment form.

  6. Click Add form input to pick additional attributes from the Universal Directory.

  7. Select the attribute from the dropdown menu. The User permission for the attribute must be set to Read-Write before the attribute can be added to the enrollment form.

  8. In the Add form input dialog, verify that the Data type and Attribute requirement information match the settings from the Universal Directory default profile. To modify these settings, click Go to Profile Editor:

    1. Select the User (default) profile.

    2. Locate the attribute, and then click the information icon to edit the attribute properties.

    3. In the User permission section, select Read - Write. End users require write access to update any attribute information in their profile.

    4. Click Save Attribute.

      If your Okta org provides access to the Okta End-User Dashboard, registered end users can modify the value of this attribute through their personal settings page.

  9. In the Customize form input section, you can modify the following fields for the attributes:

    • Form label: This is the text label for the attribute that is shown to the end user.

    • Input requirement: This indicates whether this attribute must be provided by the user for the form to proceed. See Understand attribute rules for the profile enrollment form. If the Okta user profile requires this attribute, you can't change this requirement to be Optional and the end user must provide a value.

    • Input display type: This determines what type of input form the enrollment form shows to the end user. For example, a text box, radio buttons, or a dropdown menu.

    • Input form validation: If the user must provide the input in a particular format, you can select an input validation method from the dropdown menu. Validation is available for phone numbers and calendar dates.

    • Click Save.

If an attribute is defined in any of your Okta user profiles with any of the following conditions, it can't be added to the enrollment form:

  • A user permission set to Read-only or Hide
  • Marked as sensitive
  • Sourced from an external application

You can't add an attribute more than once to the enrollment form.

You should observe a limit of 10 attributes to the enrollment form to prevent overloading the interface displayed to the end user.

Task 3 - Remove attributes from the enrollment form

To remove an attribute from the enrollment form:

  • Click Delete on that row of the form. If the delete action is unavailable, the attribute is either required by the default user profile, or there is an error condition that must be resolved.

  • Click Delete form input to confirm the deletion or Cancel to keep the attribute.

You can't edit or delete the base attributes that are required in the default user profile: Primary email, Last name, or First name.

If you remove an attribute from the enrollment form, you can add it back at a later time.

Related topics

Create a profile enrollment policy

Collect profile information and register users

Understand attribute rules for the profile enrollment form