Create a custom profile enrollment form

You can create or edit a custom profile enrollment form for progressive enrollment scenarios. End users are prompted for input during their next sign-in attempt if a required attribute is missing from their profile.

If you enabled the Multiple identifiers EA feature, the profile enrollment policy is renamed user profile policy.

Before you begin

  • Super admin access is required to modify the profile enrollment form.

  • The attributes that you add to the profile enrollment form must exist in the default user profile for Okta Universal Directory. Both base and custom attributes are permitted. See About profile types.

  • The User permission for each attribute must be set to Read-Write before the end user can update the attribute using the profile enrollment form.

  • See Understand attribute rules for the profile enrollment form for a complete summary on adding, editing, and deleting profile attributes.

Customize the form sign-in options

The profile enrollment form shown to end users can be customized with a header and a confirmation button.

  1. In the Admin Console, go to SecurityProfile Enrollment. Or, if you enabled the Multiple identifiers feature, go to SecurityUser Profile Policies.

  2. Under the Actions column for the policy you want to update, select the Edit icon.

  3. In the Profile enrollment section, click Edit to modify the options. If you enabled the Multiple identifiers feature, this section is on the Enrollment tab.

  4. In the Customize label section, enter the text you want to show your end users:

    • Form header: The text that's displayed at the top of the enrollment form. For example, Sign in or Log in to your personal account.

    • Submit button: The text that's displayed on the confirmation button. For example, Submit or Log in.

Create the custom profile enrollment form

  1. In the Admin Console, go to SecurityProfile Enrollment. Or, if you enabled the Multiple identifiers feature, go to SecurityUser Profile Policies.

  2. Under the Actions column for the policy you want to update, select the Edit icon.

  3. The Profile enrollment form section shows the profile attributes that the enrollment form collects from end users. When you create the policy, these fields are populated using the attributes that are marked as required in the Universal Directory default profile.

  4. Default fields show up first in the enrollment form. However, you can change the order of the attributes by clicking and dragging each attribute under the Order column. This changes the order shown on the enrollment form displayed to the end user.

  5. Use the Edit or Delete actions to modify or remove any attributes from the enrollment form. If these actions aren't present, those attributes can't be changed or removed from the profile enrollment form. See Understand attribute rules for the profile enrollment form.

  6. Click Add form input to pick more attributes from the Universal Directory. If you're using multiple identifiers and you need to collect that information from users, be sure that you include them in the profile enrollment form.

  7. Select the attribute from the dropdown menu. The User permission for the attribute must be set to Read-Write before the attribute can be added to the enrollment form.

  8. In the Add form input dialog, verify that the Data type and Attribute requirement information match the settings from the Universal Directory default profile. To modify these settings, click Go to Profile Editor:

    1. Select the User (default) profile.

    2. Locate the attribute, and then click the information icon to edit the attribute properties.

    3. In the User permission section, select Read - Write. End users require write access to update any attribute information in their profile.

    4. Click Save Attribute.

      If your Okta org provides access to the Okta End-User Dashboard, registered end users can modify the value of this attribute through their personal settings page.

  9. In the Customize form input section, you can modify the following fields for the attributes:

    • Form label: This is the text label for the attribute that is shown to the end user.

    • Input requirement: This indicates whether the user must this attribute for the form to proceed. See Understand attribute rules for the profile enrollment form. If the Okta user profile requires this attribute, you can't change this requirement to be Optional and the end user must provide a value.

    • Input display type: This determines what type of input form the enrollment form shows to the end user. For example, a text box, radio buttons, or a dropdown menu.

    • Input form validation: If the user must provide the input in a particular format, you can select an input validation method from the dropdown menu. Validation is available for phone numbers and calendar dates.

    • Click Save.

If an attribute is defined in any of your Okta user profiles with any of the following conditions, it can't be added to the enrollment form:

  • A user permission set to Read-only or Hide
  • Marked as sensitive
  • Sourced from an external application

You can't add an attribute more than once to the enrollment form.

Observe a limit of 10 attributes to the enrollment form to prevent overloading the interface displayed to the end user.

Remove attributes from the enrollment form

  1. Click Delete on that row of the form. If the delete action is unavailable, the attribute is either required by the default user profile, or there's an error condition that must be resolved.

  2. Click Delete form input to confirm the deletion or Cancel to keep the attribute.

You can't edit or delete the base attributes that are required in the default user profile: Primary email, Last name, or First name.

If you remove an attribute from the enrollment form, you can add it back later.

Related topics

Create a profile enrollment policy

Collect profile information and register users

Understand attribute rules for the profile enrollment form