Collect profile information and register users

Okta can assist you in collecting profile data from end users before they can access any app integrations that use a specific policy. To configure what data Okta collects:

Before you begin

You must have a super admin role to modify profile enrollment policies.


  1. In the Admin Console, go to SecurityProfile Enrollment.
  2. Under the Actions column for the policy you want to update, select the Edit icon.

  3. In the Profile Enrollment section, click Edit to modify the options:

    • Self-service registration: You can choose one of two options:

      • Allowed: Select this option if you want your end users to be able to self-register their Okta account through the Sign up option on the Sign-In Widget.

      • Denied: Select this option if you want to create a progressive enrollment policy or if you want end users to create their Okta account through another method.

        • In progressive enrollment scenarios, Okta denies Self-Service Registration but prompts users for missing profile attributes the next time they sign in. See New sign-in experience.

        • With the Denied option selected, the Sign-In Widget hides the Sign up link.

      • If you want to allow users to self-register for an app integration but not to your entire org, select Denied in your Default Policy. Create a profile enrollment policy specific to that app with Self-service registration set to Allowed.

    • Password: If selected, the Sign-In Widget shows the password entry field on the first page during enrollment. Password must be a mandatory authenticator.

      This is an Early Access feature. To learn how to enable it, see Manage Early Access and Beta features.

    • Email verification: If you select this checkbox, the end user must verify their account through an automated email sent to the address they provided. Until they complete this step, they can't access the app integrations that use this policy.

      If you don't select this checkbox, end users don't need to verify their email before they can sign in.

      Orgs using password-optional authentication require email verification.

    • Add the user to group: Okta automatically adds end users to all the groups listed here. If needed, click Go to Groups to open the Groups page and manage the groups in your org.

    • Inline hook: To use an inline hook as part of your registration process, first you must add the hook to your Okta flow. See Inline hooks. After you create the hook, select it from the Use the following inline hook dropdown.

      If you enable the Self-Service Registration with password feature, Okta validates the user's profile and password before the inline hook is triggered.

      After selecting an inline hook, you can Run this hook:

      • When a new user is created: This trigger occurs during a Self-Service Registration request.

      • When attributes are collected for an existing user: This trigger occurs during a progressive enrollment sign-in request.

      • Both: This trigger occurs during a Self-Service Registration request and also during a progressive enrollment sign-in request.

    • Customize label: You can customize the profile enrollment form shown to end users:

      • Form header: The text at the top of the form. For example, Sign in or Log in to your account.

      • Submit button: The text displayed on the confirmation button. For example Submit or Log in.

  4. Click Save.

Related topics

Select a profile enrollment policy