Note: In proxy model architectures, where a server-side application using the Embedded SDK is used as a proxy between client applications and Okta servers, a request context for the client applications is required. Security enforcement is expected to be based on the client request context's IP address and user agent. However, since these values are currently being derived from the server application rather than the client, this enforcement is not available. As a result, network zones or behaviors that drive their conditions based on these request context values (geolocation, IP Address, or user agent) will not work until we can find a solution to the issue.
Self-service registration allows users to sign up to an application themselves. In this use case, the user must register with a password, email, and/or phone factors. You must first enable the self-service registration option for your app in the Okta org and then build the self-service registration flow in your app.
Learning outcomes
Configure your Okta org for self-service registration.
Set up the password, email, and/or phone authentication factors.
Set up and send a verification email during new user registration.
What you need
An app that uses the embedded Okta Identity Engine SDK
Before you can build the self-registration flow in your app, you must configure the Okta org to accept self-registration with the password, email, and/or phone factors. See Set up your Okta org for a multifactor use case to set up the password, email, and phone factors in your Okta org.
In addition to setting up the authentication factors, you also need to configure the following in your Okta org:
The application's authentication policy is updated for only the password factor. In the Admin Console, the AND User must authenticate with field is set to Password.
The Email verification field in the profile enrollment's Default Policy is set to Required before access is granted. You can find the profile enrollment configuration by navigating to Security > Profile Enrollment.
The Initiate login URI field is set to the sign-in URI in the application settings. By setting this value, the email verification link for new user enrollment redirects the user to the URL provided in the Initiate login URI field.
Flow behavior
During new user registration, there are no factors required other than the password. However, email verification is set to Required in the profile enrollment configuration. In this case, the user is sent an email using
the following email template: Registration - Activation.
The user clicks the link in the activation email and is redirected to the sample app's home page.