Instructions for

On this page

Self-service registration

Identity Engine

Note: A request context for the browser client is required when a server-side web app uses an embedded SDK as a proxy between itself and Okta. This context contains values (geolocation, IP address, and user agent) that inform a secure response. However, these values are currently taken from the server rather than the client. As a result, network zones and behaviors that drive their conditions based on these request context values don’t currently work.

Enable a self-registration flow in your app using the embedded SDK.

Learning outcomes

  • Configure your Okta org for self-service registration.
  • Set up the password, email, and/or phone authentication factors.
  • Set up and send a verification email during new user registration.

What you need

Sample code


Self-service registration allows users to sign up to an app by themselves. In this use case, the user must register with a password, email, and/or phone factors. Enable self-service registration for the app in your Okta org and then build the self-service registration flow in your app.

Password, email, and phone factors

Configuration updates

Configure your Okta org to accept self-registration with the password, email, and/or phone factors.

  1. See .
  2. Create a profile enrollment policy
  3. Set the Email and Phone authenticators as optional enrollment factors

Create a profile enrollment policy

Create a policy for self-registration:

  1. Open the Admin Console for your org.
  2. Go to Security > Profile Enrollment, and click Add Profile Enrollment Policy.
  3. Enter a policy Name, and click Save.
  4. Click the pencil icon next to your new policy.
  5. Ensure that Self-service registration is set to Allowed.
  6. Click Manage apps.
  7. Click Add an App to This Policy.
  8. Click Apply next to your app, and then click Close.

Note: See managed profile enrollment policies (opens new window) for more profile enrollment policy options.

Set the email and phone authenticators as optional enrollment factors

  1. Go to Security > Authenticators to view the available authenticators.
  2. Select the Enrollment tab.
  3. Click Edit under Default Policy.
  4. Go to the Effective factors section of the Edit Policy dialog:
    1. Set Email to Optional.
    2. Set Phone to Optional.
  5. Click Update Policy.

Summary of steps

Integration steps

Send a confirmation email even if the email authenticator is disabled

Even when only the password factor is required for an Okta app, you can still send a confirmation email.

To replicate this scenario:

  1. Configure your org following the steps described in .
  2. Set your app's authentication policy to require only the password factor.
    1. In the Admin Console, go to Applications > Applications.
    2. Select your app, and then go to the Sign On tab.
    3. In the User authentication section, click Edit.
    4. Set Authentication Policy to Password only, and click Save.
  3. Set your app's Initiate login URI to its sign-in URI. By setting this value, the email verification link for new user enrollment redirects the user to the URL provided in the Initiate login URI field.
    1. Select the General tab.
    2. In the General Settings section, click Edit.
    3. Set Initiate login URI to your Sign-in Redirect URI, and click Save.
  4. Make email verification mandatory in your default profile enrollment policy.
    1. Go to Security > Profile Enrollment.
    2. Click the pencil icon next to the Default policy.
    3. Ensure that Required before access is granted is selected for Email Verification.

During new user registration, there are no factors required other than the password. However, email verification is set to Required in the profile enrollment configuration. In this case, the user is sent an email using the Registration - Activation email template. The user clicks the link in the activation email and is redirected to the sample app's home page.