Instructions for

Sign up for new account with email only

Identity Engine

Enable users to register a user account with email only in an app based on an embedded SDK.

Learning outcomes

Configure your Okta org to enable a user sign-up flow without a password.
Integrate a password-optional sign-up flow into an app based on an embedded SDK.

What you need

Sample code

Update configurations

Before you can start integrating password-optional sign-up flows in your app,

. See also

Integrate

Summary of steps

The following summarizes the steps involved in the password-optional sign-up flow.

Add a link to your app's sign-in page. When the user clicks this link, redirect them to a sign-up page where they can sign up for a new account.

A sign-in form with a field for the username, a next button, and links to the sign-up and forgot your password forms

Create a sign-up page that captures the user's first name, last name, and email address.

A sign-up form with fields for first name, last name, and email address, and a create account button

3: The user submits their new account details

When the user submits their account details, create a UserProfile object and assign its firstName, lastName, and email properties to the values entered by the user. Pass this object as a parameter to IdxClient.RegisterAsync().

Note: The email property represents the account's username and primary email address.

var userProfile = new UserProfile();
userProfile.SetProperty("firstName", model.FirstName);
userProfile.SetProperty("lastName", model.LastName);
userProfile.SetProperty("email", model.Email);
var registerResponse = await _idxClient.RegisterAsync(userProfile);

4. The user verifies their identity using the email authenticator

RegisterAsync() returns an AuthenticationResponse object. Query its AuthenticationStatus property to discover the current status of the authentication process. A status of AwaitingAuthenticatorEnrollment indicates that the user needs to verify their identity with the email authenticator challenge.

if (registerResponse.AuthenticationStatus ==
      AuthenticationStatus.AwaitingAuthenticatorEnrollment)
{
   Session["idxContext"] = registerResponse.IdxContext;
   Session["authenticators"] = ViewModelHelper
      .ConvertToAuthenticatorViewModelList(registerResponse.Authenticators);
   return RedirectToAction("SelectAuthenticator", "Manage");
}

ModelState.AddModelError(string.Empty, $"Oops! Something went wrong.");
return View("Register", model);

The email authenticator supports user verification by one-time passcode (OTP) and by magic links. To learn more, see the Okta email integration guide.

5. Your app displays the remaining optional authenticators

After the user verifies their identity using the email authenticator, the status of the authentication process is AwaitingAuthenticatorEnrollment.

Create and display a page that lists the remaining authenticators. Check the CanSkip property of the AuthenticationResponse object. If true — and all the listed authenticators are optional — add a Skip button to the form to skip their enrollment. If CanSkip is false, you should omit the Skip button.

A choose your authenticator form with google and Okta verify options and next, skip, and cancel buttons

6. The user skips the remaining optional authenticators

When the user clicks the Skip button, call IdxClient.SkipAuthenticationSelectionAsync() passing in the IdxContext object that represents the current state of the registration flow.

After the user skips the remaining optional authenticators, the current status of the authentication process is now Success. Call AuthenticationHelper.GetIdentityFromTokenResponseAsync() to retrieve the user's OIDC claims information and pass it into your application. The user has now signed in.

var skipSelectionResponse = await _idxClient
   .SkipAuthenticatorSelectionAsync((IIdxContext)Session["IdxContext"]);

switch (skipSelectionResponse.AuthenticationStatus)
{
   case AuthenticationStatus.Success:
      ClaimsIdentity identity = await AuthenticationHelper
         .GetIdentityFromTokenResponseAsync(
            _idxClient.Configuration, skipSelectionResponse.TokenInfo);
      _authenticationManager.SignIn(new AuthenticationProperties(), identity);
      return RedirectToAction("Index", "Home");
}

return RedirectToAction("Index", "Home");

Store these tokens for future requests and redirect the user to the default page after a successful sign-up attempt.

Edit This Page On GitHub