Sign up for new account with email only

Identity Engine

Enable users to register a user account with email only in an app based on an embedded SDK.

Learning outcomes

• Configure your Okta org to enable a user sign-up flow without a password.
• Integrate a password-optional sign-up flow into an app based on an embedded SDK.

What you need

• Download and set up the SDK
  

Sample code

• The embedded Javascript SDK sample application (opens new window)

---

Update configurations

Before you can start integrating password-optional sign-up flows in your app,

Set up your Okta org for a password-optional use case

. See also

Recommended best practices

.

Integrate

Summary of steps

The following summarizes the steps involved in the password-optional sign-up flow.

1: Your app displays sign-up link on sign-in page

Add a Sign up link on your app's sign-in page. When the user clicks this link, redirect them to a sign-up page where they can sign up for a new account.

2: Your app displays sign-up page

Create a sign-up page that captures the user's first name, last name, and email.

3: The user submits their new account details

When the user submits their account details, create an object with firstName, lastName, and email properties and assign them the values entered by the user.

Note: The email property represents the account's username and primary email address.

{
  firstName: "John",
  lastName: "Doe",
  email: "johndoe@email.com",
}

Send this new object to OktaAuth.idx.register().

  const authClient = getAuthClient(req);
  const transaction = await authClient.idx.register(req.body);
  handleTransaction({ req, res, next, authClient, transaction });

4. The user verifies their identity using the email authenticator

OktaAuth.idx.register() returns an IdxTransaction object indicating that the user needs to verify their identity with the email authenticator challenge.

{
  status: "PENDING",
  nextStep: {
    name: "enroll-authenticator",
    type: "email",
    authenticator: {
      type: "email",
      key: "okta_email",
      displayName: "Email",
    },
  },
}

The email authenticator supports user verification by one-time passcode (OTP) and by magic links. To learn more, see the Okta email integration guide.

5. Your app displays the remaining optional authenticators

After the user verifies their identity using the email authenticator, OktaAuth.idx.proceed() returns an IdxTransaction object indicating that the user has the option to enroll in additional authenticators. The IdxTransaction.nextStep.canSkip property is true if the remaining authenticators are optional.

{
  status: "PENDING",
  nextStep: {
    name: "select-authenticator-enroll",
    options: [
      {
        label: "Okta Verify",
        value: "okta_verify",
      },
      {
        label: "Password",
        value: "okta_password",
      },
    ],
    canSkip: true,
  },
}

Create and display a page that lists the remaining optional authenticators and allows the user to skip registering any additional authenticators.

Note: In other use cases where there are additional required authenticators, IdxTransaction.nextStep.canSkip equals false and the Skip button should be omitted.

6. The user skips the remaining optional authenticators

When the user clicks the Skip button, call OktaAuth.idx.proceed() and pass in an object with a skip property equal to true.

  const authClient = getAuthClient(req);
  const transaction = await authClient.idx.proceed({ skip: true });
  handleTransaction({ req, res, next, authClient, transaction });

OktaAuth.idx.proceed() should return an IdxTransaction.status of SUCCESS along with access and ID tokens, which indicates a successful new user sign-up flow.

{
  status: "SUCCESS",
  tokens: {
    accessToken: {
      accessToken: "eyJraWQiOiJLSWdvVHlt...",
      expiresAt: 1656106249,
      tokenType: "Bearer",
    },
    idToken: {
      idToken: "eyJraWQiOiJLSWdvVHltSGlL...",
      expiresAt: 1656106249,
    },
  },
}

Store these tokens for future requests and redirect the user to the default page after a successful sign-up attempt.