Configure self-registration

# Configure self-registration

Users can self-register to an organization in Asgardeo via an application’s login page. This creates a new user account in the organization.

# Enable/Disable self-registration

To disable this capability in your organization or to change the default configurations, see the following instructions:

On the Asgardeo Console, go to Login & Registration.
Under User Onboarding, click on Self Registration.

Configure the below settings.

To disable self-registration, turn off the toggle.

To configure self-registration, update the following settings and click Update.

Account verification	Enables email verification at self-registration. That is, an email will be sent to the user's specified email address requesting account confirmation. Note that if you also have the Activate account immediately configuration enabled, users will be signed in to the application without waiting for the email confirmation. However, you have the option of using the account verification status to control the user experience and access level that should be granted to the user. Learn more.
Account verification link expiry time	Specifies account verification link expiry time in minutes. If you enter 60 min, the account verification email expires after 60 min.
Activate account immediately	Activates the account without waiting for account verification. However, you have the option of using the account verification status to control the user experience and access level that should be granted to the user. Learn more.
Enable auto login	Once a user self-registers, if MFA is not configured, the user is redirected straight into the application without having to log in. if MFA is configured, the authentication flow will bypass the first level and proceed to the next. Note that it is mandatory to enable Activate account immediately if you need to enable auto login while Account Verification is enabled.

# Configure self-registration methods

A user is able to self-register to your organization using the same ways that you have configured as sign-in methods for your applications.

Refer to the documentation on how to configure sign-in options for your application.

Currently, Asgardeo does not support Magic Links for self-registration.

During user self-registration, the available methods are displayed to the user as shown below.

For information on how a user can self-register, refer to Try self-registration.

# Customize the self-registration form

If a user decides to self-register using email, the default form that is presented to the user is as follows.

Follow the instructions below to customize the attributes that the form requests during self-registration.

On the Asgardeo Console, click Attributes and under the Manage Attributes section, click Attributes again.
Click Edit on the attribute that you want to customize.
Select Display this attribute on the user's profile. The attribute will now appear on the self-registration form presented to the user.
Select Make this attribute required on the user's profile if you want to make the attribute mandatory for self-registration.

Learn more about user attributes.

# Get the verification status of user accounts

The verification status of a user account indicates whether or not the user has confirmed the account through email verification. When you develop your application, you can implement some logic based on this parameter setting.

This capability is beneficial when you have self-registered users. For example, you may want self-registered users with unverified accounts only to get read access to your application, whereas they should get full access once account verification is completed.

To implement this scenario, you must enforce account verification for self-registered users and also allow the same users to access your applications before account verification is completed.

That is, both Account verification and Activate account immediately configurations should be enabled for self-registration in your organization.

You can get the account verification status of users through the SCIM2 API in Asgardeo. Invoke the following SCIM2 endpoints:

To get your own information, invoke the /scim2/Me endpoint:
```
https://api.asgardeo.io/t/<organization_name>/scim2/Me
```
1
To get information about other users in your organization, invoke the /scim2/Users/<user_id> endpoint:
```
https://api.asgardeo.io/t/<organization_name>/scim2/Users/<user_id>
```
1

Note the following details in the response payload:

If the role.display parameter is set to selfsignup, the user has self-registered.
Under the urn:scim:wso2:schema schema, if the emailVerified parameter is available, the user has already verified the account through email. This parameter will have the following values:
- true - User has successfully verified the account.
- false - User's account verification attempt has failed.
Under the urn:scim:wso2:schema schema, the accountConfirmedTime parameter will only be available when email verification is successful for self-registered users.

"roles": [
    {
        "display": "selfsignup",
        "value": "a85d4baf-2e7a-37b1-a722-d4d427039736",
        "$ref": "https://api.asgardeo.io/t/<organization_name>/scim2/Roles/16ba9acb-fa30-42ef-8e25-29b557862124"
    },
    ......
    ],
"urn:scim:wso2:schema": {
    "emailVerified": "true",
    "accountConfirmedTime": "2023-02-16T03:07:34.392293Z"
    .....
}

1
2
3
4
5
6
7
8
9
10
11
12
13

Once you have identified the emailVerified status of the user and the method by which the user is onboarded (self-registration or onboarded by an administrator), you can enforce any access restrictions for that user through your application logic.