The WSO2 Identity Server supports self-registration and allows a user to register their own accounts and receive email confirmation when the account is created.
The self sign up process creates the user and locks the user account until the user confirmation is received. The created user has an expiry period which, if exceeded, ensures the account cannot be unlocked. The expired accounts are not actually used by the creator and may have been forgotten long ago. The system administrator can later delete these accounts if needed, hence making this a better way to manage the resources.
The following instructions guide you through setting up this feature.
From 5.3.0 onwards there is a new implementation for identity management features. The steps given below in this document follows the new implemenation which is the recommended approach for self registration.
Alternatively, to see steps on how to enable this identity management feature using the old implementation, see Self Sign Up and Account Confirmation documentation in WSO2 IS 5.2.0. The old implementation has been retained within the WSO2 IS pack for backward compatitbility and can still be used if required.
Before you begin
Ensure that the "
IdentityMgtEventListener" with the
orderId=50 is set to false and that the Identity Listeners with
orderId=97 are set to true in the
Configure the following email settings in the <
The email address configured here is the email account that will be used to send the self sign up email notifications to users.
Tip: The email template used to send this email notification is the AccountConfirmation template.
You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails.
- Start the WSO2 IS server and login to the management console.
- Click Resident under Identity Providers on the Main tab and expand the Account Management Policies tab.
Expand the User Self Registration tab and configure the following properties as required.
Field Description Enable Self User Registration Select to enable self registration. Enable Account Lock On Creation Enabled Select to enable account locking during self registration. Enable Notification Internally Management Select if you want the notification handling to be managed by the WSO2 Identity Server. If the client application handles notification sending already, unselect it. This check only applies if Security Question Based Password Recovery is enabled. Enable reCaptcha Select to enable reCaptcha for the self sign up flow. See Configuring reCaptcha for Password Recovery Flow for more information. User self registration code expiry time
Set the number of minutes for which the verification code should be valid. The verification code that is provided to the user to initiate the self sign-up flow will be invalid after the time specified here has elapsed.
Alternatively, you can configure the expiry time in the
Enable Account Locking to support self-registration with email confirmation. To do this, expand the Login Policies tab, then the Account Locking tab and select Account Lock Enabled. For more information about account locking, see User Account Locking.
This configuration is required because the user account needs to be locked when the user first creates it using the self sign-up flow. Once the user activates the account through the email received, the account is unlocked.
For information on the REST APIs for self sign-up, see Self Sign Up Using REST APIs.
Try out self sign-up
- Create a user using the management console. Ensure that the user has login permissions.
- Edit the user profile and enter an email address for the user. The email notification for account confirmation is sent to the email address given here.
- Access the WSO2 Identity Server dashboard.
- Click the Register Now? link. Once the user has registered, an account confirmation email is sent to the user's email address.
To resend the confirmation email, access the WSO2 Identity Server dashboard and try to login with the registered user who has not yet been activated. You will see the following screen.
Click on the Re-send link to resend the email.
Tip: The email template used to resend the confirmation email notification is the ResendAccountConfirmation template.
You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails