The WSO2 Identity Server (WSO2 IS) supports self-registration and allows users to register themselves and receive email confirmations when the account is created.
The self-sign-up process creates the user account and locks the user account until the user confirms the account by clicking on the account confirmation mail that is sent by WSO2 IS.
If the user does not confirm the account before the expiry period, the user account is locked because it is assumed that the expired accounts are not used by the creator. Later on the system administrator can delete these accounts if needed making it a better way to manage resources.
The following instructions guide you through setting up this feature.
From WSO2 IS 5.3.0 onwards there is a new implementation for identity management features. The steps given below in this document follows the new implementation, which is the recommended approach for self registration.
Alternatively, to see the steps on how to enable this identity management feature using the old implementation, see Self Sign Up and Account Confirmation documentation in WSO2 IS 5.2.0. The old implementation has been retained within the WSO2 IS pack for backward compatibility and can still be used if required.
Before you begin
Ensure that the "
IdentityMgtEventListener" with the
orderId=50 is set to false and that the Identity Listeners with
orderId=97 are set to true in the
Configuring self sign up
Follow the steps given below to register users for the super tenant, which is
Configure the following email settings in the <
Provide the email address of the SMTP account.
Provide the username of the SMTP account.
Provide the password of the SMTP account.
Tip: The email template used to send this email notification is the AccountConfirmation template.
You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails.
- Start the WSO2 IS and log in to the management console:
If you started WSO2 IS previously, make sure to stop it and start it again for the email settings to get updated in the pack.
- Navigate to Main tab > Identity Providers > Resident and expand Account Management Policies tab
Expand the User Self Registration tab and configure the following properties as required.
Field Description Enable Self User Registration Select to enable self registration. Enable Account Lock On Creation Enabled Select to enable account locking during self registration. Enable Notification Internally Management Select if you want the notification handling to be managed by the WSO2 Identity Server. If the client application handles notification sending already, unselect it. This check only applies if Security Question Based Password Recovery is enabled. Enable reCaptcha Select to enable reCaptcha for the self sign up flow. See Configuring reCaptcha for Password Recovery Flow for more information. User self registration code expiry time
Set the number of minutes for which the verification code should be valid. The verification code that is provided to the user to initiate the self sign-up flow will be invalid after the time specified here has elapsed.
Alternatively, you can configure the expiry time in the
Expand the Login Policies tab, then the Account Locking tab and select Account Lock Enabled.
This allows the account to be locked until the user confirms the account. Once the user activates the account through the email received, the account is unlocked. For more information about account locking, see Account Locking.
Now, you can move on to try out self sign up.
For information on the REST APIs for self sign-up, see Using the Self Sign-Up REST APIs.
Try out self sign up
- Access the WSO2 Identity Server dashboard.
Click the Register Now? link and then enter the new user's username.
Register Users for a Tenant
If you want to self sign up a user for a specific tenant, you need to provide the Username in the following format:For example, if you have a tenant domain as
foo.com, the username needs to be
Fill in the user details, provide consent to share the requested information and then click Register.
For more information about consent management for self sign up, see Consent Management for Self Sign Up.
Once the user has registered, first you receive an account lock email because the account is locked until you confirm the account and then you receive an account confirmation email.
Click Confirm Registration in the email or copy the link in the email to your browser to confirm the account.
Once you confirm the account, the account is unlocked and an email is sent.
By default, the claim values of the identity claims used in this feature are stored in the JDBC datasource configured in the
identity.xml file. See Configuring Claims for more information on how to store the claim values in the user store.