Email links for user verification in self-registration flows

To validate a user's email address during a self-registration an email with a link may be sent to the user.

This article describes the usage of the Send Email Link Step as an alternative to using the Email Verification Step (sends an OTP via email) in the self-registration process.

The Send Email Link Step sends an email message containing a link to the user during the self-registration process. The user may click on the link to continue the registration process.

Technically, the self-registration process ends with the Send Email Link Step. Clicking on the link starts a new public self-service flow in which the rest of the registration process must be placed. This concept is called flow continuation.

• Further information on flow continuation and other examples can be found here:
• Using the Flow Continuation Step in public self-service flows
• Email link password reset flow example (using flow continuation)

Note that the Send Email Link Step requires the user account to exist. It must therefore be placed after the User Persisting Step in the self-registration flow.

The Send Email Link Step cannot be used in conjunction with the Stealth Mode.

The stealth mode in user self-registration flows is based on the fact that the channel verification step is interactive and that the user cannot get past it if stealth mode is in action. Since the Send Email Link Step is non-interactive, it does not support the stealth mode.

The following example shows how the Send Email Link Step is used in a self-registration flow and how the flow is continued in a public self-service flow.

0. User starts in self-registration flow:
1. User Data Registration Step – enter an email address, name, birth date, and other context data attributes.
2. Username Generation Step – generate a unique username.
3. User Persisting Step – store the user account.
4. Send Email Link Step – send a link via email to verify the email address.

0. After clicking the link, the process continues in the public self-service flow:
1. Flow Continuation Step – verifies the token in the link and identifies the user for the flow.
2. Password Reset Step – let the user choose the password.
3. Acknowledge Message Step – confirm to the user that the account has been set up.

• The example flows could be refined as follows:
• Make sure the user account is locked after the self-registration flow (see self-registration flow configuration).
• Allow locked users to use the Flow Continuation Step – check flows restrictions provider (e.g. Default Password Reset Restrictions).
• Add an Unlock User Step (Public Self-Service) to the flow.

With this, the registered account stays locked until the user has clicked the email link and thereby proven to have access to the registered email account.