Email links for user verification in self-registration flows

To validate a user's email address during a self-registration an email with a link may be sent to the user.

 
Info

This article describes the usage of the Send Email Link Step as an alternative to using the Email Verification Step (sends an OTP via email) in the self-registration process.

Send Email Link Step and flow continuation

The Send Email Link Step sends an email message containing a link to the user during the self-registration process. The user may click on the link to continue the registration process.

Technically, the self-registration process ends with the Send Email Link Step. Clicking on the link starts a new public self-service flow in which the rest of the registration process must be placed. This concept is called flow continuation.

 
Info

Further information on flow continuation and other examples can be found here:

 
Notice

Note that the Send Email Link Step requires the user account to exist. It must therefore be placed after the User Persisting Step in the self-registration flow.

 
Functional limitation

The Send Email Link Step cannot be used in conjunction with the Stealth Mode.

The stealth mode in user self-registration flows is based on the fact that the channel verification step is interactive and that the user cannot get past it if stealth mode is in action. Since the Send Email Link Step is non-interactive, it does not support the stealth mode.

Examples

The following example shows how the Send Email Link Step is used in a self-registration flow and how the flow is continued in a public self-service flow.

User starts in self-registration flow:

  1. User Data Registration Step – enter an email address, name, birth date, and other context data attributes.
  2. Username Generation Step – generate a unique username.
  3. User Persisting Step – store the user account.
  4. Send Email Link Step – send a link via email to verify the email address.

After clicking the link, the process continues in the public self-service flow:

  1. Flow Continuation Step – verifies the token in the link and identifies the user for the flow.
  2. Password Reset Step – let the user choose the password.
  3. Acknowledge Message Step – confirm to the user that the account has been set up.
 
Notice

The example flows could be refined as follows:

  • Make sure the user account is locked after the self-registration flow (see self-registration flow configuration).
  • Allow locked users to use the Flow Continuation Step – check flows restrictions provider (e.g. Default Password Reset Restrictions).
  • Add an Unlock User Step (Public Self-Service) to the flow.

With this, the registered account stays locked until the user has clicked the email link and thereby proven to have access to the registered email account.