Signup flows
The signup flow is the first interaction a new user has with your company, in the journey of signing up to your service by creating an account.
Flow dependencies
When using Identity Cloud, the way the user can sign up to your application depends on the following factors:
The flow starting point.
The authentication settings applied by the administrator in the Management console.
For passwordless authentication, the user device's native passkey, pin and biometric authentication capabilities.
The self-service signup settings in the Management console.
Identity Cloud REST API-based signup flow setup, that does not involve the Identity Cloud login page.
Starting points
Identity Cloud supports the following signup starting points:
Authentication types
The authentication methods the administrator allows in the Management console define the options available to users.
Identity Cloud supports the following authentication methods:
- SFA - Single-factor authentication
- MFA - Multi-factor authentication
- Signup with email
- Second-factor signup with Authenticator app
- Second-factor signup with SMS
- Second-factor signup with Social accounts
- Second-factor signup with Recovery codes
- Passwordless authentication
Passwordless authentication
The administrator can enable Passkey and Access app-based authentication in the Management console.
When both options are enabled by the administrator, authentication with passkeys is offered as a priority and the access app is offered as a secondary option.
User device capabilities
Only the passwordless authentication methods which are allowed by the administrator and are supported by the user device are offered to the user for authentication.
Self-service signup
The Self-service signup settings in the Management console define the users' ability to initiate and complete account creation on their own from the Identity Cloud login page.
When self-service signup is enabled, users can initiate signup through the Identity Cloud login page using any signup options the administrator allowed in the Management console.
When self-service signup is disabled, users cannot sign up through the Identity Cloud login page on their own. They can sign up through:
- The invite sent from the Management console by the administrator.
- Via any other signup flow you have based on the Identity Cloud REST API, that does not involve the Identity Cloud login page.
When users attempt to create an account from the login page, they receive the below warning.
Signup with social identity providers
Multi-factor authentication with social providers
In the case of a multi-factor login flow where a social provider is used (Google, Microsoft, Apple, Facebook) there is no need to register and use a second factor such as SMS, authenticator app and recovery codes.
Verification is done by completing the social provider's verification steps.
Restrictions
Signup with social identity providers is not possible when self-service signup is disabled, or when a custom URL (to your signup solution) is used for the signup process.
Users are still able to log in with social identity providers that are enabled in the Management console, however account creation is not possible using social identity provider accounts.
When self-service signup of Identity Cloud is not enabled, and users initiate account creation with a social identity provider, they are informed that they do not yet have an account.
Based on the self-service signup URL settings in the Management console, the user is informed of how they can proceed:
If no self-service signup URL is configured, the user is directed to the support page.
If self-service signup URL is configured, the user is directed to the customer signup URL.