Skip to content

User Registration with Email Verification

Registering users with email verification is an account management feature offered by WSO2 Identity Server.

In this approach, an administrator first creates a user account with a default password that will be emailed to the user's registered email Id for confirmation.


Pickup is a cab company that has many employees who use different credentials to sign in to different internal enterprise applications. While Sam is an administrator at Pickup, Alex is a new recruit.

Sam wants to register a user account with a default password for Alex and get it activated by requesting Alex to verify.

Scenario Diagram

Let's learn how it's done!

Set up

Follow the steps below to configure WSO2 Identity Server to enable password entry for account confirmation.

  1. Open the deployment.toml file in the <IS_HOME>/repository/conf directory.

    1. To request email verification from the users who are registered with a default password, add the following configurations.

      enable_email_verification = true 
    2. To configure the email server to send emails requesting a password entry, add the following configurations.

      • from_address: This is the email address from which the confirmation email will be sent.
      • username: This is the user name of the given email address.
      • password: This is the password of the given email address.
      from_address= ""
      username= ""
      password= ""
      hostname= ""
      port= 587
      enable_start_tls= true
      enable_authentication= true
      from_address= "[email protected]"
      username= "wso2iamtest"
      password= "Wso2@iam70"
      hostname= ""
      port= 587
      enable_start_tls= true
      enable_authentication= true

      If you are using a Google email account

      Google has restricted third-party applications and less secure applications from sending emails by default. As WSO2 Identity Server acts as a third-party application when sending emails for password entry, follow the steps below to enable your Google email account to provide access to third-party applications.

      1. Access

      2. Under Signing in to Google section, turn off the 2-step Verification option.

  2. Restart WSO2 Identity Server.

  3. Sign in to the WSO2 Identity Server Management Console at https://<SERVER_HOST>:9443/carbon as an administrator.

  4. On the Main menu of the Management Console, click Identity > Identity Providers > Resident.

    Resident menu-item

  5. Under the Account Management Policies section, click User Onboarding.

    User Onboarding Option

  6. Select the Enable User Email Verification check box.

    Ask password code expiry time text box

  7. You may enter the confirmation email validity period (in minutes) in the Email verification code expiry time text box.

  8. Click Update.

You have now configured WSO2 Identity Server to send the user account confirmation email to the registered user. Let's try it out!

Try out

  1. To create the user account for Alex, execute the following cURL.


    Make sure to enter a valid user email.

    curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"Alex","givenName":"Roe"},"userName":"Alex","password":"password","emails":[{"primary":true,"value":"<USER_EMAIL>"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{verifyEmail:"true"}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

    Using special characters in the username

    Note that the special characters @, /, \, !, (, ), *, ~, <, >, and whitespaces are not allowed in usernames as they have been reserved for other purposes. See Usernames in WSO2 Identity Server for more information on this.

  2. An email requesting to confirm the user creation is sent to the given email address.

    Account Creation verification email

  3. To verify account creation, click Confirm Account.