Skip to content

User Registration with Password Entry

Registering users with password entry is an account management feature offered by WSO2 Identity Server.

In this approach, an administrator first creates a user account in the system upon which a confirmation link will be emailed to the user’s registered email Id. Once the user clicks on the confirmation link, the user will be taken into a screen prompting to enter the password. Once the user enters the correct password, the user account gets activated.


Pickup is a cab company that has many employees who use different credentials to sign in to different internal enterprise applications. While Robert is an administrator at Pickup, Jane is a new recruit.

Robert wants to register a user account for Jane and get it activated by requesting Jane to enter a password.

Scenario Diagram

Let's learn how it's done!

Set up

Follow the steps below to configure WSO2 Identity Server to enable password entry for account confirmation.

  1. Open the deployment.toml file in the <IS_HOME>/repository/conf directory.

    1. To request password entry from the users who are registered via Management Console, add the following configurations.

      ask_password_from_user= true
    2. To configure the email server to send emails requesting password entry, add the following configurations.

      • from_address: This is the email address from which the confirmation email will be sent.
      • username: This is the user name of the given email address.
      • password: This is the password of the given email address.
      from_address= ""
      username= ""
      password= ""
      hostname= ""
      port= 587
      enable_start_tls= true
      enable_authentication= true
      from_address= "[email protected]"
      username= "wso2iamtest"
      password= "Wso2@iam70"
      hostname= ""
      port= 587
      enable_start_tls= true
      enable_authentication= true

      If you are using a Google email account

      Google has restricted third-party applications and less secure applications from sending emails by default. As WSO2 Identity Server acts as a third-party application when sending emails for password entry, follow the steps below to enable your Google email account to provide access to third-party applications.

      1. Access

      2. Under Signing in to Google section, turn off the 2-step Verification option.

      3. Enable Less secure app access in the Google Account security section.

  2. Restart WSO2 Identity Server.

  3. Sign in to the WSO2 Identity Server Management Console at https://<SERVER_HOST>:9443/carbon as an administrator.

  4. On the Main menu of the Management Console, click Identity > Identity Providers > Resident.

    Resident menu-item

  5. Under the Account Management Policies section, click User Onboarding > Ask Password.

    User Onboarding Option

  6. Select the Enable User Email Verification check box.

    Ask password code expiry time text box

  7. You may enter the password entry validity period (in minutes) in the Ask password code expiry time text box.

    Ask password code expiry time text box

  8. Click Update.

    You have now configured WSO2 Identity Server to send the user account confirmation email to the registered user. Let's try it out!

Try out

  1. To create the user account for Jane:

    1. On the Main menu of the Management Console, click Identity > Users and Roles > Add.

      Add Users and Roles menu-item

    2. Click Add New User.

      Add New User option

    3. Enter the required data as follows.

      Add New User screen

      • Domain: Primary
      • Username: Jane
      • Define password here: Unselected
      • Ask Password from user: Selected
      • Email Address: Enter the email address to which you wish to receive the account confirmation email.

        Using special characters

        • In the username
        Note that the special characters `@`, `/`, `\`, `!`, `(`, `)`, `*`, `~`, `<`, `>`, and
          whitespaces are not allowed in usernames as they have been reserved for other purposes. See
           [Usernames in WSO2 Identity Server](../references/ for more
            information on this.
        • In the email address
        If you are using special characters such as `$` in your email address, see [Configuring Emails with Special Characters](../../learn/adding-email-special-characters).
    4. Click Finish.

    5. A confirmation email requesting to enter the password is sent to the given email address.

      Ask Password email

    6. Click Create Password. The Reset Password screen appears.

      Reset Password screen

    7. Enter a preferred password and click Submit.