Custom welcome page (/user/welcome)

Hello Okta team,

Our goal is to rebuild Okta’s /user/welcome page that is accessed after a user clicks the link from the user activation email. I have read this topic multiple times but I still can’t understand how to securely append password and security question+answer to the existing user. Ie. let the user finalize his registration.

That’s what we have so far:

  1. Email template has been updated to point to a custom activation page - ie.${activationToken}
  2. From this page, using okta-auth-js lib we’re validating the token using signInWithCredentials({ token })
  3. The previous call returns a new PASSWORD_RESET transaction that is used to setup the user’s password. After setting this up and by using the returned sessionToken we can obtain an access token and log the user in.

The issue is that the user haven’t setup his security question/answer and he is not able, if needed to, initiate the password reset flow - “At this time your password can only be reset by an administrator.”

My question is: How can we enable our users to setup both their password and security question (and activate them I guess) just like you do on the Okta hosted welcome page?

I can see a POST call to /user/welcome/login/internal but it is unclear to me how this endpoint works and what it does in order to finalize the registration.

Thank you in advance!
Nikola @ SIMON Markets LLC

This end-user activation page is un-customizable and only exists as an Okta hosted page.

Thank you for you reply.
I understand that it cannot be customized and that is why we are looking for details on how it is implemented so that we can rebuild it on our side.

Alright here is the final solution confirmed by an Okta Developer Support Engineer.
Unfortunately it involves creating a custom endpoint (with an API token to talk to Okta) that will change user’s recovery question:

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.