I am using the Okta API to create new users. This process generates an ‘Active Okta Account’ email message that I do not want delivered to the user (I handle the registration in my application).
In the developer console under Users | Registration there is a Post-Registration optioned called ‘Activation requirements’ and a checkbox for ‘User must verify email address to be activated’. I have disabled this but the email still gets generated.
That option has the following description:
“If this option is selected, Okta sends the “Registration - Activation” email. Otherwise, Okta sends the “Registration - Verification” email. The content of these emails is determined by email templates.”
Which implies that this behavior (that no matter what an email is sent) irrespective of what choice is supplied.
Is it possible to prevent any registration-related email being sent to the user?
Thank you in advance!
Paul
Hi @paul.varcholik,
Which Okta API are you using to create users?
Activation email is sent out because users can’t be activated without a password.
You can use any of the below options to create users without sending activation email:
Option 1: Create activated user with a password
https://developer.okta.com/docs/reference/api/users/#create-user-with-password-recovery-question
Option 2:
Create user using:
https://developer.okta.com/docs/reference/api/users/#create-user-with-password-recovery-question
Activate user with sendEmail=false
https://developer.okta.com/docs/reference/api/users/#activate-user
This returns an activation token.
Thank you,
Raj
Thank you for the reply Raj.
I am using the .NET wrapper to the Okta Api and calls to OktaClient.Users.CreateUserAsync. This method has a number of overloads that all wrap a POST to: the /api/v1/users endpoint.
I ultimately have two options I am calling:
Create User with Password
Create User with Authentication Provider
And it’s the latter (creating a user with an authentication provider) that generates an verification email to the user. The query string is /api/v1/users?activate=true&provider=true and the credentials object has a provider and no password.
Looking toward to top of the documentation of /api/users I see the following sentence:
The user is emailed a one-time activation token if activated without a password.
And I think the bottom-line is that I cannot prevent the delivery of this message when creating a user with a trusted Identity Provider. The documentation even describes this option as follows:
Create User with Authentication Provider
Creates a new passwordless user with a SOCIAL or FEDERATION authentication provider that must be authenticated via a trusted Identity Provider
The key phrase there being “passwordless user” – yes, that’s exactly what I wish to create. And yet this notion is at odds with “The user is emailed a one-time activation token if activated without a password.” I don’t understand the reasoning here of sending a one-time activation token to users that will authenticate through a trusted identity provider.
Thoughts?
Thanks again!
Paul
1 Like