Register a new user in Okta with idx.register

I have 2 UI’s on the same domain, Registration UI and MFAUI. Registration UI will create the user and authenticate the user after successful registration and then redirect to MFAUI since there is Okta idx cookie. MFA UI will proceed with email MFA based on Okta idx session.

I have configured profile enrollment as below

  • The signOn authentication policy for my OIDC app has only password as authenticator.

  • I had to update authenticator enrollment policy to include email and phone as optional or disabled.

  • Global session policy allocated to the pertaining group the user is created. For this example I have it as “Everyone”

I am able to create a user in Okta get status as Pending with enroll-authenticator with password as next step as below

Step 1
   let registerTransaction = await oktaAuth.idx.register({
      firstName: "testuser",
      lastName: "testlastname",
      email: ""
      authenticators: ["okta_password"]

and then proceed with

Step 2
 const proceedTransaction  = await oktaAuth.idx.proceed({
      password: "myPwd"


for the above step 2 I get status as Pending and nextStep as select-authenticator-enroll for email and phonenumber and that could be because authenticator enrollment policy as email and phone number as optional. But since I need registration only with password I have step 3

Step 3
   const skipTransaction  = await oktaAuth.idx.proceed(
      { skip: true }

for the above step 3 I get status as Success with tokens consisting of access, id and refresh in network tab.

How do I get the idx session cookie?
When I try step 4, I get the idx session cookie. I need to have a Okta session and tokens after registration with only password factor.

Step 4
   const authenticateResponse  = await oktaAuth.idx.authenticate({     
       username: '',
      password: 'myPwd'

can idx.register() provide Okta idx cookie ? Also, idx.register() registers the user in Okta but sends an email verification. It seems like idx.register() wants the user to enroll in email factor. Once I get the idx cookie from Registration UI I need to redirect it to another UI that grabs the okta idx cookie and performs email MFA.

If my registration UI creates the user with a backend service through Okta /users?activate=true api, user doesnt get any email verification and I am able to execute idx.authenticate() in Registration UI to get the Okta idx cookie and OIDC tokens after which I redirect it to MFA UI for email MFA.


if you are using idx.register and you need Okta idx session cookie, you will need to call idx.authenticatae(). In my case, I need only password factor.

   const authenticateResponse  = await oktaAuth.idx.authenticate({     
       username: '',
      password: 'myPwd'

Also, with idx.register() the user is created with credentials in active status but the user is not auto enrolled in email. Hence, if the authentication sign on policy needs email, the nextStep and availableStep will indicate to use enroll-authenticator (verification via email). In idx.register(), email needs to be explicitly enrolled for the before using it as an authentication factor through the sign on policy

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.