Add a self-service sign-up user flow to an app

For applications you build, you can create user flows that allow a user to sign up for an app and create a new guest account. A self-service sign-up user flow defines the series of steps the user will follow during sign-up, the identity providers you'll allow them to use, and the user attributes you want to collect. You can associate one or more applications with a single user flow.

Note

You can associate user flows with apps built by your organization. User flows can't be used for Microsoft apps, like SharePoint or Teams.

Before you begin

Add identity providers (optional)

Azure AD is the default identity provider for self-service sign-up. This means that users are able to sign up by default with an Azure AD account. In your self-service sign-up user flows, you can also include social identity providers like Google and Facebook, Microsoft Account, and the email one-time passcode feature. For more information, see these articles:

• Add Google to your list of social identity providers
• Add Facebook to your list of social identity providers
• Add Microsoft account as an identity provider
• Email one-time passcode authentication

Define custom attributes (optional)

User attributes are values collected from the user during self-service sign-up. Azure AD comes with a built-in set of attributes, but you can create custom attributes for use in your user flow. You can also read and write these attributes by using the Microsoft Graph API. See Define custom attributes for user flows.

Enable self-service sign-up for your tenant

Before you can add a self-service sign-up user flow to your applications, you need to enable the feature for your tenant. After it's enabled, controls become available in the user flow that let you associate the user flow with an application.

Note

This setting can also be configured with the authenticationFlowsPolicy resource type in the Microsoft Graph API.

1. Sign in to the Azure portal as an Azure AD administrator.

2. Under Azure services, select Azure Active Directory.

3. Under Manage in the left menu, select Users.

4. Select User settings, and then under External users, select Manage external collaboration settings.

5. Set the Enable guest self-service sign up via user flows toggle to Yes.

   

6. Select Save.

Create the user flow for self-service sign-up

Next, you'll create the user flow for self-service sign-up and add it to an application.

1. Sign in to the Azure portal as an Azure AD administrator.

2. Under Azure services, select Azure Active Directory.

3. In the left menu, select External Identities.

4. Select User flows, and then select New user flow.

   

5. Select the user flow type (for example, Sign up and sign in), and then select the version (Recommended or Preview).

6. On the Create page, enter a Name for the user flow. The name is automatically prefixed with B2X_1_.

7. In the Identity providers list, select one or more identity providers that your external users can use to log into your application. Azure Active Directory Sign up is selected by default. (See Before you begin earlier in this article to learn how to add identity providers.)

8. Under User attributes, choose the attributes you want to collect from the user. For more attributes, select Show more. For example, select Show more, and then choose attributes and claims for Country/Region, Display Name, and Postal Code. Select OK.

   

   Note

   You can only collect attributes when a user signs up for the first time. After a user signs up, they will no longer be prompted to collect attribute information, even if you change the user flow.

9. Select Create.

10. The new user flow appears in the User flows list. If necessary, refresh the page.

Select the layout of the attribute collection form

You can choose order in which the attributes are displayed on the sign-up page.

1. In the Azure portal, select Azure Active Directory.
2. Select External Identities, select User flows.
3. Select the self-service sign-up user flow from the list.
4. Under Customize, select Page layouts.
5. The attributes you chose to collect are listed. To change the order of display, select an attribute, and then select Move up, Move down, Move to top, or Move to bottom.
6. Select Save.

Add applications to the self-service sign-up user flow

Now you'll associate applications with the user flow to enable sign-up for those applications. New users who access the associated applications will be presented with your new self-service sign-up experience.

1. Sign in to the Azure portal as an Azure AD administrator.

2. Under Azure services, select Azure Active Directory.

3. In the left menu, select External Identities.

4. Under Self-service sign up, select User flows.

5. Select the self-service sign-up user flow from the list.

6. In the left menu, under Use, select Applications.

7. Select Add application.

   

8. Select the application from the list. Or use the search box to find the application, and then select it.

9. Click Select.

Next steps

• Add Google to your list of social identity providers
• Add Facebook to your list of social identity providers
• Use API connectors to customize and extend your user flows via web APIs
• Add custom approval workflow to your user flow