Customer experience

Get a preview of how customers will interact with your applications and understand how self-service capabilities empower them to manage personal information, account security, and privacy.


Registration flow

Self-Service Registration provides the ability for customers to create their accounts to access your application(s).

The Default self-service policy comes with the registration capability enabled. Self-registered accounts are created in the application's Default identity store if the store is not changed.

Account activation

You can make self-registering customers go through account activation before letting them log in for the first time.

When account activation is enabled, customers receive a magic link to the email address they've provided as an identifier where they can confirm their registration.


It's all set: a functioning application is always ready to send out account activation emails the moment you enable this self-service option. For further information see Setup and Manage Customer Notifications.


Account activation is not available for identity stores that only support the 'Username' identifier.

Attribute based account recovery

You can offer customers several recovery options to re-gain access to their accounts before they turn to your help desk or customers service.

Confirmed attributes

By default, customers can only receive reminders to their confirmed* email address or phone number. A contact information is confirmed once it's enrolled as an MFA authenticator.

  • Confirmed email address: the email identifier (valid from registration) or the primary email address enrolled as an MFA authenticator. The primary email address is confirmed during enrollment by a one-time passcode.
  • Confirmed phone number: the primary phone number enrolled as an MFA authenticator. The primary phone number is confirmed during enrollment by a one-time passcode.


*Non-confirmed attributes

Customers can also be allowed to use non-confirmed contact information for recovery purposes. Adaptive access settings allow you to remove the dependency for confirmed email addresses and phone numbers and allow users to receive reminders to their unenrolled contact information too.

Username reminder


This recovery option is only useful if the identity store supports username identifiers.

Customers can ask for a username reminder in case they've forgotten it. They can have have the reminders sent to either their email address or phone number.

The contact information where the username reminder is sent could be

  • a confirmed* email address they have in their personal information
  • an email identifier
  • a confirmed* phone number they have in their personal information

The username reminder flow first asks for the email address, but users can switch to providing a phone number on the way.

Username reminder flows

Username reminder flows

If the provided information matches their contacts stored in their accounts, the username reminder is sent via email or text message respectively.


Add your branding to username reminders: go to Customizing Email Templates for customization options.

Password reset

You can let your customers reset their password during the login workflow in case they can't remember it.

Customers can request a new password in more than just one way:

If they have a confirmed* email address, customers are sent a secure one-time link. The link directs them to a dialog where they can add and confirm their new password.

Password reset flow

If customers have a confirmed* email address and a confirmed phone number, they are sent a reset link by default, but can re-request password reset via phone:

Password reset via phone flow

If customers only have a confirmed* phone number, a one-time passcode is provided for password reset:

One-time passcode procided for password reset

You can also determine the lifetime of the password reset passcode or Magic Link you provide to your customers.


If a customer's password reset link expires, they can request a new one every 20 seconds.


Add your branding to password reset emails: go to Customizing Email Templates for customization options.

MFA re-request

The self-service portal provides MFA re-request during login for customers who have extra authentication factors set up in their accounts.


Find out more about how customers can set up adaptive MFA in the self-service portals or how your customer service representatives can assist them with managing MFA methods from the Admin Console.

If for any reason, customers didn't receive their one-time passcode (OTP) or Magic Link, they can re-request them via email, SMS, or voice call.

Re-request email OTP

Re-request email OTP

Re-request email Magic Link

Re-request email magic link

Re-request SMS or voice OTP

Re-request SMS or voice OTP

Re-request SMS Magic Link

Re-request SMS magic link

Self-service account management

In their self-service accounts, customers can keep in check their personal information, privacy settings, and enhance their account's security.


Create a friendly self-service URL for your customers that you can easily share to a customer over a phone call when setting up an application.

Application launcher configuration page

Your applications (Application launcher)

You can help customers get more organized with the myriad of applications they have access to. By enabling the application launcher capability in your applications, you can display quick access tiles for customers in their self-service accounts.


If group restriction applies, customers will only have quick access to the applications where they are a member of the group(s) assigned to the application.

With quick access, customers can launch applications directly from their accounts. They can even skip a few authentication steps when accessing applications this way.

The application launcher will appear under a new menu named 'Your applications' when the feature is enabled.

Application launcher page in the self-service account


To find out more about how to set up quick access, visit this page.

Personal information

The Personal Information page provides a space for the customer to update information for their own account, including but not limited to

  • First Name
  • Middle Name
  • Last Name
  • Email Address
  • Phone Number
  • Address or any attribute which you choose to expose from the application's identity store.
Parsonal information page

Account settings

The Account Settings page provides customers the ability to see how they log in, as well as any social login accounts that they may have linked to this account.

The customer also has the ability to delete their own account - removing all of their profile data.

Account settings page

Security settings

The Security Settings page provides options for customers to configure Multi-factor Authentication settings, change their password, or view and delete any current sessions that may be accessing their account.

Security settings page


If the Passwordless login workflow is being used (via an Adaptive MFA policy) the Change Password screen will not be shown to those customers.

Privacy & data

The Privacy & Data page provides options for customers to view, opt-in, or opt-out to any consent per the consent policy for the application they are using.

Customers can also use this page to download a copy of their account information, supporting data portability requirements for a number of global regulatory standards.

Privacy & data page


Visit [self-service policy settings] (/docs/policy-settings) to learn how to fine-tune the customer experience of your application with self-service configuration options.