Self-Registration | Planning Steps

Step 1 - Consider Messaging

The first planning step for Cirrus Self-Registration is to consider the messaging that will be used with end users. This mainly involves the following:

  1. Is the messaging going to be specific to one service provider, a group of service providers, or generic for the whole organization?

  2. Is the messaging going to be for a specific audience (for example applicants or alumni) or will it need to cover a broader audience of external access end users?

  3. Will the message overlap with messaging for API based Cirrus Account Linking or the Cirrus Invitation feature?

  4. Where will the static self-registration URL be presented to the audience(s) that will be using self-registration.

To help with your planning, see “Invitation | Message Setup” for descriptions and available dynamic content options for Self-Registration dialog messages.

Next you will want to look at Getting Started with Cirrus Self-Registration.

Self-Registration | Getting Started

Customers subscribing to Cirrus Self-Registration add-on will have the capability enabled for the customer’s organization. This is set by Cirrus Identity and customers should contact “” if there is a belief it should be enabled.

Customers will often subscribe to one or more additional Cirrus Identity modules to support desired implementation patterns. In addition to enabling Self-Registration, Cirrus Identity Provider Proxy and Cirrus External Identity Provider instances may be provisioned, and some initial setup for Cirrus Gateway and/or Cirrus Account Linking may also take place.

The following are the steps needed to get started using Cirrus Invitation:

  1. Customers should consider the Cirrus Self-Registration planning steps before starting. If help is needed, Cirrus Identity offers generally accepted practices, customer stories, and professional services to help.

  2. Depending on the target audience, Cirrus will provision other modules based on the customer’s subscription (or trial/PoC agreement). Modules such as Cirrus Gateway, Cirrus External Identity Provider, Cirrus Account Linking, and Cirrus External Identity Provider each have associated setup. See the “Getting Started” for each module as appropriate:

    1. Cirrus Gateway Getting Started

    2. Cirrus Account Linking Getting Started

    3. Cirrus Identity Provider Proxy Getting Started

    4. Cirrus External Identity Provider Getting Started

  3. If there is an identity provider or service provider that is needed by Invitation, but the metadata for the SP/IdP is not published to federation metadata (for example InCommon or eduGAIN), the metadata needs to be sent to Cirrus Identity Support ( for configuration.

  4. A member of the organization needs to have access to the Cirrus Console and to be granted the “Organization Administrator” (org admin) role for your organization (see Cirrus Console Getting Started).

  5. The SP (or the SP side of a Cirrus Proxy) will need to be active in the Cirrus Console and have the Invitation capability enabled. If it has not already been configured, an org admin will create the SP in the Console so it can be configured. While configuring the SP, the option to allow the SP to use Invitation needs to be enabled.

  6. From the Cirrus Console, an admin will configure the Cirrus Gateway to enable social login capabilities (see Cirrus Gateway Getting Started). Generally Invitation is used with social login options, however that is not a requirement and can be skipped if the Cirrus External Identity Provider and/or federated identity providers will only be used.

  7. From the Cirrus Console, an admin will configure the Cirrus Discovery Service to enable the end user to select the identity provider (social login, Cirrus External IdP, and/or federated identity providers) for login (see Cirrus Discovery Getting Started).

  8. From the Cirrus Console, an admin will start the configuration by going to the “My SPs | Self-Registration” page for the desired SP and follow the inline configuration instructions on the page.

  9. Change the configuration of SPs to trust the proper IdP, utilize the Cirrus Proxy if appropriate, and utilize the Cirrus Discovery Service as outlined by:

    1. Cirrus Discovery Getting Started

    2. Cirrus Gateway Getting Started

    3. Cirrus Identity Provider Proxy Getting Started

Once these steps are complete, you are ready to use Self-Registration. Self-Registration can be tested using the static registration URL provided at the bottom of the Self-Registration configuration page.

To monitor the self-registrations, Administrators can see all registrations from the “My SPs | Guests” page.

Self-Registration | Using Cirrus Self-Registration

It Doesn’t Have to Be Complicated

In some cases, allowing users to self-register for an account is appropriate even if all the user data collected in self-asserted. In cases where users are registering and paying for courses, for example, the payment process provides some level of trust to allow self-service registration. The Cirrus Identity self-registration option is an add-on service for situations that do not require an enterprise sponsor or the bootstrapping of a user account from a known enterprise identifier.

For Situations Where Their Word is Enough

There are times where a Customer is just looking for a persistent relationship with the End User but for various reasons, wants the burden of setting up that relationship to be as low as possible. That may be driven by marketing reasons, the fact the application is low risk, or that later processes will further validate the End User. The Self-Registration add-on extends the Cirrus Identity Account Linking or Invitation Service subscriptions to meet this need.

How It Works

The Self-Registration add-On extends either the Account Linking Service or Invitation Service with a static landing page for End Users to start the registration process. The solution provides options to register with a social login provider supported by the Cirrus Identity Gateway and, if the customer is using the Cirrus Identity External Identity Provider, custom external accounts as well. The add-on also extends the claim process shared by the Invitation Service and Account Linking to ensure there is a complete set of registration data at the end of the claim process.