Create a sign-up and sign-in user flow

User flow defines the series of sign-up steps customers follow and the sign-in methods they can use (such as email and password, one-time passcodes, or social accounts from Google or Facebook). You can also collect information from customers during sign-up by selecting from a series of built-in user attributes or adding your own custom attributes. You can create multiple user flows if you have multiple applications that you want to offer to customers.

To create a sign-up and sign-in user flow, sign in to the Microsoft Entra admin center and browse to Identity > External Identities.

From the menu, select User flows. Then, select New user flow.

On the Create page, enter a Name for the user flow (for example, "SignUpSignIn"). Then, under Identity providers, select the Email Accounts check box, and then select one of these options. If you configured other identity providers, you can select them.

Under User attributes, choose the attributes you want to collect from the user during sign-up. Select Show more to choose from the full list of attributes, including Job Title, Display Name, and Postal Code and more. Then, select Create to create the user flow.

From the list, select the user flow you created.

The following steps activate the sign-up and sign-in experience (the user flow) for users who visit your application. In the left menu, under Use, select Applications.

Select Add Application

Select the application from the list. Or use the search box to find the application, and then select it. Choose Select.

Well done!

Your user flow successfully created and the application is linked to the user flow. When users sign-in to the Woodgrove application they will come across the sign-in and sign-up experience configured in the user flow.

Dependencies

This script is self-contained. Optionally, you can add an application to the user flow.

1. Create a user flow

To create a user flow, you create authentication events flow object that is of the type specified in the request body.

POST https://graph.microsoft.com/v1.0/identity/authenticationEventsFlows

Connect-MgGraph -Scopes "EventListener.ReadWrite.All"

There is an issue with the validationRegEx of the email attribure. Try to use ^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$

{
    "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",
    "displayName": "Default sign-up and sign-in",
    "description": "Woodgrove default sign-up and sign-in flow",
    "priority": 500,
    "conditions": {
        "applications": {
            "includeAllApplications": false
        }
    },
    "onInteractiveAuthFlowStart": {
        "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",
        "isSignUpAllowed": true
    },
    "onAuthenticationMethodLoadStart": {
        "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",
        "identityProviders": [
            {
                "@odata.type": "#microsoft.graph.builtInIdentityProvider",
                "id": "EmailPassword-OAUTH"
            }
        ]
    },
    "onAttributeCollection": {
        "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",
        "accessPackages": [],
        "attributeCollectionPage": {
            "customStringsFileId": null,
            "views": [
                {
                    "title": null,
                    "description": null,
                    "inputs": [
                        {
                            "attribute": "email",
                            "label": "Email Address",
                            "inputType": "text",
                            "defaultValue": null,
                            "hidden": true,
                            "editable": false,
                            "writeToDirectory": true,
                            "required": true,
                            "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$",
                            "options": []
                        },
                        {
                            "attribute": "displayName",
                            "label": "Display Name",
                            "inputType": "text",
                            "defaultValue": null,
                            "hidden": false,
                            "editable": true,
                            "writeToDirectory": true,
                            "required": true,
                            "validationRegEx": "^.*",
                            "options": []
                        },
                        {
                            "attribute": "country",
                            "label": "Country/Region",
                            "inputType": "radioSingleSelect",
                            "defaultValue": null,
                            "hidden": false,
                            "editable": true,
                            "writeToDirectory": true,
                            "required": false,
                            "validationRegEx": "^.*",
                            "options": [
                                {
                                    "label": "Australia",
                                    "value": "au"
                                },
                                {
                                    "label": "Spain",
                                    "value": "es"
                                },
                                {
                                    "label": "United States",
                                    "value": "us"
                                }
                            ]
                        },
                        {
                            "attribute": "city",
                            "label": "City",
                            "inputType": "text",
                            "defaultValue": null,
                            "hidden": false,
                            "editable": true,
                            "writeToDirectory": true,
                            "required": false,
                            "validationRegEx": "^.*",
                            "options": []
                        }
                    ]
                }
            ]
        },
        "attributes": [
            {
                "id": "email"
            },
            {
                "id": "city"
            },
            {
                "id": "country"
            },
            {
                "id": "displayName"
            }
        ]
    },
    "onUserCreateStart": {
        "@odata.type": "#microsoft.graph.onUserCreateStartExternalUsersSelfServiceSignUp",
        "userTypeToCreate": "member",
        "accessPackages": []
    }
}

New-MgBetaIdentityAuthenticationEventFlow -BodyParameter $params

1.1 Copy the user flow ID

From the response, copy the value of the user flow id. For example:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/authenticationEventsFlows/$entity",
    "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",
    "id": "11111111-0000-0000-c000-000000000000",
    "displayName": "Default sign-up and sign-in",
    "description": "Woodgrove default sign-up and sign-in flow",
    "more": "..."
}

2. Add your application to the user flow

To link an application to a user user flow, run the follow Microsoft Graph. Replace the {user-flow-ID} with your user flow ID. Replace the {app-ID} with your application ID.

POST https://graph.microsoft.com/v1.0/identity/authenticationEventsFlows/{user-flow-ID}/conditions/applications/includeApplications

Connect-MgGraph -Scopes "EventListener.ReadWrite.All"

{
    "@odata.type": "#microsoft.graph.authenticationConditionApplication",
    "appId": "{app-ID}"
}

New-MgBetaIdentityAuthenticationEventFlowIncludeApplication -AuthenticationEventsFlowId {user-flow-ID} -BodyParameter $params

Show example

Run the follow command to add the application ID '22222222-0000-0000-0000-000000000000' to the '11111111-0000-0000-c000-000000000000' user flow.

POST https://graph.microsoft.com/v1.0/identity/authenticationEventsFlows/11111111-0000-0000-c000-000000000000/conditions/applications/includeApplications

{
    "appId": "22222222-0000-0000-0000-000000000000"
}

New-MgBetaIdentityAuthenticationEventFlowIncludeApplication -AuthenticationEventsFlowId 11111111-0000-0000-c000-000000000000 -BodyParameter $params

Create a sign-up and sign-in user flow

Well done!

Dependencies

1. Create a user flow

1.1 Copy the user flow ID

2. Add your application to the user flow

About the demo

Sign-in

Sign-up

User profile

Security

Access management

User experience

Token and session

Reports and auditing

Advanced scenarios

Woodgrove Groceries live demo

Online retail demo

Sign-up or sign-in with email and password

Create a new Woodgrove account

Sign-in with your Woodgrove account

Company branding

Custom domain

Language customization

Preselect a language

Self-service password reset

Sign-in with social accounts

Prepopulate the sign in name

Sign-up with email one-time passcode

Create a new Woodgrove account

Sign-in with your email

Conditional Access and Multifactor authentication (MFA)

Restrict app to a set of users

Conditional Access

Step-up authentication upon risky action (MFA)

Custom security attribute based conditional access

Add claims to security tokens

Add claims to security tokens from a REST API

OAuth 2.0 On-Behalf-Of flow

Prepopulate sign-up attributes

Validate sign-up attributes

Modify sign-up's attribute values

Block a user from continuing the sign-up process

Role-based access control

Group-based access control

Collect user attributes during sign-up

Add links to terms of use and privacy policies

Single sign-on (SSO)

Token lifetime (not confirmed)

Force sign-in

Input constrained devices (Kiosk)

Finance

Edit your account

Delete your account

Disable an account

Your last activity

Application user activity insights

Sing-in logs

Automation with GitHub Workflows