Invite Users from Ask Password Flow in WSO2 Identity Server

Shan Chathusanda Jayathilaka
3 min readNov 9, 2022
Photo by Paulius Dragunas on Unsplash

Hi people, again we are meeting with another blog post regarding one of the handy features in WSO2 Identity Server. The Ask Password feature.

Before moving forward, if you are very new to WSO2 Identity Server, here is a brief on WSO2 Identity Server.

What is WSO2 Identity Server

As mentioned at the beginning we are going to discuss about inviting and re-inviting users to set there user account passwords via an email notification. In simple sending an Ask Password email and re-sending an Ask Password email. You can check the official documentation for invite new users if you need further details on this feature.

Let me quickly explain the scenario that we are going to use the Ask Password feature. An organization administrator wants to invite users to the organization without allowing them to self register. The admin will add the users to the system and then send an email with the instructions to reset the password or set the password.

Here I am using WSO2 Identity Server 6.0.0 version which is the latest public release. You can download the server from the Identity Server website for co-operate use cases and for non co-operate use cases you can get the code base from Identity Server Git Repository and build it locally.

Photo by Kelly Sikkema on Unsplash

Extract the file and go to the deployment.toml file located in <WSO2_IS_HOME>/repository/conf folder. Find the [] and add the requested configurations in order to configure the email sending capability of WSO2 Identity Server. Save and start the Identity Server.

Now log in to the Management Console from https://<HOST>:PORT/carbon. Since I am doing this in local machine, my HOST will be localhost and PORT will be 9443. So my Management console URL is https://localhost:9443/carbon. Enter the admin username and password and log in.

Go to Resident (Under Identity Providers) -> Expand User Onboarding -> Expand Ask Password -> Check the check box for Enable user email verification -> Click on Update

Enable Ask Password Flow

Now I will create a user from the user creation SCIM2 Rest API.

Here, by adding the askPassword value to true will trigger an email notification to the created user’s email address like the following.

Now, think a scenario that the invited user missed this email and and unable to create the password for the created user account. By default from 1440 minutes/24 hours/1 day this email will be expired. So if the user needs to create the password, admin needs to re-invite or re-send the email to the user. For resending we can use the following curl.

Now the user will receive another email with the link to create the password like the below.

Now ther user can create the password from the valid link in the resent email. That’s all for today’s discussion guys.

Until we meet again…

Adios Amigos…



Shan Chathusanda Jayathilaka

Senior Software Engineer @ WSO2 | Graduate in Computer Science, University of Ruhuna