> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Describes how to customize the signup process to invite users to signup for an account in the context of a specific Auth0 application.

# Send Email Invitations for Application Signup

To restrict user signups or create accounts in bulk for your application, your application can provision users with user invitations.

<Warning>
  Organization member invitation differs from the user invitation workflow in this article. This article discusses how to generate invitations to sign up for an account in the context of a specific application. If you are working with Organizations and want to learn how to invite members to organizations via email, read [Invite Organization Members](/docs/manage-users/organizations/configure-organizations/invite-members) instead.
</Warning>

A typical user invitation workflow follows the steps below:

1. Administrator creates a user account.
2. Administrator sends a registration email invitation to the user.
3. User follows a link in the invitation email to set up a password for the account.
4. User creates and verifies a password.
5. User signs in.

## Generate invitations

A user invitation is basically a change password link repurposed as an invitation. The user invitation email is derived from the "change password" template. With Auth0, there are two common approaches to implementing user invitations:

* [Customize an email template](/docs/customize/email/email-templates) and use it to [send a change password email](/docs/customize/email/manage-email-flow).
* Create a password change ticket.

You can allow a user to access an existing account that you have created on their behalf. Then, send the user a unique link to set their password. You generate the unique link by creating a Password Change ticket where your invitation app calls the `/password-change` [Management API endpoint](https://auth0.com/docs/api/management/v2/#!/Tickets/post_password_change). You will need to:

* [Create an Auth0 database user](/docs/authenticate/database-connections) with the `user.email_verified` parameter set to `false`. You can use the [Create a User](https://auth0.com/docs/api/management/v2/#!/Users/post_users) endpoint.
* Have access to and [configure an external email service](/docs/customize/email/smtp-email-providers)
* [Get a Management API access token](/docs/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-testing)

### Create password change tickets

1. Specify the user using `user_id` or email and `connection_id` to the [Management API endpoint](https://auth0.com/docs/api/management/v2#!/Tickets/post_password_change).
2. Specify where the redirect sends the user. The `result_url` parameter is the redirect location your application sends the user after they set their password. In this case, the `result_url` should be your app login page. To learn more, read [Redirect Users After Login](/docs/authenticate/login/redirect-users-after-login). You may also use the `client_id` parameter shown below; after the customer verifies their email, they are redirected to your client's Default Login URI.
3. Specify the lifespan of the invitation link. Use the `ttl_sec` parameter to set how long the invitation link will remain active. The `ttl_sec` parameter should align with your relevant security concerns. The link is a one-time use, so once the user has set their password, it is not vulnerable to reuse.
4. Verify the email address. If sent to a registered email account, set the `mark_email_as_verified` parameter as `true`. You **should not** set the email verification to `true` if the email account is not registered. A successful request to this endpoint will return a ticket URL. You will use that URL to create the user invitation.

For more information, read [Configure Default Login Routes](/docs/authenticate/login/auth0-universal-login/configure-default-login-routes).

```bash lines
curl -- request POST \
  --url 'https://{yourAuth0Tenant}/api/v2/tickets/password-change' \
  --header "Content-Type: application/json" \
  --data '{"user_id":,{yourUserID}","client_id":"{yourClientID","ttl_sec":0,"mark_email_as_verified":true,"includeEmailInRedirect":false}'
```

### Add query parameters ticket URL

You can add query parameters to the URL to customize the password reset UI. The returned URL has a unique code value that allows the user to set their password followed by a `#`. Do not edit anything before the `#`.

Add a parameter to specify a set password workflow UI. Example:

```http lines
#type=invite
```

Add a parameter to identify the target app. Example:

```http lines
#app=AppName
```

### Create email template

The email invitation needs to be sent with your existing email service provider. [Customize the password change email template](/docs/customize/email/email-templates) so the language in the email aligns with your use case. Include the link generated from the steps above. The text in the email should explain:

* The next steps to claiming the user account.
* The expiration of the link.
* Steps to generate a new invite if it has expired.

For example, when creating the user to invite, you might add a property to `user.app_metadata` that shows this user account was invited. Then in your email template you could check for this property:

```liquid lines
{% if user.app_metadata.invitedToMyApp == true %}
  // user invitation email
{% else %}
  // password change email
{% endif %}
```

## Customize Password Reset UI

Once the user clicks the link in the invitation they will be brought to the <Tooltip tip="Universal Login: Your application redirects to Universal Login, hosted on Auth0's Authorization Server, to verify a user's identity." cta="View Glossary" href="/docs/glossary?term=Universal+Login">Universal Login</Tooltip> Password Reset page where they will set a password for their account. Since this page is used both for the forgot password workflow and for your user invitations, you will want to use the query parameters you defined earlier to identify the invite workflow and customize the UI accordingly. To learn more, read [Customize Password Reset Page](/docs/customize/login-pages/classic-login/customize-password-reset-page) for Classic Login or [Customize Universal Login](/docs/customize/login-pages/universal-login) for Universal Login.

## Complete the user experience

In most cases, once the user has set their password, you grant them access to the target app. The target app initiates the login sequence with the following steps:

1. User submits password.
2. Change password screen redirects return URL.
3. Target app redirects to `/authorize`.
4. User submits their credentials.
5. User is authenticated into the app.

The workflow involves redirects but it is possible for the transition from the set password form to the login form to appear seamless to the end user.

If you're using Classic Login, the `result_url` you set when you created the password change ticket is where the user will be redirected after creating their password. In this case, you want the URL to be on the site the user has been invited to so that it can initiate the login workflow. Your target app will need to parse the `success` parameter to confirm no errors occurred then immediately initiate the redirect back to Auth0 to log the user in.

To optimize the user experience, you can have the target app parse the `email` parameter and include it with the authentication request as the `login_hint` parameter. This will pre-fill the user's email address in the login form.

## Learn more

* [Customize Email Templates](/docs/customize/email/email-templates)
* [Customize Email Handling](/docs/customize/email/manage-email-flow)
* [Configure External SMTP Email Providers](/docs/customize/email/smtp-email-providers)
