Add sign-up in an Android app by using native authentication - Microsoft identity platform

Applies to: Green circle with a white check mark symbol that indicates the following content applies to external tenants. External tenants (learn more)

This tutorial demonstrates how to sign up a user by using email one-time passcode or username (email) and password in your Android mobile app using native authentication. You also learn how to collect user attributes during sign-up, including a username (alias), and handle errors.

In this tutorial, you:

Sign up a user by using email one-time passcode or username (email) and password.
Collect user attributes during sign-up, including a username (alias).
Handle sign-up errors.

Prerequisites

Complete the steps in Tutorial: Prepare your Android app for native authentication.
If you want to collect user attributes during sign-up, configure the user attributes when you create your sign-up and sign-in user flow.
To collect a username (alias) during sign-up, enable the Username built-in user attribute in your tenant's sign-up user flow.

To sign up a user by using the email one-time passcode or username (email) and password, you collect an email from the user, then send an email containing an email one-time passcode to the user. The user enters a valid email one-time passcode to validate their username.

To sign up a user, you need to:

Create a user interface (UI) to:
- Collect an email from the user. Add validation to your inputs to make sure the user enters a valid email address.
- Collect a password if you sign up with username (email) and password.
- Collect a username (alias) if your app supports alias-based sign-in.
- Collect an email one-time passcode from the user.
- If needed, collect user attributes.
- Resend one-time passcode (recommended).
- Start sign-up flow.
In your app, add a button, whose select event triggers the following code snippet:
```
CoroutineScope(Dispatchers.Main).launch {
     val parameters = NativeAuthSignUpParameters(username = email)
     // Assign 'password' param if you sign in with username (email) and password
     // parameters.password = password
     val actionResult: SignUpResult = authClient.signUp(parameters)

     if (actionResult is SignUpResult.CodeRequired) {
         val nextState = actionResult.nextState
         val submitCodeActionResult = nextState.submitCode(
            code = code
         )
         if (submitCodeActionResult is SignUpResult.Complete) {
            // Handle sign up success
         }
    }
}
```
- Use the SDK's instance method, signUp(parameters) to start the sign-up flow.
- To sign up using username (email address) and password, create an instance of NativeAuthSignUpParameters class and assign your username and password.
- The sign-up parameter, username, is the email address you collect from the user.
- In most common scenario, the signUp(parameters) returns a result, SignUpResult.CodeRequired, which indicates that the SDK expects the app to submit the email one-time passcode sent to the user's email address.
- The SignUpResult.CodeRequired object contains a new state reference, which you can retrieve through actionResult.nextState.
- The new state gives you access to two new methods:
  - submitCode() submits the email one-time passcode that the app collects from the user.
  - resendCode() resends the email one-time passcode if the user doesn't receive the code.
- The submitCode() returns SignUpResult.Complete, which indicates that the flow is complete and the user has been signed up.
- The signUp(parameters) can also return SignUpError to denote that an error has occurred.

Whether you sign up a user using email one-time passcode or username (email) and password, you can collect user attributes before a user's account is created:

The NativeAuthSignUpParameters instance accepts an attributes parameter:

    CoroutineScope(Dispatchers.Main).launch {
        val parameters = NativeAuthSignUpParameters(username = email)
        // Assign 'password' param if you sign in with username (email) and password
        // parameters.password = password
        parameters.attributes = userAttributes
        val actionResult: SignUpResult = authClient.signUp(parameters)
        //...
    }

The Android SDK provides a utility class UserAttribute.Builder that you use to create user attributes. For example, to submit city and country user attributes, use the following code snippet to build the userAttributes variable:
```
     val userAttributes = UserAttributes.Builder ()
    .country(country) 
    .city(city) 
    .build()   
```
The method names in the UserAttribute.Builder class are same as the programmable names of the user attributes that they build. Learn more about Android SDK attribute builder.
The signUp(parameters) method can return SignUpResult.AttributesRequired to indicate that the app needs to submit one or more required attributes before Microsoft Entra creates an account. These attributes are configured by the administrator as mandatory in the Microsoft Entra admin center. Microsoft Entra doesn't explicitly request for optional user attributes.

The SignUpResult.AttributesRequired result contains a requiredAttributes parameter. requiredAttributes is a list of RequiredUserAttribute objects that contains details about the user attributes that the app needs to submit. To handle actionResult is SignUpResult.AttributesRequired, use the following code snippet:

val parameters = NativeAuthSignUpParameters(username = email)
// Assign 'password' param if you sign in with username (email) and password
// parameters.password = password
parameters.attributes = userAttributes
val actionResult: SignUpResult = authClient.signUp(parameters)

if (actionResult is SignUpResult.AttributesRequired) {
        val requiredAttributes = actionResult.requiredAttributes 
        // Handle "attributes required" result 
        val nextState = actionResult.nextState
        nextState.submitAttributes(
            attributes = moreAttributes
        )
}

The username (alias) is a special user attribute. Like other attributes such as city or country, you collect it during sign-up. Unlike those attributes, the user can later use the alias to sign in. The alias (for example, "johndoe") gives users a shorter, friendlier way to sign in than their email address.

The username (alias) doesn't replace the username (email). During sign-up, the app must always collect the username (email) as the primary identifier, and it collects the alias as an attribute alongside the email. At sign-in, the user can then choose to sign in with either their username (email) or their username (alias).

When the Username built-in user attribute is enabled in your sign-up user flow, the SDK accepts it through the same UserAttributes builder used for other attributes, by using the flatUsername() method. You can pass the username (alias) directly in the sign-up call so the user doesn't need to go through a separate attributes-required step.

To collect a username (alias), add an input field for the username in your sign-up UI alongside the email field, then pass the alias as an attribute in the sign-up call:

val email = binding.emailText.text.toString()
val password = binding.passwordText.text.toString()
val username = binding.usernameText.text.toString()

val attributes = UserAttributes.Builder()
    .flatUsername(username)
    .build()

CoroutineScope(Dispatchers.Main).launch {
    val actionResult = authClient.signUpUsingPassword(
        username = email,
        password = password,
        attributes = attributes
    )

    when (actionResult) {
        is SignUpResult.CodeRequired -> {
            // Navigate to code verification
            navigateToCodeVerification(actionResult.nextState)
        }
        is SignUpUsingPasswordError -> {
            handleSignUpError(actionResult)
        }
    }
}

For email one-time passcode flows (without password), use signUp instead of signUpUsingPassword:

val actionResult = authClient.signUp(
    username = email,
    attributes = attributes
)

During sign-up, not all actions succeed. For instance, the user might attempt to sign up with an already used email address or submit an invalid email one-time passcode.

To handle errors for the signUp() method, use the following code snippet:

 val parameters = NativeAuthSignUpParameters(username = email)
 // Assign 'password' param if you sign in with username (email) and password
 // parameters.password = password
val actionResult: SignUpResult = authClient.signUp(parameters)

if (actionResult is SignUpResult.CodeRequired) {
    // Next step: submit code
} else if (actionResult is SignUpError) {
     when {
         actionResult.isUserAlreadyExists() -> {
             // Handle "user already exists" error
         }
         else -> {
             // Handle other errors
         }
     }
}

signUp(parameters) can return SignUpError.
SignUpError indicates an unsuccessful action result returned by signUp() and won't include a reference to the new state.
If actionResult is SignUpError, the Microsoft Authentication Library (MSAL) Android SDK provides utility methods to analyze the specific errors further:
- The method isUserAlreadyExists() checks whether the username or alias has already been used to create an account.
- isInvalidAttributes() checks whether one or more attributes that the app submitted failed validation, such as wrong data type. It contains an invalidAttributes parameter, which is a list of all attributes that the app submitted, but failed validation.
- isInvalidPassword() checks whether the password is invalid, such as when the password doesn't meet all password complexity requirements. Learn more about Microsoft Entra's password policies
- isInvalidUsername() checks whether the username is invalid, such as when the user email is invalid.
- isBrowserRequired() checks whether a browser (web fallback) is needed to complete the authentication flow. This scenario happens when native authentication isn't sufficient to complete the authentication flow. For example, an admin configures email and password as the authentication method, but the app fails to send password as a challenge type or doesn't support it. Use the steps in Support web fallback in Android app to handle this scenario.
- isAuthNotSupported() checks whether the app sends a challenge type that Microsoft Entra doesn't support, that's a challenge type value other than oob or password. Learn more about challenge types.
Notify the user that the email is already in use or some attributes are invalid by using a friendly message in the app's UI.

To handle the error of invalid attributes, use the following code snippet:

val parameters = NativeAuthSignUpParameters(username = email)
// Assign 'password' param if you sign in with username (email) and password
// parameters.password = password
parameters.attributes = userAttributes
val actionResult: SignUpResult = authClient.signUp(parameters)

if (actionResult is SignUpError && actionResult.isInvalidAttributes()) {
    val invalidAttributes = actionResult.invalidAttributes

    // Handle "invalid attributes" error, this time submit valid attributes
    val parameters = NativeAuthSignUpParameters(username = email)
    // Assign 'password' param if you sign in with username (email) and password
    // parameters.password = password
    parameters.attributes = userAttributes
    authClient.signUp(parameters)
} 
//...

Handle submit email one-time passcode error

To handle errors for the submitCode() method, use the following code snippet:

val submitCodeActionResult = nextState.submitCode(
    code = code
)
if (submitCodeActionResult is SignUpResult.Complete) {
    // Sign up flow complete, handle success state.
} else if (submitCodeActionResult is SubmitCodeError) {
    // Handle errors under SubmitCodeError
     when {
         submitCodeActionResult.isInvalidCode() -> {
             // Handle "code invalid" error
         }
         else -> {
             // Handle other errors
         }
     }
}

submitCode() can return SubmitCodeError.
Use the isInvalidCode() method to check for the specific error, such as, the submitted code is invalid. In this case, the previous state reference must be used to reperform the action.

To retrieve a new email one-time passcode, use the following code snippet:

val submitCodeActionResult = nextState.submitCode(
    code = code
)
if (submitCodeActionResult is SubmitCodeError && submitCodeActionResult.isInvalidCode()) {
    // Inform the user that the submitted code was incorrect or invalid and ask for a new code to be supplied
    val newCode = retrieveNewCode()
    nextState.submitCode(
        code = newCode
    )
}

Make sure you include the import statements. Android Studio should include the import statements for you automatically.

You've completed all the necessary steps to sign up a user in your app. Build and run your application. If everything is configured correctly, you should be able to sign up the user by using email one-time passcode or email and password, and collect user attributes including a username (alias).

After a successful sign-up flow, you can sign in a user without initiating a sign-in flow. If the user signed up with a username (alias), they can sign in by using either their email address or their alias. Learn more in the Tutorial: Sign in user after sign-up in Android article.

Next steps

Tutorial: Add sign in and sign out with email one-time passcode in Android app.

Feedback

Was this page helpful?

Last updated on 2026-06-24

Tutorial: Add sign-up in an Android mobile app using native authentication

Prerequisites

Sign up a user

Collect user attributes during sign-up

Collect a username (alias) during sign-up

Handle sign-up errors

Handle start sign-up error

Handle submit email one-time passcode error

Optional: Sign in after a sign-up flow

Next steps

Feedback

Additional resources