Docs Menu

Docs HomeAtlas App Services

Create an App User

On this page

  • Overview
  • Identity
  • Link to Existing Accounts
  • Create an Email/Password User
  • Create an Email/Password User in the SDK
  • Manually Create an Email/Password User
  • Confirm a User
  • Re-run the User Confirmation Workflow
  • Summary

Atlas App Services provides various authentication providers to log users into your app. For most providers, App Services automatically creates a user account the first time a user authenticates through the provider. The only exception is email/password user authentication, which requires registering and confirming a user before the user can authenticate.


Apple Account Deletion Requirements

Apple requires that applications distributed through the App Store must give any user who creates an account the option to delete the account. Whether that app uses an authentication method where you must manually register a user, such as email/password authentication, or one that automatically creates a user, such as Sign-In with Apple, an app distributed through the App Store must implement user account deletion.

When you first log in with an authentication provider, App Services creates a user object that contains a unique identity ID and provider-specific metadata about the user.

A single user object can have more than one identity. You can use the Realm SDKs to link identities to existing user accounts. This allows users to log in to a single account with more than one provider. For more information, see the documentation on linking identities for your preferred SDK:

When you use email/password user authentication, you must first register a user, which creates the user object. You can register users in your client application using your preferred SDK or you can manually create email/password users.

After registering the user, you must confirm the user before they can authenticate.

Each SDK offers an API that enables you to register an email/password user. After registering the user, you must confirm the user before the they can authenticate. For code examples that demonstrate how to manage email/password users in the client application, see the documentation for the Realm SDKs:

You can create a new Email/Password user from the App Services UI, CLI, or Admin API. Manually-created users bypass any configured user confirmation flows.


Manually creating a user can be useful for testing and debugging your application in development.

You must confirm the email address of new Email/Password users before they are permitted to log into App Services. The exact method of confirmation depends upon your provider configuration, but typically involves a handshake process between the user and your application. You can read more about Email/Password user confirmation at Email/Password Confirmation.

Sometimes, users are unable to complete the confirmation process. For example:

  • An overzealous spam filter might block App Services email confirmation emails.

  • A proxy or web blocker could prevent a user from activating the confirmUser client SDK function via the client application.

  • An implementation error could cause the client application's user confirmation page to fail for specific use cases.

To help you work around cases like this, you can confirm users manually using the App Services UI or the Admin API:

A few circumstances can lead to incomplete Email/Password user confirmation workflows:

  • An email is caught by a spam filter, not delivered due to a bug, or accidentally deleted by a prospective App Services user.

  • A custom confirmation function is unable to communicate with an unconfirmed user due to a bug or oversight.

  • An unconfirmed user forgot to visit their confirmation link within 30 minutes of receiving their login tokens, and the tokens expired.

Users caught in this situation appear stuck in an unconfirmed state. Since an existing account has their email registered to it, users cannot create a new account with the same email address. Also, they cannot log into an account that is not confirmed.

Applications that use the built-in email confirmation service of App Services can use the resendConfirmationEmail Client SDK method to send a new email with a new confirmation link to the user, allowing them to confirm their account and log in. Calling this method will result in an error by any application using a confirmation flow other than send a confirmation email.

There is no such specific method to re-run a custom confirmation function. Instead, App Services has a method to trigger a re-run of whatever the current Email/Password user confirmation workflow happens to be. You can manually re-run the currently selected user confirmation flow using the App Services UI or the App Services Admin API:

  • For all providers except for Email/Password authentication, App Services automatically creates a user object the first time a user authenticates.

  • You can log in to a single account with more than one provider by using the Realm SDKs to link identities.

  • The Email/Password authentication provider requires users to create an account the first time they connect to your App.

  • Email/Password users must be confirmed manually through the App Services UI or Admin API.

  • Users caught in an incomplete Email/Password confirmation workflow must re-run the confirmation through the App Services UI or Admin API.

← Authenticate & Manage Users