alredho.com

Photo by Ben White / Unsplash

How to Enroll User Using Invitation Code in Authentik

Mar 2, 2026

I want to invite users using invitation code instead of the long string of invitation URL provided in Authentik. I can't believe I haven't been able to find a tutorial for this, so here we go.

With this setup you will just have to give the invitation flow URL (not the long one like the default Authentik invitation) with a working code to your user.

💡
This guide is written for Authentik version 2026.2.0. If you are using a different version, you can still follow along, just be aware that some menus, labels, or options may vary slightly and will need to be adapted accordingly.

Create a new Prompt

  1. Go to Flow and Stages > Prompts > Create
  2. Fill the name with invitation-code-prompt
  3. Fill the field key with invite_code
  4. You can put whatever label you want
  5. Set the type to Test: Simple Text Input
  6. Toggle the Required button

You can change the fields value if you know what you are doing

Screenshot 2026-03-02 152316.png

(Optional) Create New User Creation Prompts

This step is optional, I created new prompts because I want the user creation from invitation to have the fields in specific order. You can use the default prompts with their own fields order.

  1. Still in the Prompt page, click Create
  2. Create a new prompt for each Username, Email, Password, and Password (repeat)
  3. Make sure to fill the Order fields too
Field Username Email Password Password (repeat)
Name invitation-code-username invitation-code-email invitation-code-password invitation-code-password-repeat
Field Key username email password password_repeat
Label Username Email Password Password (repeat)
Type Username... Email... Password... Password...
Required True True True True
Order 0 1 2 3

Create a New Invite Code Policy

  1. Go to Customization > Policies > Create
  2. Pick Expression Policy
  3. Fill the name with invite-code-check
  4. Fill the expression field with the code below, change the allowed dictionary with the invitation codes and their expiry date-time in line 8 and 9, you can have as many codes as you want
from datetime import datetime 
from zoneinfo import ZoneInfo 

code = (context.get("prompt_data", {}).get("invite_code") or "").strip().upper() 

# Dictionary: CODE -> Expiry datetime string 
allowed = {
  "TESCODEIFEXPIRE": "2025-12-31 23:59:59",
  "TESCODEFORTHISYEAR": "2026-12-31 23:59:59",
} 

if code not in allowed: 
  ak_message("Invalid invite code. Dude, are you sure you are invited? Check your code again.") 
  return False 
  
jakarta = ZoneInfo("Asia/Jakarta") 

# Parse expiry time 
expiry_str = allowed[code] 
expiry = datetime.strptime(expiry_str, "%Y-%m-%d %H:%M:%S").replace(tzinfo=jakarta) 

# Check expiration 
now = datetime.now(jakarta) 
if now > expiry: 
  ak_message("This invite code has expired. You are too late, go get a new code.") 
  return False 
  
return True

You can change the code as you need. Don't forget to change the timezone also. As it is the user have to input an active case-sensitive code to pass the check.

You can also change the error messages in line 13 and 25.

Create a New Invite Code Stage

  1. Go to Flow and Stages > Stages > Create
  2. Pick Prompt Stage
  3. Fill the name with invite-code-stage
  4. Pass the invite-code-check policy to Selected Policies

Screenshot 2026-03-02 154806.png

Create a New Account Creation Stage

  1. Go to Flow and Stages > Stages > Create
  2. Pick Prompt Stage
  3. Fill the name with invitation-create-account
  4. Pass all the newly created user creation prompts to the stage

Screenshot 2026-03-02 155118.png

(Optional) Create a New Write Stage and Login Stage

  1. For the write stage, the type is User Write Stage, mine is named invitation-enrollment-user-write-internal with the Always create new user toggled and account type internal
  2. For the login stage, the type is User Login Stage, mine is named invitation-enrollment-user-login

Create a New Invitation Flow

  1. Go to Flows and Stages > Flows > Create
  2. Fill the name and slug invite, that way you'll just have to share short link to your user e.g. http://authentik.company/if/flow/invite/ instead of long invitation string
  3. Pick the Enrollment designation
  4. Pick Require no authentication for authentication

Screenshot 2026-03-02 160210.png

  1. Open the flow and go to the Stage Bindings tab
  2. Bind existing stage invite-code-stage and fill the order with 10
  3. Bind existing stage invitation-create-account and fill the order with 20
  4. Bind existing stage invite-code-stage and fill the order with 20
  5. Bind existing stage invitation-enrollment-user-write-internal and fill the order with 25
  6. Bind existing stage invitation-enrollment-user-login and fill the order with 30
  7. DONE!!

The order number is like that because I want the possibility to insert new stages between. You can use 0,1,2,3 and it will works fine.

Screenshot 2026-03-02 160722.png

Testing Time!

Now you should be able to go to https://authentik.company/if/flow/invite/ or whatever slug you are using.

An invalid code will result in this

Screenshot 2026-03-02 161156.png

An expired code will result in this

Screenshot 2026-03-02 161311.png

And a working code will forward user to account creation page

Screenshot 2026-03-02 161358.png

via GIPHY

Alredho Arya Pradana