Provisioning Users

Whenever a new user signs up via the hosted page, Anzu will create a user identity and dispatch a webhook including the provider-supplied information. Anzu does not guarantee that any information will be collected apart from the credentials used to sign up (email or phone number), but you can use the provider-supplied information to enrich the user details in your application. Alternatively, you can simply create the user with their email address and ask for their name and other details during the onboarding in your application.

User Provisioning Mode

Anzu supports two modes of user provisioning: Wait on auth page and Redirect Immediately.

Wait on auth page

For most applications, this is the preferred strategy (and thus the default setting). The user is kept on the auth page until your application confirms the user provisioning has been completed. This ensures that the user is not redirected to your application before the user has been created in your application.

Redirect Immediately

If your application gracefully handles requests from users that do not yet exist in the database (but are valid), you can choose to redirect the user immediately. This will allow the user to start using your application immediately, but you will have to handle the user provisioning in the background.

Receiving the webhook

Your application has to stay in sync with Anzu. This can be done by receiving webhook messages for user provisioning. Requests to create a user identity will look like the following:

  "webhookId": "2EFrLzPa0sOn7TrWUFbymG2lj7D",
  "version": "2022.8",
  "createdAt": "2022-09-03T12:49:23.005Z",
  "id": "2EG622yoQDGvwfYtJifWiupX0CC",
  "payload": {
    "provisionedWith": "email",
    "authAttempt": {
      "id": "2EG61ayyY6IyLesSfX8Md2qcA9b",
      "createdAt": "2022-09-03T12:49:19.974Z",
      "acceptedAt": "2022-09-03T12:49:22.613Z",
      "ipAddress": "<IP address>",
      "userAgent": "<user agent>"
    "identity": {
      "id": "2EG6211MgQNCxmpK8u1qkgcuBjw",
      "email": "<email>",
      "provider": "google",
      "avatarUrl": "<url>",
      "familyName": "Scheufler",
      "givenName": "Bruno",
      "name": "Bruno Scheufler"
  "kind": "user_management.user_identity_created",
  "scope": {
    "projectId": "2Di3esGvc8wqtLrZqG62PXRv2nC",
    "teamId": "23JxVZ7JwRDIhSmJixh6DjvbRxn",
    "environmentId": "2Di3hnldgONMkCwbPXbIMkUeeNp"

The exact payload and details available in the user identity depend on the selected auth provider. The provisionedWith field will contain the primary credential used to authenticate the user, either email or phoneNumber.

Confirming a user has been provisioned

Once you have created the user in your application, you can confirm the provisioning by sending a PUT request like the following

// Access token with 
const accessToken = process.env.ANZU_ACCESS_TOKEN;
const teamId = process.env.ANZU_TEAM_ID;
const projectId = process.env.ANZU_PROJECT_ID;
const environmentId = process.env.ANZU_ENVIRONMENT_ID;

async function completeProvisioning(userIdentityId) {
  await fetch(`${teamId}/projects/${projectId}/environments/${environmentId}/blocks/user_management/user_identities/${userIdentityId}`, {
    method: "PATCH",
    headers: {
      "Content-Type": "application/json",
      "Authorization": `Bearer ${accessToken}`
    body: JSON.stringify({
      "provisioning_status": "complete"