This knowledge article explains why Self-Service Registration (SSR) fails when implemented using an Okta IDX SDK, resulting in the error: 

Unexpected remediation step: Expected 'select-enroll-profile' but received ['identify,unlock-account']

• Self-Service Registration (SSR)
• Okta Embedded SDK (for example, Okta IDX .NET SDK)
• Okta application assignment and user profile policies
• Okta Identity Engine (OIE)
• Okta Classic Engine

For the Self-Service Registration flow to be available when using an embedded SDK, the OpenID Connect (OIDC) application must be assigned to the user or group trying to register. Specifically, the groups assigned in the user profile policy that governs self-registration must also be assigned to the application itself.

If this condition is not met, the SDK will not receive the expected select-enroll-profile remediation step and will instead receive the authentication steps (identify, unlock-account), leading to the Unexpected remediation step error.

To resolve this issue, ensure the application has the correct group assignments that align with the Self-Service Registration policy.

1. Navigate to the Admin Dashboard in the Okta org.
2. Navigate to Applications and select the application being configured for self-service registration.
3. Go to the Assignments tab for the application.
4. Ensure that the group assigned in the Self-Service Registration user profile policy is also assigned to this application. Alternatively, enable Federation Broker Mode to grant implicit assignment to users.
5. After making the change, test the self-service registration flow again with the embedded SDK. The select-enroll-profile remediation step should now be received, and the sign-up link/flow will correctly initiate.

Related References

• "Sign Up" Link Missing from Okta Login Page During SP-initiated Login