Self-Serve Signup
Let users sign up, create a workspace, and connect their database through a guided wizard.
Atlas includes a self-serve signup flow that walks new users through account creation, workspace setup, and database connection — all from the browser. Once complete, users land in the chat UI ready to query.
SaaS
On app.useatlas.dev, signup is available immediately at app.useatlas.dev/signup. Social login (Google, GitHub, Microsoft) is pre-configured. Skip to How It Works for the user experience.
Self-hosted prerequisites
- Managed auth enabled (
ATLAS_AUTH_MODE=managed) - Internal database configured (
DATABASE_URL) - At least one LLM provider configured (
ATLAS_PROVIDER+ API key)
How It Works
The signup wizard is a five-step flow at /signup:
| Step | Route | What happens |
|---|---|---|
| 1. Create account | /signup | Email/password or OAuth (Google, GitHub, Microsoft) |
| 2. Name workspace | /signup/workspace | Workspace name + auto-generated slug (max 48 chars) |
| 3. Choose region | /signup/region | Select where workspace data is stored (SaaS only) |
| 4. Connect database | /signup/connect | Paste a PostgreSQL or MySQL URL, test it, save |
| 5. Done | /signup/success | Confirmation with next steps |
Each step validates before allowing the user to proceed. The database URL is tested against the live server before being saved.
Region Selection
SaaS only
Region selection appears only when data residency is configured on the platform. Self-hosted deployments and platforms without residency configured skip this step automatically.
In step 3, new users choose a data region for their workspace. This determines where all workspace data (conversations, audit logs, cached results) is physically stored.
Available Regions
Atlas supports three regions at launch:
| Region | ID | Compliance |
|---|---|---|
| US East | us-east | SOC 2 compliant |
| EU West | eu-west | GDPR compliant |
| Asia Pacific | ap-southeast | Regional data sovereignty |
The platform's default region is pre-selected. Users can choose a different region based on their compliance requirements.
Why It Matters
- Data residency — All workspace data stays in the selected region. This is critical for organizations subject to GDPR, CCPA, or other data sovereignty regulations
- Latency — Choosing a region close to your users and database reduces round-trip time
- Permanence — Region assignment is permanent at signup. To change regions later, workspace admins can request a migration from the Data Residency page in the admin console
How It Works
- The page loads available regions from
GET /api/v1/onboarding/regions - If residency is not configured (
configured: false), the step is skipped and the user proceeds directly to database connection - The user selects a region and clicks Continue
- The selection is saved via
POST /api/v1/onboarding/assign-region - The user proceeds to the database connection step
Enabling Social Login
SaaS
On app.useatlas.dev, Google, GitHub, and Microsoft login are pre-configured. This section is for self-hosted operators only.
Social OAuth buttons appear automatically when the corresponding environment variables are set. Each provider requires both a client ID and client secret:
| Provider | Environment Variables |
|---|---|
GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET | |
| GitHub | GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET |
| Microsoft | MICROSOFT_CLIENT_ID, MICROSOFT_CLIENT_SECRET |
# .env — enable Google and GitHub OAuth
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secretThe signup page checks which providers are available via GET /api/v1/onboarding/social-providers and renders OAuth buttons accordingly. If no social providers are configured, only email/password signup is shown.
See Social Providers for detailed OAuth setup instructions per provider.
Database Connection
In step 4, the user pastes a database URL (postgresql:// or mysql://). The wizard:
- Validates the URL scheme — only PostgreSQL and MySQL are supported
- Tests connectivity — creates a temporary connection, runs a health check, reports latency
- Persists on success — encrypts the URL at rest and saves it scoped to the user's workspace
Connection URLs are encrypted using BETTER_AUTH_SECRET or ATLAS_ENCRYPTION_KEY before storage. The URL is never stored in plaintext.
The connection is registered with a default ID of "default". If you need multiple datasources, add them later via the Admin Console.
Connection ID Rules
Custom connection IDs (optional) must be:
- 2–64 characters
- Lowercase alphanumeric, hyphens, or underscores
- Must start with a lowercase letter (
a-z) - Must end with a lowercase letter or digit
API Endpoints
The onboarding API is mounted at /api/v1/onboarding. All endpoints require managed auth mode.
| Method | Path | Auth | Description |
|---|---|---|---|
GET | /social-providers | None | List enabled OAuth providers |
GET | /regions | Session | List available data regions (returns configured, defaultRegion, availableRegions) |
POST | /assign-region | Session | Assign workspace to a data region (body: { region }) |
POST | /test-connection | Session | Test a database URL without saving |
POST | /complete | Session | Save connection and finalize workspace setup |
Test Connection
curl -X POST https://your-atlas.example.com/api/v1/onboarding/test-connection \
-H "Content-Type: application/json" \
-H "Cookie: your-session-cookie" \
-d '{ "url": "postgresql://user:pass@host:5432/mydb" }'Response:
{
"status": "healthy",
"latencyMs": 42,
"dbType": "postgresql",
"maskedUrl": "postgresql://user:****@host:5432/mydb"
}Complete Onboarding
curl -X POST https://your-atlas.example.com/api/v1/onboarding/complete \
-H "Content-Type: application/json" \
-H "Cookie: your-session-cookie" \
-d '{ "url": "postgresql://user:pass@host:5432/mydb" }'Response (201):
{
"connectionId": "default",
"dbType": "postgresql",
"maskedUrl": "postgresql://user:****@host:5432/mydb"
}Configuration (Self-Hosted)
SaaS
On app.useatlas.dev, auth and datasource configuration is handled automatically during signup. This section is for self-hosted operators only.
// atlas.config.ts
export default defineConfig({
auth: "managed",
datasources: {
default: { url: process.env.ATLAS_DATASOURCE_URL! },
},
});For most self-serve deployments, the datasource URL comes from the onboarding flow rather than a static config file. The atlas.config.ts is primarily used for self-hosted deployments with pre-configured connections.
After Signup
Once a user completes onboarding:
- Their workspace is active with one datasource connection
- The semantic layer whitelist cache is flushed, so new tables are queryable immediately
- They can start chatting, or run
atlas initto generate a semantic layer from the connected database
For semantic layer setup, see Semantic Layer.
See Also
- Authentication — Auth mode setup and configuration
- Social Providers — Detailed OAuth setup per provider
- Admin Console — Manage connections and users after signup
- Data Residency — Manage region assignment and migration after signup
- Environment Variables — Full variable reference