Implemented below.
Allow user to login with special username used only for new user requests
The users only has permission to submit a new record of type "UserRequest" which is a stateful record type that contains fields that user can enter data in for their new user request. You can also restrict the user from creating or running any queries putting them in restricted mode.
Submit action will triggers creating new user, sends mail and move this to close state.