Component | Description |
|---|---|
| PingOne Risk Initialize Node | Provide Signal SDK configuration attribute, and instruct the client to initialize the Signal SDK. |
| PingOne Risk Evaluation Node | Handle requests and responses from clients, analyze risk results, and route to outcome. |
| PingOne Risk Result Node | Update evaluation authentication status. |
| PingOne Worker Service | Manage PingOne AccessToken, Client Credential OAuth2 Request to PingOne Platform, and cache the AccessToken. This component can be reused by other PingOne integrations. For example, PingOne Verify. |
| PingOne Protect Service | As API Client to PingOne Protect APIs. |
A typical journey to use OTP when Risk is High.
Work with the PingOne Worker Application (With Roles Environment Admin and Identity Data Admin) and retrieve a Client Credential Grant Access Token, the Access Token will be cached until expires or the service configuration is updated.
Refer to PingOne Service for setting up
Support Multiple PingOne Worker, each worker works with each PingOne Application
Instruct the client to initialize the SDK
None
| Property | usage |
|---|---|
| PingOne Worker Service ID | The ID of the PingOne worker service for connecting to PingOne. |
| Enable SDK Logs | When enabled, output SDK log messages in the developer console. Default is not enabled. |
| Custom Host | Custom Host to retrieve the "Pong" token. |
| Disable Hub | When selected, the client stores device data in the browser's localStorage only. When not selected (the default), an iframe is used. |
| Device Attributes To Ignore | A list of device attributes to ignore when collecting device signals. |
| Lazy Metadata | When enabled, calculate the metadata only on getData invocation, otherwise do it automatically on init. default is false |
| Collect Behavioral Data | When enabled (the default), collect behavioral data. When not enabled, behavioral data is not collected. |
| Disable Tags | When enabled the SDK will collect tag data. When not enabled (the default), tag data is not collected. |
| Device Key Rsync Intervals (days) | Number of days used to window the next time the device attestation should use the device fallback key. default is 14 days |
| Enable Trust | Tie the device payload to a non-extractable crypto key stored on the browser for content authenticity verification |
None
Next
Successfully initialized
Error
Error initializing
Provide input to the Create Risk Evaluation API and evaluate response.
The Node parses part of the API response and routes to the corresponding outcome (according to the best practice, it should use score-based policies):
Must have initialized the PingOne Service successfully before continuing to this node
| Property | Usage |
|---|---|
| Target App ID | The ID of the target application. |
| PingOne Worker Service ID | The ID of the PingOne worker service for connecting to PingOne. |
| Risk Policy Set ID | The ID of the risk policy set. If not specified, the environment's default risk policy set is used. |
| Score Threshold | Scoring higher than this value results in evaluation continuing along the Exceeds Score Threshold outcome. |
| Flow Type | The type of flow or event for which the risk evaluation is being carried out. Choose from:
|
| Device Sharing Type | Whether the device is shared between users or not. Choose from UNSPECIFIED, SHARED, or PRIVATE. |
| Node State Attribute For User ID | The node state variable that contains the user.id as it appears in PingOne Protect. If left blank, the node uses the current context UserId as the user.id. |
| Node State Attribute For Username | The node state variable that contains the user.name as it appears in PingOne Protect. If left blank, the node uses the current context Username as the user.name. |
| User Type | The type of user associated with the event. Choose from PING_ONE or EXTERNAL. |
| Pause Behavioral Data | After receiving the device signal, instruct the client to pause collecting behavioral data. |
| Store Risk Evaluation | Stores the risk evaluation response in node state under a key named
PingOneProtectEvaluationNode.RISK.Note: The key is empty if the node is unable to retrieve a risk evaluation from PingOne. |
| Recommended Actions | A list of recommended actions the risk evaluation could return. Each entry in the list becomes a node outcome. If the score does not exceed the threshold and a recommended action is present in the evaluation, the journey continues down the matching entry in this list. |
Result | Outcome | Description |
|---|---|---|
| result.score > ${score limit} | Exceed Score Threshold | The risk is too high, recommend not to accept the authentication |
| result.level = HIGH | High | High-Risk |
| result.level = MEDIUM | Medium | Medium-Risk |
| result.level = LOW | Low | Low-Risk |
| <Configurable Outcome> | If result with recommendedAction, and match with the predefined "Recommended Actions", the Node will route to the recommended Action outcome. | |
| Failure | Any failure to retrieve the API result, e.g. Invalid Access Token, Network Error, API Error, etc... | |
| ClientErrors | Any error from the client or SDK |
After successfully calling the API, the Shared State "PingOneRiskEvaluationNode.riskEvalID" will be set with the created ID, and later on we need to use the riskEvalID to update the evaluation status with PingOne Risk Result Node.
| Exceed Score Threshold) | → | Recommended Action (When response with recommendedAction and match with predefined | → | Level |
|---|
Score
What the user scored with the Evaluation
Risk Level
The level of risk the user poses
High
User poses a High risk
Medium
User poses a Medium risk
Low
User poses a Low risk
Exceed
User exceeded the risk
Failure
Evaluation failed for the user
Error
An error occurred causing the evaluation to fail
Update the final authentication result, so that the Risk Evaluation learns the result of the risk evaluation.
Risk level
| Property | Usage |
|---|---|
| Completion Status | The state of the transaction. Options are FAILED and SUCCESS. |
Risk result
Next
Went through the evaluation process
If these nodes log an error, review the log messages the find the reason for the error and address the issue appropriately.
