PingAM 7.5.1

Email Suspend node

The Email Suspend node generates and sends an email, such as an address verification email based on an email template. This node relies on the email service configured in IDM to send the email.

This node generates a unique link and passes it as the resumeURI property for the template.

Authentication pauses until the end user clicks the link in the email to resume the flow. If there is no need to pause authentication and wait for a reply, use the Email Template node instead.

Compatibility

Product Compatible?

PingOne Advanced Identity Cloud

Yes

PingAM (self-managed)

This functionality requires that you configure AM as part of a sample Ping Identity Platform deployment.

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

The Email Suspend node either uses the identity profile in the shared state data or looks up the user profile. In either case, the node uses any applicable profile properties to populate the email template, omitting missing values from the populated template.

If Object Lookup is not enabled for the node (default), the shared state data must hold the Email Attribute with the recipient’s email address and any properties the email template uses.

If Object Lookup is enabled for the node, the shared state data must hold the profile value to match the configured Identity Attribute. The Email Suspend node uses the Identity Attribute to look up the profile, and its Email Attribute to get the recipient’s email address from the profile.

Dependencies

Before you use the Email Suspend node:

Configuration

Property Usage

Email Template Name

The name of the email template prepared as a dependency.

Default: registration

Email Attribute

The shared state data property or profile attribute for the recipient’s email address.

Default: mail

Email Suspend Message

The localized message to display when the node suspends authentication.

According to OWASP authentication recommendations, the message should be the same regardless of the validity of the recipient’s email address.

You can use plain text or HTML code in this message.

Default: An email has been sent to the address you entered. Click the link in that email to proceed.

Object Lookup

Whether to look up the managed identity profile.

Default: disabled

Identity Attribute

The attribute used to identify the managed object in IDM.

The node uses this when Object Lookup is enabled.

Default: userName

Outputs

This node doesn’t add to the shared state data.

Outcomes

The Email Suspend node has a single outcome path.

Evaluation continues when the end user clicks the link in the email to resume the flow.

Errors

This node doesn’t log any error or warning messages of its own.

Examples

The following default journeys use the Email Suspend node:

  • ForgottenUsername

  • ResetPassword

  • UpdatePassword

Forgotten username

In the default journey for recovering a forgotten username, the end user enters their email address to recover their username.

Before you start

  • Configure the email service.

  • Optionally use the email template editor to modify the forgottenUsername template.

The journey

Forgotten username journey with an [.label]#Email Suspend# node

a The Page node with an Attribute Collector node prompts for the end user’s email address.

b The Identify Existing User node attempts to look up the username by matching the email address to the email address in an identity profile.

The lookup fails if more than one user profile uses the same email address.

c The Email Suspend node reads the user profile, generates a unique resumeURI link to resume the journey, and populates the forgottenUsername email template. On success, the node makes a request to the email service to send the email. In any case, it displays the suspend message:

Message from an [.label]#Email Suspend# node

The node’s settings are:

Email Template Name

forgottenUsername

Email Attribute

mail (default)

Email Suspend Message

An email has been sent to the address you entered. Click the link in that email to proceed. (default)

Object Lookup

Enabled

Identity Attribute

mail

d When the end user clicks the link to resume the journey, the Inner Tree Evaluator node starts the Login journey.

Try the journey

Use the journey to recover the username for an account whose email you have access to. For example, if Babs Jensen’s account has your email address, the Email Suspend node sends you a message such as the following:

Email from the forgotten username journey

Follow the link to continue the journey and log in as Babs Jensen.

Registration

For an example registration journey showing how to use the Email Suspend node and the Email Template node, refer to the Email Template node examples.