PingAM 7.5.0

PingOne Protect Result node

The PingOne Protect Result node updates the risk evaluation configuration, or modify the completion status of the resource while the risk evaluation is still in progress.

You can check the results of the evaluation in the PingOne admin console, by filtering for Risk Evaluation Updated event types.

Compatibility

Product Compatible?

PingOne Advanced Identity Cloud

No

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

This node is not currently compatible with the following user interfaces:

  • The XUI interface provided by standalone AM deployments.

  • The Platform UI interface provided by Advanced Identity Cloud and ForgeOps deployments.

You can only use this node in client applications built using the ForgeRock SDK. Refer to Integrate with PingOne Protect for risk evaluations.

Inputs

This node requires that you have initialized PingOne Protect in your client application. For example, by using a PingOne Protect Evaluation node previously in the journey or by initializing the SDK within the app itself.

Dependencies

This node requires a PingOne Worker Service configuration so that it can connect to your PingOne instance and send it the necessary data to make risk evaluations as part of the journey.

Configuration

Property Usage

Completion Status

Report the status of the journey back to PingOne.

Choose from:

  • FAILED

  • SUCCESS

Outputs

This node does not change the shared node state.

Outcomes

Single outcome path.

The node attempts to update the PingOne server but continues along the single outcome without confirming the server received the update.

Example

The following example journey leverages PingOne Protect functionality to perform a risk evaluation on a client app. The client app is built using the ForgeRock SDKs.

Example PingOne Protect journey
Figure 1. Example PingOne Protect journey
  • 1 The PingOne Protect Initialization node instructs the SDK to initialize the PingOne Protect Signals API with the configured properties.

    Initialize the PingOne Protect Signals API as early in the journey as possible, before any user interaction.

    + This enables it to gather sufficient contextual data to make an informed risk evaluation.

  • The user enters their credentials, which are verified against the identity store.

  • 2 The PingOne Protect Evaluation node performs a risk evaluation against a risk policy in PingOne.

    The example journey continues depending on the outcome:

    High

    The journey requests that the user respond to a push notification.

    Medium or Low

    The risk is not significant, so no further authentication factors are required.

    Exceeds Score Threshold

    The score returned is higher than the configured threshold and is considered too risky to complete successfully.

    Failure

    The risk evaluation could not be completed, so the authentication attempt continues to the Failure node.

    BOT_MITIGATION

    The risk evaluation returned a recommended action to check for the presence of a human, so the journey continues to a CAPTCHA node.

    ClientError

    The client returned an error when attempting to capture the data to perform a risk evaluation, so the authentication attempt continues to the Failure node.

  • 3 An instance of the PingOne Protect Result node returns the Success result to PingOne, which can be viewed in the console to help with analysis and risk policy tuning.

  • 4 A second instance of the PingOne Protect Result node returns the Failed result to PingOne, which can be viewed in the console to help with analysis and risk policy tuning.