ID DataWeb Integration Kit

ID DataWeb IdP Adapter settings reference

Field descriptions for the ID DataWeb IdP Adapter configuration screen.

Standard fields
Field Description

Client ID

The client ID provided to you by ID DataWeb.

Client Secret

The client secret provided to you by ID DataWeb.

ID DataWeb API Base URL

The URL of the the ID DataWeb API.

Production: https://api.iddataweb.com/

Pre-production: https://api.preprod.iddataweb.com/

Update Device Trust

When enabled, users can receive a boost to their the trust score for subsequent sign on attempts with a given device. When a user signs on successfully after being challenged with an "obligation" result from ID DataWeb, PingFederate contacts the ID DataWeb API to mark the device as "trusted." You can configure the amount and duration of the trust score boost in the ID DataWeb admin console. The boost affects the device, not the user account.

This check box is cleared by default.

Update Device Trust Using User Consent

When the user selects This is my device in a previous adapter, such as the HTML form adapter, PingFederate contacts the ID DataWeb API after the user signs on to mark the device as "trusted" for subsequent sign on attempts.

This setting works in conjunction with the Update Device Trust setting. If you do not select Update Device Trust, Update Device Trust Using User Consent will not mark the device as trusted.

This check box is cleared by default.

Update Device Trust API Key

The API key that PingFederate uses to communicate with the ID DataWeb API when marking a device as "trusted". Applies only when Update Device Trust is enabled.

This field is blank by default.

Device Profiling Method

Determines how the adapter handles session IDs and device profiling.

Captured by this adapter – The ID DataWeb IdP Adapter creates a session ID. In authentication API mode, it provides the device profiling URL (including session ID) to the external web application. In direct authentication mode, it runs the device profiling script.

Captured by a previous adapter – The ID DataWeb IdP Adapter looks for an existing session ID in an HTTP cookie.

For more details, see Device profiling methods.

If you completed the steps in Adding device profiling to an authentication page, select Captured by a previous adapter.

Otherwise, select Captured by this adapter.

The default value is Captured by this adapter.

Table 1. Advanced fields
Field Description

Device Profiling Script URL

The URL of the ID DataWeb script that collects the device profile during sign on. Applies only when Device Profiling Method is set to Captured by this adapter.

Applies only with the "Direct authentication mode - Captured by this adapter" device profiling method.

The default value is: https://content.maxconnector.com/fp/tags.js?org_id=716kkpe1&api_key=bvrbl1ev61nw7zq7&pageid=verify&session_id=${sessionId}

Device Profiling Timeout

The amount of time in milliseconds that PingFederate waits for the device profiling script to collect device details. Applies only when Device Profiling Method is set to Captured by this adapter.

The minimum value is 3000.

The default value is 5000.

Cookie Name

The name of the cookie that contains the identifier for the ThreatMetrix device profile. Applies only when Device Profiling Method is set to Captured by a previous adapter.

If you customized the name for the cookie in the optional Adding device profiling to an authentication page steps, enter the same name in this field.

The default value is idwUUID.

Failure Mode

When ID DataWeb is unavailable or an error occurs, this setting determines whether the user’s sign-on attempt should fail or continue with a pre-determined policy decision.

For cases where the ID DataWeb API is unavailable or returns an error, we recommend that you allow users to continue to sign on by satisfying stricter authentication requirements. You can do this in your adapter configuration by setting the Failure mode to return the obligation result. Alternately, you can do this in your authentication policy by setting the Fail outcome of the ID DataWeb IdP Adapter instance as shown in Adding ID DataWeb policy decisions to your authentication policy.

Fallback Policy Decision Value

The risk result (for example, "obligation", "deny", or "unknown") to use in the authentication policy when ID DataWeb is unavailable or an error occurs, and Failure Mode is set to Continue with fallback risk result.

The default value is deny.

Token API Endpoint

The ID DataWeb endpoint that issues access tokens.

The default value is /v1/token.

Verify API Endpoint

The ID DataWeb endpoint that performs one-time user verification.

The default value is /v1/flat/slverify.

Trust Device API Endpoint

The ID DataWeb endpoint that PingFederate contacts after a user successfully signs on. Applies only when Update Device Trust is enabled.

The default value is /v1/trustdevice.

API Request Timeout

The amount of time in milliseconds that PingFederate waits for the ID DataWeb API to respond to requests. A value of 0 disables the timeout.

Some ID DataWeb verification services have longer response times than others. Test your specific configuration and adjust this value based on the range of response times that you receive.

The default value is 2000.

Connection Timeout

The amount of time in milliseconds that PingFederate allows to establish a connection with the ID DataWeb API. A value of 0 disables the timeout.

The default value is 2000.

Proxy Settings

Defines proxy settings for outbound HTTP requests.

The default value is System Defaults.

Custom Proxy Host

The proxy server host name to use when Proxy Settings is set to Custom.

This field is blank by default.

Custom Proxy Port

The proxy server port to use when Proxy Settings is set to Custom.

This field is blank by default.

Verify HTTPS Hostname

When a connection is established with the ID DataWeb API, PingFederate matches the target host name against the names stored inside the server’s X.509 certificate. This security measure ensures that PingFederate is connecting to the correct server.

This check box is selected by default.