---
title: Overview of the SSO flow
description: With the iovation Integration Kit, PingFederate includes the iovation API in the sign-on flow as follows.
component: iovation
page_id: iovation::pf_iovation_ik_overview_of_the_sso_flow
canonical_url: https://docs.pingidentity.com/integrations/iovation/pf_iovation_ik_overview_of_the_sso_flow.html
revdate: May 30, 2025
section_ids:
  description: Description
---

# Overview of the SSO flow

With the iovation Integration Kit, PingFederate includes the iovation API in the sign-on flow as follows.

![Diagram showing how the iovation API is integrated in the sign-on process.](_images/SSO_flow.png)

## Description

1. A user initiates the sign-on process by requesting access to a protected resource.

2. Depending on the device profiling method, the iovation IdP Adapter or a previous authentication adapter retrieves the latest JavaScript from iovation.

   |   |                                                                               |
   | - | ----------------------------------------------------------------------------- |
   |   | For the previous adapter method, this takes place at the same time as step 1. |

3. Depending on the device profiling method, the iovation IdP Adapter or a previous authentication adapter runs the iovation JavaScript, which builds the device profile and packages it in an encrypted blackbox.

4. The iovation IdP Adapter sends the blackbox and transaction insight parameters to the iovation API and requests the risk result for the transaction.

5. The iovation API returns a JSON payload with the risk result and other attributes to the iovation IdP Adapter.

6. The iovation IdP Adapter makes the risk result and contract attributes available in the authentication policy.

7. PingFederate executes the authentication policy, which branches based on the risk result reported by the iovation IdP Adapter.

8. PingFederate returns the resource that the user requested.