PingOne

Overview of the SSO flow

With the PingOne Risk Integration Kit, PingFederate includes PingOne Risk in the sign-on flow.

The following figure shows how PingOne Risk is integrated into the sign-on process:

A flow diagram describing PingOne Risk.

Description

  1. A user initiates the sign-on process by requesting access to a protected resource.

  2. When device profiling is enabled, one of the following occurs, depending on the device profiling method:

    • An adapter that is earlier in the authentication flow runs a script that creates a device profile. The script passes the device profile to the PingOne Risk IdP Adapter in a series of HTTP cookies.

    • The PingOne Risk IdP Adapter creates a device profile.

  3. The PingOne Risk IdP Adapter collects transaction information, such as the user’s IP address.

  4. The adapter sends the transaction information and optional device profile to PingOne Risk.

  5. PingOne Risk returns a JSON payload with the risk result and other information, such as the IP reputation, to the adapter.

  6. The PingOne Risk IdP Adapter makes the risk result and other information available in the PingFederate authentication policy.

  7. PingFederate executes the authentication policy, which branches based on the risk result provided by the adapter.

  8. PingFederate returns the resource that the user requested.

  9. The adapter notifies PingOne Risk whether authentication ultimately succeeded. This helps PingOne Risk evaluate subsequent sign-on attempts.