---
title: Authentication nodes configuration reference
description: This page covers the configuration of the authentication nodes that are built into AM.
component: pingam
version: 7.5
page_id: pingam:am-authentication:auth-node-configuration-hints
canonical_url: https://docs.pingidentity.com/pingam/7.5/am-authentication/auth-node-configuration-hints.html
keywords: ["Authentication", "Nodes &amp; Trees", "Setup &amp; Configuration"]
page_aliases: ["authentication-guide:auth-node-configuration-hints.adoc"]
section_ids:
  basic-authn-nodes: Basic authentication nodes
  multifactor-authn-nodes: Multi-factor authentication nodes
  risk-authn-nodes: Risk management authentication nodes
  behavioral-authn-nodes: Behavioral authentication nodes
  contextual-authn-nodes: Contextual authentication nodes
  federation-authn-nodes: Federation authentication nodes
  identity-authn-nodes: Identity management authentication nodes
  utility-authn-nodes: Utility authentication nodes
  thing-auth-nodes: Thing authentication nodes
  uncategorized-auth-nodes: Uncategorized authentication nodes
---

# Authentication nodes configuration reference

This page covers the configuration of the authentication nodes that are built into AM.

|   |                                                                                                                                                                       |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Additional authentication nodes are available from the [Ping Identity Marketplace](https://marketplace.pingone.com/browse?products=pingAm\&contentType=journeyNodes). |

## Basic authentication nodes

Use the following nodes for basic authentication tasks, such as collecting usernames and passwords:

* [Data Store Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/data-store-decision.html)

* [Failure node](https://docs.pingidentity.com/auth-node-ref/7.5/failure.html)

* [Kerberos node](https://docs.pingidentity.com/auth-node-ref/7.5/self-managed/kerberos.html)

* [LDAP Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/ldap-decision.html)

* [Password Collector node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/password-collector.html)

* [Success node](https://docs.pingidentity.com/auth-node-ref/7.5/success.html)

* [Username Collector node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/username-collector.html)

* [Zero Page Login Collector node](https://docs.pingidentity.com/auth-node-ref/7.5/zero-page-login-collector.html)

## Multi-factor authentication nodes

Use the following nodes to configure trees with multi-factor authentication capabilities, such as web authentication and push authentication:

* [Combined MFA Registration node](https://docs.pingidentity.com/auth-node-ref/7.5/combined-mfa-registration.html)

* [Device Binding node](https://docs.pingidentity.com/auth-node-ref/7.5/device-binding.html)

* [Device Binding Storage node](https://docs.pingidentity.com/auth-node-ref/7.5/device-binding-storage.html)

* [Device Signing Verifier node](https://docs.pingidentity.com/auth-node-ref/7.5/device-signing-verifier.html)

* [Get Authenticator App node](https://docs.pingidentity.com/auth-node-ref/7.5/get-authenticator-app.html)

* [HOTP Generator node](https://docs.pingidentity.com/auth-node-ref/7.5/hotp-generator.html)

* [MFA Registration Options node](https://docs.pingidentity.com/auth-node-ref/7.5/mfa-registration-options.html)

* [OATH Device Storage node](https://docs.pingidentity.com/auth-node-ref/7.5/oath-device-storage.html)

* [OATH Registration node](https://docs.pingidentity.com/auth-node-ref/7.5/oath-registration.html)

* [OATH Token Verifier node](https://docs.pingidentity.com/auth-node-ref/7.5/oath-token-verifier.html)

* [Opt-out Multi-Factor Authentication node](https://docs.pingidentity.com/auth-node-ref/7.5/opt-out-multi-factor.html)

* [OTP Collector Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/otp-collector-decision.html)

* [OTP Email Sender node](https://docs.pingidentity.com/auth-node-ref/7.5/otp-email-sender.html)

* [OTP SMS Sender node](https://docs.pingidentity.com/auth-node-ref/7.5/otp-sms-sender.html)

* [Push Registration node](https://docs.pingidentity.com/auth-node-ref/7.5/push-registration.html)

* [Push Result Verifier node](https://docs.pingidentity.com/auth-node-ref/7.5/push-result-verifier.html)

* [Push Sender node](https://docs.pingidentity.com/auth-node-ref/7.5/push-sender.html)

* [Push Wait node](https://docs.pingidentity.com/auth-node-ref/7.5/push-wait.html)

* [Recovery Code Collector Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/recovery-code-collector-decision.html)

* [Recovery Code Display node](https://docs.pingidentity.com/auth-node-ref/7.5/recovery-code-display.html)

* [WebAuthn Authentication node](https://docs.pingidentity.com/auth-node-ref/7.5/webauthn-authentication.html)

* [WebAuthn Device Storage node](https://docs.pingidentity.com/auth-node-ref/7.5/webauthn-device-storage.html)

* [WebAuthn Registration node](https://docs.pingidentity.com/auth-node-ref/7.5/webauthn-registration.html)

## Risk management authentication nodes

Use the following nodes to examine the perceived risk associated with the authentication and act on it:

* [Account Active Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/account-active-decision.html)

* [Account Lockout node](https://docs.pingidentity.com/auth-node-ref/7.5/account-lockout.html)

* [Auth Level Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/auth-level-decision.html)

* [CAPTCHA node](https://docs.pingidentity.com/auth-node-ref/7.5/captcha.html)

* [Legacy CAPTCHA node](https://docs.pingidentity.com/auth-node-ref/7.5/legacy-captcha.html)

* [Modify Auth Level node](https://docs.pingidentity.com/auth-node-ref/7.5/modify-auth-level.html)

* [PingOne Protect Evaluation node](https://docs.pingidentity.com/auth-node-ref/7.5/pingone-protect-evaluation.html)

* [PingOne Protect Initialize node](https://docs.pingidentity.com/auth-node-ref/7.5/pingone-protect-initialize.html)

* [PingOne Protect Result node](https://docs.pingidentity.com/auth-node-ref/7.5/pingone-protect-result.html)

## Behavioral authentication nodes

Use the following nodes to adjust the behavior of authentication trees:

* [Increment Login Count node](https://docs.pingidentity.com/auth-node-ref/7.5/increment-login-count.html)

* [Login Count Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/login-count-decision.html)

## Contextual authentication nodes

Use the following nodes to authenticate with a digital certificate, change the flow, or set a cookie based on the authentication context:

* [Certificate Collector node](https://docs.pingidentity.com/auth-node-ref/7.5/self-managed/certificate-collector.html)

* [Certificate User Extractor node](https://docs.pingidentity.com/auth-node-ref/7.5/self-managed/certificate-user-extractor.html)

* [Certificate Validation node](https://docs.pingidentity.com/auth-node-ref/7.5/self-managed/certificate-validation.html)

* [Cookie Presence Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/cookie-presence-decision.html)

* [Device Geofencing node](https://docs.pingidentity.com/auth-node-ref/7.5/device-geofencing.html)

* [Device Location Match node](https://docs.pingidentity.com/auth-node-ref/7.5/device-profile-location-match.html)

* [Device Match node](https://docs.pingidentity.com/auth-node-ref/7.5/device-match.html)

* [Device Profile Collector node](https://docs.pingidentity.com/auth-node-ref/7.5/device-profile-collector.html)

* [Device Profile Save node](https://docs.pingidentity.com/auth-node-ref/7.5/device-profile-save.html)

* [Device Tampering Verification node](https://docs.pingidentity.com/auth-node-ref/7.5/device-tampering-verification.html)

* [Persistent Cookie Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/persistent-cookie-decision.html)

* [Set Custom Cookie node](https://docs.pingidentity.com/auth-node-ref/7.5/set-custom-cookie.html)

* [Set Persistent Cookie node](https://docs.pingidentity.com/auth-node-ref/7.5/set-persistent-cookie.html)

## Federation authentication nodes

Use the following nodes to configure trees with federation capabilities, such as OAuth 2.0, social authentication, and account provisioning:

* [OAuth 2.0 node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/oauth2.html)

* [OpenID Connect node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/oidc.html)

* [OIDC ID Token Validator node](https://docs.pingidentity.com/auth-node-ref/7.5/oidc-idtoken-validator.html)

* [Provision Dynamic Account node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/provision-dynamic-account.html)

* [Provision IDM Account node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/provision-IDM-account.html)

* [SAML2 Authentication node](https://docs.pingidentity.com/auth-node-ref/7.5/saml2.html)

* [Social Facebook node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/social-facebook.html)

* [Social Google node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/social-google.html)

* [Social Ignore Profile node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/social-ignore-profile.html)

* [Social Provider Handler node](https://docs.pingidentity.com/auth-node-ref/7.5/social-provider-handler.html)

* [Legacy Social Provider Handler node](https://docs.pingidentity.com/auth-node-ref/7.5/legacy-social-provider-handler.html)

* [Write Federation Information node](https://docs.pingidentity.com/auth-node-ref/7.5/write-federation-information.html)

## Identity management authentication nodes

Use the following nodes to perform identity management during an authentication tree flow, such as mapping anonymous users to a session.

* [Accept Terms and Conditions node](https://docs.pingidentity.com/auth-node-ref/7.5/accept-terms-and-conditions.html)

* [Attribute Collector node](https://docs.pingidentity.com/auth-node-ref/7.5/attribute-collector.html)

* [Attribute Present Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/attribute-present-decision.html)

* [Attribute Value Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/attribute-value-decision.html)

* [Consent Collector node](https://docs.pingidentity.com/auth-node-ref/7.5/consent-collector.html)

* [Create Object node](https://docs.pingidentity.com/auth-node-ref/7.5/create-object.html)

* [Create Password node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/create-password.html)

* [Display Username node](https://docs.pingidentity.com/auth-node-ref/7.5/display-username.html)

* [Identify Existing User node](https://docs.pingidentity.com/auth-node-ref/7.5/identify-existing-user.html)

* [KBA Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/kba-decision.html)

* [KBA Definition node](https://docs.pingidentity.com/auth-node-ref/7.5/kba-definition.html)

* [KBA Verification node](https://docs.pingidentity.com/auth-node-ref/7.5/kba-verification.html)

* [Pass-through Authentication node](https://docs.pingidentity.com/auth-node-ref/7.5/passthrough-authentication.html)

* [Patch Object node](https://docs.pingidentity.com/auth-node-ref/7.5/patch-object.html)

* [Platform Password node](https://docs.pingidentity.com/auth-node-ref/7.5/platform-password.html)

* [Platform Username node](https://docs.pingidentity.com/auth-node-ref/7.5/platform-username.html)

* [Profile Completeness Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/profile-completeness-decision.html)

* [Query Filter Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/query-filter-decision.html)

* [Required Attributes Present node](https://docs.pingidentity.com/auth-node-ref/7.5/required-attributes-present.html)

* [Select Identity Provider node](https://docs.pingidentity.com/auth-node-ref/7.5/select-identity-provider.html)

* [Terms and Conditions Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/terms-and-conditions-decision.html)

* [Time Since Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/time-since-decision.html)

## Utility authentication nodes

Use the following nodes to perform various tasks during the authentication flow:

* [Data Store Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/agent-data-store-decision.html)

* [Anonymous Session Upgrade node](https://docs.pingidentity.com/auth-node-ref/7.5/anonymous-session-upgrade.html)

* [Anonymous User Mapping node](https://docs.pingidentity.com/auth-node-ref/7.5/anonymous-user-mapping.html)

* [Choice Collector node](https://docs.pingidentity.com/auth-node-ref/7.5/choice-collector.html)

* [Configuration Provider node](https://docs.pingidentity.com/auth-node-ref/7.5/config-provider.html)

* [Email Suspend node](https://docs.pingidentity.com/auth-node-ref/7.5/email-suspend.html)

* [Email Template node](https://docs.pingidentity.com/auth-node-ref/7.5/email-template.html)

* [Failure URL node](https://docs.pingidentity.com/auth-node-ref/7.5/failure-url.html)

* [Get Session Data node](https://docs.pingidentity.com/auth-node-ref/7.5/get-session-data.html)

* [Inner Tree Evaluator node](https://docs.pingidentity.com/auth-node-ref/7.5/inner-tree-evaluator.html)

* [Message node](https://docs.pingidentity.com/auth-node-ref/7.5/message.html)

* [Meter node](https://docs.pingidentity.com/auth-node-ref/7.5/meter.html)

* [Page node](https://docs.pingidentity.com/auth-node-ref/7.5/page.html)

* [Polling Wait node](https://docs.pingidentity.com/auth-node-ref/7.5/polling-wait.html)

* [Query Parameter node](https://docs.pingidentity.com/auth-node-ref/7.5/query-parameter.html)

* [Register Logout Webhook node](https://docs.pingidentity.com/auth-node-ref/7.5/register-logout-webhook.html)

* [Remove Session Properties node](https://docs.pingidentity.com/auth-node-ref/7.5/remove-session-properties.html)

* [Request Header node](https://docs.pingidentity.com/auth-node-ref/7.5/request-header.html)

* [Retry Limit Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/retry-limit-decision.html)

* [Scripted Decision node](https://docs.pingidentity.com/auth-node-ref/7.5/scripted-decision.html)

* [Set Session Properties node](https://docs.pingidentity.com/auth-node-ref/7.5/set-session-properties.html)

* [State Metadata node](https://docs.pingidentity.com/auth-node-ref/7.5/state-metadata.html)

* [Success URL node](https://docs.pingidentity.com/auth-node-ref/7.5/success-url.html)

* [Timer Start node](https://docs.pingidentity.com/auth-node-ref/7.5/timer-start.html)

* [Timer Stop node](https://docs.pingidentity.com/auth-node-ref/7.5/timer-stop.html)

## Thing authentication nodes

Use the following nodes to perform various tasks related to authenticating IoT things:

* [Authenticate Thing node](https://docs.pingidentity.com/auth-node-ref/7.5/self-managed/authenticate-thing.html)

* [Register Thing node](https://docs.pingidentity.com/auth-node-ref/7.5/self-managed/register-thing.html)

## Uncategorized authentication nodes

* [Debug node](https://docs.pingidentity.com/auth-node-ref/7.5/am-only/debug.html)

* [Identity Assertion node](https://docs.pingidentity.com/auth-node-ref/7.5/identity-assertion-node.html)