--- title: Node reference description: This page covers the configuration of the authentication nodes that are built into AM. component: pingam version: 8.1 page_id: pingam:am-authentication:auth-nodes-reference canonical_url: https://docs.pingidentity.com/pingam/8.1/am-authentication/auth-nodes-reference.html keywords: ["Authentication", "Nodes & Trees", "Setup & Configuration"] page_aliases: ["authentication-guide:auth-node-configuration-hints.adoc", "auth-modules-reference.adoc", "authentication-guide:auth-nodes-reference.adoc"] section_ids: basic-authn-nodes: Basic authentication nodes multifactor-authn-nodes: Multi-factor authentication nodes risk-authn-nodes: Risk management authentication nodes behavioral-authn-nodes: Behavioral authentication nodes contextual-authn-nodes: Contextual authentication nodes federation-authn-nodes: Federation authentication nodes identity-authn-nodes: Identity management authentication nodes utility-authn-nodes: Utility authentication nodes thing-auth-nodes: Thing authentication nodes uncategorized-auth-nodes: Uncategorized authentication nodes --- # Node reference This page covers the configuration of the authentication nodes that are built into AM. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Additional authentication nodes are available from the [Ping Identity Marketplace](https://marketplace.pingone.com/browse?products=pingAm\&contentType=journeyNodes). | ## Basic authentication nodes Use the following nodes for basic authentication tasks, such as collecting usernames and passwords: * [AD Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/ad-decision.html) * [Data Store Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/data-store-decision.html) * [Failure node](https://docs.pingidentity.com/auth-node-ref/8.1/failure.html) * [Kerberos node](https://docs.pingidentity.com/auth-node-ref/8.1/self-managed/kerberos.html) * [LDAP Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/ldap-decision.html) * [Password Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/password-collector.html) * [Success node](https://docs.pingidentity.com/auth-node-ref/8.1/success.html) * [Username Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/username-collector.html) * [Zero Page Login Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/zero-page-login-collector.html) ## Multi-factor authentication nodes Use the following nodes to configure trees with multi-factor authentication capabilities, such as web authentication and push authentication: * [Combined MFA Registration node](https://docs.pingidentity.com/auth-node-ref/8.1/combined-mfa-registration.html) * [Device Binding node](https://docs.pingidentity.com/auth-node-ref/8.1/device-binding.html) * [Device Binding Storage node](https://docs.pingidentity.com/auth-node-ref/8.1/device-binding-storage.html) * [Device Signing Verifier node](https://docs.pingidentity.com/auth-node-ref/8.1/device-signing-verifier.html) * [Enable Device Management node](https://docs.pingidentity.com/auth-node-ref/8.1/enable-device-management.html) * [Get Authenticator App node](https://docs.pingidentity.com/auth-node-ref/8.1/get-authenticator-app.html) * [HOTP Generator node](https://docs.pingidentity.com/auth-node-ref/8.1/hotp-generator.html) * [MFA Registration Options node](https://docs.pingidentity.com/auth-node-ref/8.1/mfa-registration-options.html) * [OATH Device Storage node](https://docs.pingidentity.com/auth-node-ref/8.1/oath-device-storage.html) * [OATH Registration node](https://docs.pingidentity.com/auth-node-ref/8.1/oath-registration.html) * [OATH Token Verifier node](https://docs.pingidentity.com/auth-node-ref/8.1/oath-token-verifier.html) * [Opt-out Multi-Factor Authentication node](https://docs.pingidentity.com/auth-node-ref/8.1/opt-out-multi-factor.html) * [OTP Collector Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/otp-collector-decision.html) * [OTP Email Sender node](https://docs.pingidentity.com/auth-node-ref/8.1/otp-email-sender.html) * [OTP SMS Sender node](https://docs.pingidentity.com/auth-node-ref/8.1/otp-sms-sender.html) * [Push Registration node](https://docs.pingidentity.com/auth-node-ref/8.1/push-registration.html) * [Push Result Verifier node](https://docs.pingidentity.com/auth-node-ref/8.1/push-result-verifier.html) * [Push Sender node](https://docs.pingidentity.com/auth-node-ref/8.1/push-sender.html) * [Push Wait node](https://docs.pingidentity.com/auth-node-ref/8.1/push-wait.html) * [Recovery Code Collector Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/recovery-code-collector-decision.html) * [Recovery Code Display node](https://docs.pingidentity.com/auth-node-ref/8.1/recovery-code-display.html) * [RSA SecurID node](https://docs.pingidentity.com/auth-node-ref/8.1/rsa-securid.html) * [WebAuthn Authentication node](https://docs.pingidentity.com/auth-node-ref/8.1/webauthn-authentication.html) * [WebAuthn Device Storage node](https://docs.pingidentity.com/auth-node-ref/8.1/webauthn-device-storage.html) * [WebAuthn Registration node](https://docs.pingidentity.com/auth-node-ref/8.1/webauthn-registration.html) ## Risk management authentication nodes Use the following nodes to examine the perceived risk associated with the authentication and act on it: * [Account Active Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/account-active-decision.html) * [Account Lockout node](https://docs.pingidentity.com/auth-node-ref/8.1/account-lockout.html) * [Auth Level Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/auth-level-decision.html) * [CAPTCHA node](https://docs.pingidentity.com/auth-node-ref/8.1/captcha.html) * [reCAPTCHA Enterprise node](https://docs.pingidentity.com/auth-node-ref/8.1/recaptcha-enterprise.html) * [Legacy CAPTCHA node](https://docs.pingidentity.com/auth-node-ref/8.1/legacy-captcha.html) * [Modify Auth Level node](https://docs.pingidentity.com/auth-node-ref/8.1/modify-auth-level.html) * [PingOne Protect Evaluation node](https://docs.pingidentity.com/auth-node-ref/8.1/pingone/pingone-protect-evaluation.html) * [PingOne Protect Initialize node](https://docs.pingidentity.com/auth-node-ref/8.1/pingone/pingone-protect-initialize.html) * [PingOne Protect Result node](https://docs.pingidentity.com/auth-node-ref/8.1/pingone/pingone-protect-result.html) ## Behavioral authentication nodes Use the following nodes to adjust the behavior of authentication trees: * [Increment Login Count node](https://docs.pingidentity.com/auth-node-ref/8.1/increment-login-count.html) * [Login Count Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/login-count-decision.html) ## Contextual authentication nodes Use the following nodes to authenticate with a digital certificate, change the flow, or set a cookie based on the authentication context: * [Certificate Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/certificate-collector.html) * [Certificate User Extractor node](https://docs.pingidentity.com/auth-node-ref/8.1/certificate-user-extractor.html) * [Certificate Validation node](https://docs.pingidentity.com/auth-node-ref/8.1/certificate-validation.html) * [Cookie Presence Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/cookie-presence-decision.html) * [Device Geofencing node](https://docs.pingidentity.com/auth-node-ref/8.1/device-geofencing.html) * [Device Location Match node](https://docs.pingidentity.com/auth-node-ref/8.1/device-location-match.html) * [Device Match node](https://docs.pingidentity.com/auth-node-ref/8.1/device-match.html) * [Device Profile Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/device-profile-collector.html) * [Device Profile Save node](https://docs.pingidentity.com/auth-node-ref/8.1/device-profile-save.html) * [Device Tampering Verification node](https://docs.pingidentity.com/auth-node-ref/8.1/device-tampering-verification.html) * [Persistent Cookie Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/persistent-cookie-decision.html) * [Set Custom Cookie node](https://docs.pingidentity.com/auth-node-ref/8.1/set-custom-cookie.html) * [Set Persistent Cookie node](https://docs.pingidentity.com/auth-node-ref/8.1/set-persistent-cookie.html) ## Federation authentication nodes Use the following nodes to configure trees with federation capabilities, such as OAuth 2.0, social authentication, and account provisioning: * [OAuth 2.0 node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/oauth2.html) * [OpenID Connect node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/oidc.html) * [OIDC ID Token Validator node](https://docs.pingidentity.com/auth-node-ref/8.1/oidc-idtoken-validator.html) * [Provision Dynamic Account node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/provision-dynamic-account.html) * [Provision IDM Account node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/provision-IDM-account.html) * [SAML2 Authentication node](https://docs.pingidentity.com/auth-node-ref/8.1/saml2.html) * [Social Facebook node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/social-facebook.html) * [Social Google node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/social-google.html) * [Social Ignore Profile node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/social-ignore-profile.html) * [Social Provider Handler node](https://docs.pingidentity.com/auth-node-ref/8.1/social-provider-handler.html) * [Legacy Social Provider Handler node](https://docs.pingidentity.com/auth-node-ref/8.1/legacy-social-provider-handler.html) * [Write Federation Information node](https://docs.pingidentity.com/auth-node-ref/8.1/write-federation-information.html) ## Identity management authentication nodes Use the following nodes to perform identity management during an authentication tree flow, such as mapping anonymous users to a session. * [Accept Terms and Conditions node](https://docs.pingidentity.com/auth-node-ref/8.1/accept-terms-and-conditions.html) * [Attribute Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/attribute-collector.html) * [Attribute Present Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/attribute-present-decision.html) * [Attribute Value Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/attribute-value-decision.html) * [Consent Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/consent-collector.html) * [Create Object node](https://docs.pingidentity.com/auth-node-ref/8.1/create-object.html) * [Create Password node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/create-password.html) * [Display Username node](https://docs.pingidentity.com/auth-node-ref/8.1/display-username.html) * [Identify Existing User node](https://docs.pingidentity.com/auth-node-ref/8.1/identify-existing-user.html) * [KBA Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/kba-decision.html) * [KBA Definition node](https://docs.pingidentity.com/auth-node-ref/8.1/kba-definition.html) * [KBA Verification node](https://docs.pingidentity.com/auth-node-ref/8.1/kba-verification.html) * [Pass-through Authentication node](https://docs.pingidentity.com/auth-node-ref/8.1/passthrough-authentication.html) * [Patch Object node](https://docs.pingidentity.com/auth-node-ref/8.1/patch-object.html) * [PingOne Create User node](https://docs.pingidentity.com/auth-node-ref/8.1/pingone/pingone-create-user.html) * [PingOne Delete User node](https://docs.pingidentity.com/auth-node-ref/8.1/pingone/pingone-delete-user.html) * [PingOne Identity Match node](https://docs.pingidentity.com/auth-node-ref/8.1/pingone/pingone-identity-match.html) * [PingOne Verify Completion Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/pingone/pingone-verify-completion-decision.html) * [PingOne Verify Evaluation node](https://docs.pingidentity.com/auth-node-ref/8.1/pingone/pingone-verify-evaluation.html) * [Platform Password node](https://docs.pingidentity.com/auth-node-ref/8.1/platform-password.html) * [Platform Username node](https://docs.pingidentity.com/auth-node-ref/8.1/platform-username.html) * [Profile Completeness Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/profile-completeness-decision.html) * [Query Filter Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/query-filter-decision.html) * [Required Attributes Present node](https://docs.pingidentity.com/auth-node-ref/8.1/required-attributes-present.html) * [Select Identity Provider node](https://docs.pingidentity.com/auth-node-ref/8.1/select-identity-provider.html) * [Terms and Conditions Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/terms-and-conditions-decision.html) * [Time Since Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/time-since-decision.html) ## Utility authentication nodes Use the following nodes to perform various tasks during the authentication flow: * [Agent Data Store Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/agent-data-store-decision.html) * [Amster JWT Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/amster-jwt-decision.html) * [Anonymous Session Upgrade node](https://docs.pingidentity.com/auth-node-ref/8.1/anonymous-session-upgrade.html) * [Anonymous User Mapping node](https://docs.pingidentity.com/auth-node-ref/8.1/anonymous-user-mapping.html) * [Backchannel Initialize node](https://docs.pingidentity.com/auth-node-ref/8.1/backchannel-initialize.html) * [Backchannel Notification node](https://docs.pingidentity.com/auth-node-ref/8.1/backchannel-notification.html) * [Backchannel Status node](https://docs.pingidentity.com/auth-node-ref/8.1/backchannel-status.html) * [Choice Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/choice-collector.html) * [Configuration Provider node](https://docs.pingidentity.com/auth-node-ref/8.1/config-provider.html) * [Email Suspend node](https://docs.pingidentity.com/auth-node-ref/8.1/email-suspend.html) * [Email Template node](https://docs.pingidentity.com/auth-node-ref/8.1/email-template.html) * [Failure URL node](https://docs.pingidentity.com/auth-node-ref/8.1/failure-url.html) * [Flow Control node](https://docs.pingidentity.com/auth-node-ref/8.1/flow-control.html) * [Get Session Data node](https://docs.pingidentity.com/auth-node-ref/8.1/get-session-data.html) * [Inner Tree Evaluator node](https://docs.pingidentity.com/auth-node-ref/8.1/inner-tree-evaluator.html) * [JWT Password Replay node](https://docs.pingidentity.com/auth-node-ref/8.1/jwt-password-replay.html) * [Message node](https://docs.pingidentity.com/auth-node-ref/8.1/message.html) * [Meter node](https://docs.pingidentity.com/auth-node-ref/8.1/meter.html) * [Page node](https://docs.pingidentity.com/auth-node-ref/8.1/page.html) * [Polling Wait node](https://docs.pingidentity.com/auth-node-ref/8.1/polling-wait.html) * [Query Parameter node](https://docs.pingidentity.com/auth-node-ref/8.1/query-parameter.html) * [Register Logout Webhook node](https://docs.pingidentity.com/auth-node-ref/8.1/register-logout-webhook.html) * [Remove Session Properties node](https://docs.pingidentity.com/auth-node-ref/8.1/remove-session-properties.html) * [Request Header node](https://docs.pingidentity.com/auth-node-ref/8.1/request-header.html) * [Retry Limit Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/retry-limit-decision.html) * [Scripted Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/scripted-decision.html) * [Set Error Details node](https://docs.pingidentity.com/auth-node-ref/8.1/set-error-details.html) * [Set Failure Details node](https://docs.pingidentity.com/auth-node-ref/8.1/set-failure-details.html) * [Set Logout Details node](https://docs.pingidentity.com/auth-node-ref/8.1/set-logout-details.html) * [Set Session Properties node](https://docs.pingidentity.com/auth-node-ref/8.1/set-session-properties.html) * [Set State node](https://docs.pingidentity.com/auth-node-ref/8.1/set-state.html) * [Set Success Details node](https://docs.pingidentity.com/auth-node-ref/8.1/set-success-details.html) * [State Metadata node](https://docs.pingidentity.com/auth-node-ref/8.1/state-metadata.html) * [Success URL node](https://docs.pingidentity.com/auth-node-ref/8.1/success-url.html) * [Timer Start node](https://docs.pingidentity.com/auth-node-ref/8.1/timer-start.html) * [Timer Stop node](https://docs.pingidentity.com/auth-node-ref/8.1/timer-stop.html) * [Update Journey Timeout node](https://docs.pingidentity.com/auth-node-ref/8.1/update-journey-timeout.html) ## Thing authentication nodes Use the following nodes to perform various tasks related to authenticating IoT things: * [Authenticate Thing node](https://docs.pingidentity.com/auth-node-ref/8.1/self-managed/authenticate-thing.html) * [Register Thing node](https://docs.pingidentity.com/auth-node-ref/8.1/self-managed/register-thing.html) ## Uncategorized authentication nodes * [App Policy Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/app-policy-decision.html) * [Debug node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/debug.html) * [Identity Assertion node](https://docs.pingidentity.com/auth-node-ref/8.1/identity-assertion-node.html) * [Policy Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/policy-decision.html) * [RADIUS Challenge Collector node](https://docs.pingidentity.com/auth-node-ref/8.1/radius-challenge-collector.html) * [RADIUS Decision node](https://docs.pingidentity.com/auth-node-ref/8.1/radius-decision.html)