PingOneProtectEvaluation
Realm Operations
Resource path:
/realm-config/authentication/authenticationtrees/nodes/product-PingOneProtectEvaluationNode/1.0
Resource version: 3.0
create
Usage
am> create PingOneProtectEvaluation --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "dynamicRiskPolicySetID" : { "title" : "Use Node State Attribute For Risk Policy Set ID", "description" : "Setting this to <code>true</code> instructs the node to get the risk policy set ID from node state using the value of <code>Risk Policy Set ID</code>.<br><br>This only applies if <code>Risk Policy Set ID</code> is set.<br><br>If a value corresponding to the key provided in \"Risk Policy Set ID\" can't be found, no value is sent to PingOne and the default risk policy is applied.", "propertyOrder" : 350, "type" : "boolean", "exampleValue" : "" }, "storeEvaluateResult" : { "title" : "Store Risk Evaluation", "description" : "Stores the risk evaluation response in node state under a key named <code>PingOneProtectEvaluationNode.RISK</code>.<br><br><em>Note</em>: The key is empty if the node is unable to retrieve a risk evaluation from PingOne.", "propertyOrder" : 1200, "type" : "boolean", "exampleValue" : "" }, "dynamicTargetResourceName" : { "title" : "Use Node State Attribute For Target App Name", "description" : "Setting this to <code>true</code> instructs the node to get the target application name from node state using the value of <code>Target App Name</code>. <br><br> This only applies if <code>Target App Name</code> is set.", "propertyOrder" : 270, "type" : "boolean", "exampleValue" : "" }, "pingOneWorker" : { "title" : "PingOne Worker Service ID", "description" : "The ID of the PingOne worker service for connecting to PingOne.", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" }, "username" : { "title" : "Node State Attribute For Username", "description" : "The node state variable that contains the <code>user.name</code> value to send to PingOne Protect. <br><br>If left blank, the node uses the current context <code>Username</code> as the user.name.", "propertyOrder" : 1100, "type" : "string", "exampleValue" : "" }, "riskPolicySetID" : { "title" : "Risk Policy Set ID", "description" : "The ID of the risk policy set.<br><br>If not specified, the environment's default risk policy set is used.<br><br>If you enable \"Targeted Policies Evaluation\", this value is ignored.<br><br>If you enable \"Use Node State Attribute For Risk Policy Set ID\", the node uses this value as a key to retrieve the required value from node state. Otherwise, the node uses the literal value provided in this field.", "propertyOrder" : 300, "type" : "string", "exampleValue" : "" }, "deviceExternalId" : { "title" : "Node State Attribute For Device External ID", "description" : "The node state variable that contains an external device ID to send to PingOne Protect in the evaluation request. <br><br>This property lets you send a custom device ID to PingOne Protect in addition to the device ID provided by the Signals SDK.", "propertyOrder" : 1400, "type" : "string", "exampleValue" : "" }, "userId" : { "title" : "Node State Attribute For User ID", "description" : "The node state variable that contains the <code>user.id</code> value to send to PingOne Protect. <br><br>If left blank, the node uses the current context <code>UserId</code> as the user.id.", "propertyOrder" : 1000, "type" : "string", "exampleValue" : "" }, "targetedPoliciesEvaluation" : { "title" : "Targeted Policies Evaluation", "description" : "If enabled, the risk evaluation uses the targeted policies defined in the PingOne user environment rather than a specific policy.", "propertyOrder" : 360, "type" : "boolean", "exampleValue" : "" }, "userGroups" : { "title" : "Node State Attribute For User Groups", "description" : "The node state variable that contains the list of group names to send to PingOne Protect. <br><br>If left blank, the node sends the user groups from the current context identity.", "propertyOrder" : 1110, "type" : "string", "exampleValue" : "" }, "scoreThreshold" : { "title" : "Score Threshold", "description" : "Scoring higher than this value results in evaluation continuing along the <strong>Exceeds Score Threshold</strong> outcome.", "propertyOrder" : 700, "type" : "string", "exampleValue" : "" }, "sessionId" : { "title" : "Node State Attribute For Event Session ID", "description" : "The node state variable that contains the Session ID to use in the risk evaluation event sent to PingOne Protect. <br><br>This session ID is used to help track requests sent to PingOne. If left blank, the PingAM audit tracking ID for the session is used.", "propertyOrder" : 1500, "type" : "string", "exampleValue" : "" }, "customAttributes" : { "title" : "Node State Attribute For Custom Attributes", "description" : "The node state variable that contains the custom attributes map for PingOne Protect. <br><br>If left blank, no custom attributes are sent in the request.", "propertyOrder" : 1300, "type" : "string", "exampleValue" : "" }, "recommendedActions" : { "title" : "Recommended Actions", "description" : "A list of recommended actions the risk evaluation could return. Each entry in the list becomes a node outcome. If the score does not exceed the threshold and a recommended action is present in the evaluation, the journey continues down the matching entry in this list.", "propertyOrder" : 800, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "nodeStateAttributeForSubtype" : { "title" : "Node State Attribute For Flow Subtype", "description" : "The node state attribute containing the flow subtype for which the risk evaluation is being carried out.If set, this value takes precedence over the <code>Authentication Flow Subtype</code> and <code>Authorization Flow Subtype</code>.", "propertyOrder" : 430, "type" : "string", "exampleValue" : "" }, "authorizationFlowSubtype" : { "title" : "Authorization Flow Subtype", "description" : "If it's an AUTHORIZATION flow, the flow subtype for which the risk evaluation is being carried out.If <code>Node State Attribute For Flow Subtype</code> is set, that value takes precedence.", "propertyOrder" : 420, "type" : "string", "exampleValue" : "" }, "authenticationFlowSubtype" : { "title" : "Authentication Flow Subtype", "description" : "If it's an AUTHENTICATION flow, the flow subtype for which the risk evaluation is being carried out.If <code>Node State Attribute For Flow Subtype</code> is set, that value takes precedence.", "propertyOrder" : 410, "type" : "string", "exampleValue" : "" }, "deviceSharingType" : { "title" : "Device Sharing Type", "description" : "Whether the device is shared between users or not. <br><br>Choose from <code>UNSPECIFIED</code>, <code>SHARED</code>, or <code>PRIVATE</code>.", "propertyOrder" : 500, "type" : "string", "exampleValue" : "" }, "targetResourceID" : { "title" : "Target App ID", "description" : "The ID of the target application.<br><br>If you enable \"Use Node State Attribute For Target App ID\", the node uses this value as a key to retrieve the required value from node state. Otherwise, the node uses the literal value provided in this field.", "propertyOrder" : 200, "type" : "string", "exampleValue" : "" }, "targetResourceName" : { "title" : "Target App Name", "description" : "The name of the target application. This is only used if <code>Target App ID</code> is set.<br><br>If you enable \"Use Node State Attribute For Target App Name\", the node uses this value as a key to retrieve the required value from node state. Otherwise, the node uses the literal value provided in this field.", "propertyOrder" : 260, "type" : "string", "exampleValue" : "" }, "pauseBehavioralData" : { "title" : "Pause Behavioral Data", "description" : "After receiving the device signal, instruct the client to pause collecting behavioral data.", "propertyOrder" : 900, "type" : "boolean", "exampleValue" : "" }, "flowType" : { "title" : "Flow Type", "description" : "The type of flow or event for which the risk evaluation is being carried out. Choose from: <ul><li><code>REGISTRATION</code> - initial registration of an account</li><li><code>AUTHENTICATION</code> - standard authentication for login or actions such as password change</li><li><code>ACCESS</code> - verification of whether user can access the relevant application</li><li><code>AUTHORIZATION</code> - verification of whether user is authorized to perform a specific action such as a profile change</li><li><code>TRANSACTION</code> - authentication carried out in the context of a purchase or other one-time transaction</li></ul>", "propertyOrder" : 400, "type" : "string", "exampleValue" : "" }, "dynamicTargetResourceID" : { "title" : "Use Node State Attribute For Target App ID", "description" : "Setting this to <code>true</code> instructs the node to get the target application ID from node state using the value of <code>Target App ID</code>. <br><br> This only applies if <code>Target App ID</code> is set.", "propertyOrder" : 250, "type" : "boolean", "exampleValue" : "" } }, "required" : [ "dynamicRiskPolicySetID", "storeEvaluateResult", "dynamicTargetResourceName", "pingOneWorker", "targetedPoliciesEvaluation", "scoreThreshold", "recommendedActions", "authorizationFlowSubtype", "authenticationFlowSubtype", "deviceSharingType", "pauseBehavioralData", "flowType", "dynamicTargetResourceID" ] }
delete
Usage
am> delete PingOneProtectEvaluation --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
getType
List information related to the node such as a name, description, tags and metadata.
Usage
am> action PingOneProtectEvaluation --realm Realm --actionName getType
getUpgradedConfig
Get the upgraded configuration for the node type.
Usage
am> action PingOneProtectEvaluation --realm Realm --body body --actionName getUpgradedConfig --targetVersion targetVersion
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "title" : "The current configuration of the node type." } - --targetVersion
-
=== listOutcomes
List the available outcomes for the node type.
Usage
am> action PingOneProtectEvaluation --realm Realm --body body --actionName listOutcomes
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "description" : "Some configuration of the node. This does not need to be complete against the configuration schema.", "type" : "object", "title" : "Node configuration" }
query
Get the full list of instances of this collection. This query only supports _queryFilter=true filter.
Usage
am> query PingOneProtectEvaluation --realm Realm --filter filter
Parameters
- --filter
-
A CREST formatted query filter, where "true" will query all.
read
Usage
am> read PingOneProtectEvaluation --realm Realm --id id
Parameters
- --id
-
The unique identifier for the resource.
update
Usage
am> update PingOneProtectEvaluation --realm Realm --id id --body body
Parameters
- --id
-
The unique identifier for the resource.
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "dynamicRiskPolicySetID" : { "title" : "Use Node State Attribute For Risk Policy Set ID", "description" : "Setting this to <code>true</code> instructs the node to get the risk policy set ID from node state using the value of <code>Risk Policy Set ID</code>.<br><br>This only applies if <code>Risk Policy Set ID</code> is set.<br><br>If a value corresponding to the key provided in \"Risk Policy Set ID\" can't be found, no value is sent to PingOne and the default risk policy is applied.", "propertyOrder" : 350, "type" : "boolean", "exampleValue" : "" }, "storeEvaluateResult" : { "title" : "Store Risk Evaluation", "description" : "Stores the risk evaluation response in node state under a key named <code>PingOneProtectEvaluationNode.RISK</code>.<br><br><em>Note</em>: The key is empty if the node is unable to retrieve a risk evaluation from PingOne.", "propertyOrder" : 1200, "type" : "boolean", "exampleValue" : "" }, "dynamicTargetResourceName" : { "title" : "Use Node State Attribute For Target App Name", "description" : "Setting this to <code>true</code> instructs the node to get the target application name from node state using the value of <code>Target App Name</code>. <br><br> This only applies if <code>Target App Name</code> is set.", "propertyOrder" : 270, "type" : "boolean", "exampleValue" : "" }, "pingOneWorker" : { "title" : "PingOne Worker Service ID", "description" : "The ID of the PingOne worker service for connecting to PingOne.", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" }, "username" : { "title" : "Node State Attribute For Username", "description" : "The node state variable that contains the <code>user.name</code> value to send to PingOne Protect. <br><br>If left blank, the node uses the current context <code>Username</code> as the user.name.", "propertyOrder" : 1100, "type" : "string", "exampleValue" : "" }, "riskPolicySetID" : { "title" : "Risk Policy Set ID", "description" : "The ID of the risk policy set.<br><br>If not specified, the environment's default risk policy set is used.<br><br>If you enable \"Targeted Policies Evaluation\", this value is ignored.<br><br>If you enable \"Use Node State Attribute For Risk Policy Set ID\", the node uses this value as a key to retrieve the required value from node state. Otherwise, the node uses the literal value provided in this field.", "propertyOrder" : 300, "type" : "string", "exampleValue" : "" }, "deviceExternalId" : { "title" : "Node State Attribute For Device External ID", "description" : "The node state variable that contains an external device ID to send to PingOne Protect in the evaluation request. <br><br>This property lets you send a custom device ID to PingOne Protect in addition to the device ID provided by the Signals SDK.", "propertyOrder" : 1400, "type" : "string", "exampleValue" : "" }, "userId" : { "title" : "Node State Attribute For User ID", "description" : "The node state variable that contains the <code>user.id</code> value to send to PingOne Protect. <br><br>If left blank, the node uses the current context <code>UserId</code> as the user.id.", "propertyOrder" : 1000, "type" : "string", "exampleValue" : "" }, "targetedPoliciesEvaluation" : { "title" : "Targeted Policies Evaluation", "description" : "If enabled, the risk evaluation uses the targeted policies defined in the PingOne user environment rather than a specific policy.", "propertyOrder" : 360, "type" : "boolean", "exampleValue" : "" }, "userGroups" : { "title" : "Node State Attribute For User Groups", "description" : "The node state variable that contains the list of group names to send to PingOne Protect. <br><br>If left blank, the node sends the user groups from the current context identity.", "propertyOrder" : 1110, "type" : "string", "exampleValue" : "" }, "scoreThreshold" : { "title" : "Score Threshold", "description" : "Scoring higher than this value results in evaluation continuing along the <strong>Exceeds Score Threshold</strong> outcome.", "propertyOrder" : 700, "type" : "string", "exampleValue" : "" }, "sessionId" : { "title" : "Node State Attribute For Event Session ID", "description" : "The node state variable that contains the Session ID to use in the risk evaluation event sent to PingOne Protect. <br><br>This session ID is used to help track requests sent to PingOne. If left blank, the PingAM audit tracking ID for the session is used.", "propertyOrder" : 1500, "type" : "string", "exampleValue" : "" }, "customAttributes" : { "title" : "Node State Attribute For Custom Attributes", "description" : "The node state variable that contains the custom attributes map for PingOne Protect. <br><br>If left blank, no custom attributes are sent in the request.", "propertyOrder" : 1300, "type" : "string", "exampleValue" : "" }, "recommendedActions" : { "title" : "Recommended Actions", "description" : "A list of recommended actions the risk evaluation could return. Each entry in the list becomes a node outcome. If the score does not exceed the threshold and a recommended action is present in the evaluation, the journey continues down the matching entry in this list.", "propertyOrder" : 800, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "nodeStateAttributeForSubtype" : { "title" : "Node State Attribute For Flow Subtype", "description" : "The node state attribute containing the flow subtype for which the risk evaluation is being carried out.If set, this value takes precedence over the <code>Authentication Flow Subtype</code> and <code>Authorization Flow Subtype</code>.", "propertyOrder" : 430, "type" : "string", "exampleValue" : "" }, "authorizationFlowSubtype" : { "title" : "Authorization Flow Subtype", "description" : "If it's an AUTHORIZATION flow, the flow subtype for which the risk evaluation is being carried out.If <code>Node State Attribute For Flow Subtype</code> is set, that value takes precedence.", "propertyOrder" : 420, "type" : "string", "exampleValue" : "" }, "authenticationFlowSubtype" : { "title" : "Authentication Flow Subtype", "description" : "If it's an AUTHENTICATION flow, the flow subtype for which the risk evaluation is being carried out.If <code>Node State Attribute For Flow Subtype</code> is set, that value takes precedence.", "propertyOrder" : 410, "type" : "string", "exampleValue" : "" }, "deviceSharingType" : { "title" : "Device Sharing Type", "description" : "Whether the device is shared between users or not. <br><br>Choose from <code>UNSPECIFIED</code>, <code>SHARED</code>, or <code>PRIVATE</code>.", "propertyOrder" : 500, "type" : "string", "exampleValue" : "" }, "targetResourceID" : { "title" : "Target App ID", "description" : "The ID of the target application.<br><br>If you enable \"Use Node State Attribute For Target App ID\", the node uses this value as a key to retrieve the required value from node state. Otherwise, the node uses the literal value provided in this field.", "propertyOrder" : 200, "type" : "string", "exampleValue" : "" }, "targetResourceName" : { "title" : "Target App Name", "description" : "The name of the target application. This is only used if <code>Target App ID</code> is set.<br><br>If you enable \"Use Node State Attribute For Target App Name\", the node uses this value as a key to retrieve the required value from node state. Otherwise, the node uses the literal value provided in this field.", "propertyOrder" : 260, "type" : "string", "exampleValue" : "" }, "pauseBehavioralData" : { "title" : "Pause Behavioral Data", "description" : "After receiving the device signal, instruct the client to pause collecting behavioral data.", "propertyOrder" : 900, "type" : "boolean", "exampleValue" : "" }, "flowType" : { "title" : "Flow Type", "description" : "The type of flow or event for which the risk evaluation is being carried out. Choose from: <ul><li><code>REGISTRATION</code> - initial registration of an account</li><li><code>AUTHENTICATION</code> - standard authentication for login or actions such as password change</li><li><code>ACCESS</code> - verification of whether user can access the relevant application</li><li><code>AUTHORIZATION</code> - verification of whether user is authorized to perform a specific action such as a profile change</li><li><code>TRANSACTION</code> - authentication carried out in the context of a purchase or other one-time transaction</li></ul>", "propertyOrder" : 400, "type" : "string", "exampleValue" : "" }, "dynamicTargetResourceID" : { "title" : "Use Node State Attribute For Target App ID", "description" : "Setting this to <code>true</code> instructs the node to get the target application ID from node state using the value of <code>Target App ID</code>. <br><br> This only applies if <code>Target App ID</code> is set.", "propertyOrder" : 250, "type" : "boolean", "exampleValue" : "" } }, "required" : [ "dynamicRiskPolicySetID", "storeEvaluateResult", "dynamicTargetResourceName", "pingOneWorker", "targetedPoliciesEvaluation", "scoreThreshold", "recommendedActions", "authorizationFlowSubtype", "authenticationFlowSubtype", "deviceSharingType", "pauseBehavioralData", "flowType", "dynamicTargetResourceID" ] }