OOTB - Financial Services - Threat Detection - Subflow
The OOTB - Financial Services - Threat Detection - Subflow uses PingOne Protect to provide a risk assessment of the current user.
Purpose
The OOTB - Financial Services - Threat Detection - Subflow passes user information to PingOne Protect to perform a risk assessment. The assessment results are made available to other flows.
Structure
This flow is divided into sections using teleport nodes:
- Detect Threat using PingOne Protect
-
A function node verifies that the username, flow type, and
skriskcomponent
are all present. If all values are present, a PingOne Protect node creates a risk evaluation. A function node then checks if a new device was found.If a new device was found, function nodes check if the user’s account is pre-existing and enabled. If both conditions are met, a PingOne node notifies the user of the new device.
Regardless of whether a new device was found, a comparison node checks whether a bot, adversary-in-the-middle (AITM), or disposable email was detected.
-
If none were detected, function nodes verify that either the user ID is not known or that the user’s account is enabled. The flow then progresses to the Return Success section.
-
If any were detected, the flow progresses to the Disable User And Return Error If BOT/AITM/Disposable Mail Detected section.
-
- Disable User And Return Error If BOT/AITM/Disposable Mail Detected
-
Function nodes verify that the flow type passed to PingOne Protect was not
registration
and that the user is active. If these conditions are met, PingOne nodes disable the user and notify the user with an email. - Return Success
-
Sends a JSON success message.
- Return Error
-
Uses a function node to enrich the error details, then sends a JSON error message. If the PingOne Protect evaluation ID isn’t present, a PingOne Protect node updates the PingOne Protect risk evaluation to
Failed
.
Input schema
This flow has the following inputs:
Input name | Required | Description |
---|---|---|
|
Yes |
The |
|
No |
The user ID to be passed to PingOne Protect. |
|
Yes |
The username to be evaluated by PingOne Protect. |
|
No |
The user email to be passed to PingOne Protect. |
|
No |
The risk policy ID to be passed to PingOne Protect. If it isn’t provided, the default risk policy is used. |
|
Yes |
The flow type to be passed to PingOne Protect. |
|
Yes |
The user IP address to be passed to PingOne Protect. |
|
No |
A Boolean indicating whether the user’s account is enabled. |
|
No |
The application ID to be passed to PingOne Protect. |
|
No |
The session ID to be passed to PingOne Protect. |
|
No |
Any custom PingOne attributes to be passed to PingOne Protect. |
|
No |
The PingOne Protect user agent. |
|
No |
The PingOne Protect user cookie. |
Output schema
This flow has the following outputs:
Output name | Description |
---|---|
|
The risk ID of the current user as used by PingOne Protect. |
|
The user’s state or province, as determined by PingOne Protect. |
|
The user’s city, as determined by PingOne Protect. |
|
The status of the user’s device as determined by PingOne Protect. |
|
The action recommended by PingOne Protect. |
|
The risk level of the current user as determined by PingOne Protect. |
|
The error message returned by the flow. Sent only if the flow progressed to the Return Error section. |
|
The detailed error information returned by the flow. Sent only if the flow progressed to the Return Error section. |