Financial Services

OOTB - Financial Services - Threat Detection - Subflow

The OOTB - Financial Services - Threat Detection - Subflow uses PingOne Protect to provide a risk assessment of the current user.

Purpose

The OOTB - Financial Services - Threat Detection - Subflow passes user information to PingOne Protect to perform a risk assessment. The assessment results are made available to other flows.

Structure

This flow is divided into sections using teleport nodes:

Detect Threat using PingOne Protect

A function node verifies that the username, flow type, and skriskcomponent are all present. If all values are present, a PingOne Protect node creates a risk evaluation. A function node then checks if a new device was found.

If a new device was found, function nodes check if the user’s account is pre-existing and enabled. If both conditions are met, a PingOne node notifies the user of the new device.

Regardless of whether a new device was found, a comparison node checks whether a bot, adversary-in-the-middle (AITM), or disposable email was detected.

  • If none were detected, function nodes verify that either the user ID is not known or that the user’s account is enabled. The flow then progresses to the Return Success section.

  • If any were detected, the flow progresses to the Disable User And Return Error If BOT/AITM/Disposable Mail Detected section.

Disable User And Return Error If BOT/AITM/Disposable Mail Detected

Function nodes verify that the flow type passed to PingOne Protect was not registration and that the user is active. If these conditions are met, PingOne nodes disable the user and notify the user with an email.

Return Success

Sends a JSON success message.

Return Error

Uses a function node to enrich the error details, then sends a JSON error message. If the PingOne Protect evaluation ID isn’t present, a PingOne Protect node updates the PingOne Protect risk evaluation to Failed.

Input schema

This flow has the following inputs:

Input name Required Description

skriskcomponent

Yes

The SKRisk component to be used in the risk evaluation.

p1UserId

No

The user ID to be passed to PingOne Protect.

p1UserName

Yes

The username to be evaluated by PingOne Protect.

p1UserEmail

No

The user email to be passed to PingOne Protect.

p1ProtectRiskPolicyId

No

The risk policy ID to be passed to PingOne Protect. If it isn’t provided, the default risk policy is used.

flowType

Yes

The flow type to be passed to PingOne Protect.

ipAddress

Yes

The user IP address to be passed to PingOne Protect.

isAccountEnabled

No

A Boolean indicating whether the user’s account is enabled.

applicationID

No

The application ID to be passed to PingOne Protect.

sessionID

No

The session ID to be passed to PingOne Protect.

customAttributes

No

Any custom PingOne attributes to be passed to PingOne Protect.

userAgent

No

The PingOne Protect user agent.

usercookie

No

The PingOne Protect user cookie.

Output schema

This flow has the following outputs:

Output name Description

protectRiskEvalID

The risk ID of the current user as used by PingOne Protect.

protectActivityState

The user’s state or province, as determined by PingOne Protect.

protectActivityCity

The user’s city, as determined by PingOne Protect.

protectDeviceStatus

The status of the user’s device as determined by PingOne Protect.

protectPredictor

The action recommended by PingOne Protect.

protectRiskLevel

The risk level of the current user as determined by PingOne Protect.

errorMessage

The error message returned by the flow. Sent only if the flow progressed to the Return Error section.

errorDetails

The detailed error information returned by the flow. Sent only if the flow progressed to the Return Error section.

Variables and parameters

This flow does not directly use any variable or parameter values.