--- title: Gift Card Redemption - Update Email & Redeem Rewards - Main Flow description: The Gift Card Redemption - Update Email & Redeem Rewards - Main Flow lets users update their email addresses and redeem rewards. component: pingone-solutions page_id: pingone-solutions:gift-card-auth:flow_reference/gift_card_update_email_redeem_rewards_main_flow canonical_url: https://docs.pingidentity.com/pingone-solutions/gift-card-auth/flow_reference/gift_card_update_email_redeem_rewards_main_flow.html revdate: January 1, 2025 section_ids: purpose: Purpose structure: Structure input-schema: Input schema output-schema: Output schema variables-and-parameters: Variables and parameters --- # Gift Card Redemption - Update Email & Redeem Rewards - Main Flow The Gift Card Redemption - Update Email & Redeem Rewards - Main Flow lets users update their email addresses and redeem rewards. ## Purpose The Gift Card Redemption - Update Email & Redeem Rewards - Main Flow is the initial flow in the Gift Card solution. It performs a PingOne Protect assessment using the **Gift Card Redemption - Threat Detection - Subflow** and enables users to sign on. It then presents users with forms that let them update their email address or redeem rewards. ## Structure This flow is divided into sections using teleport nodes: * **Flow Configuration** Uses multiple function nodes to save the variable and parameter values so that the correct values are available in the flow and in subflows. The flow then progresses to the **Check Session, Call To Protect Analysis & MFA Step-Up** section. * **Check Session, Call To Protect Analysis & MFA Step-Up** Uses a PingOne node to determine whether the user has an existing session. If the user has a session, a hidden HTML node captures risk information and a PingOne node fetches additional user information, then the flow progresses to the **Threat Detection and Mitigation** section. When this section completes, a function node checks if the user's account is enabled, and if so, the flow progresses to the **Manage Account: Prompt User To Update Email / Redeem Rewards and step-up with MFA based on risk level** section. If the user does not have a session, the flow checks for any existing session tokens and uses a PingOne node to delete the prior session before invoking the **Gift Card Redemption - SignOn - Subflow** with the `disableAccountRegistrationButton`, `disableAccountRecoveryButton`, and `disableSocialRegistrationButton` values set to `true`. When the subflow completes, a function node saves the protect risk level and a PingOne node creates a session for the user. A loading screen is displayed for the user, then a PingOne node retrieves user information. The flow then progresses to the **Manage Account: Prompt User To Update Email / Redeem Rewards and step-up with MFA based on risk level** section. * **Threat Detection & Mitigation** Uses a function node to check whether PingOne Protect analysis is required. If PingOne Protect analysis isn't required, the flow returns to the **Check Session, Call To Protect Analysis & MFA Step-Up** section. If PingOne Protect analysis is required, the flow invokes the **Gift Card Redemption - Threat Detection - Subflow**. If the **Gift Card Redemption - Threat Detection - Subflow** completes successfully, a function node stores the risk evaluation as a variable, then a second function node branches the flow based on the risk level: * If the risk level is low, the flow returns to the **Check Session, Call To Protect Analysis & MFA Step-Up** section. * If the risk level is medium, the flow progresses to the **MFA Authentication** section. When this section completes, the flow returns to the **Check Session, Call To Protect Analysis & MFA Step-Up** section. * If the risk level is high, a function nodes checks if the high risk was the result of a new device. If not, a PingOne node notifies the user of the suspicious activity. A PingOne node deletes the user session. The flow then progresses to the **Check Session, Call To Protect Analysis & MFA Step-Up** section. If the **Gift Card Redemption - Threat Detection - Subflow** completes unsuccessfully, a function node stores the risk evaluation ID and an error message is displayed. * **MFA Authentication** A PingOne node retrieves the user's existing devices, and a hidden HTML node gathers information about biometrics and security keys. Function nodes then filter the user's active devices and verify that the user has at least one active device. If the devices could not be filtered or if the user has no active devices, the flow progresses to the **Step Up To Register Email MFA Device, If No MFA Devices Found During Authentication** section. If the user has active devices, the **Gift Card Redemption - Device Authentication - Subflow** is invoked. The flow then splits by the subflow result. * If the **Gift Card Redemption - Device Authentication - Subflow** completed successfully, a function node stores the authentication method as a variable. The flow then returns to the previous section. * If the **Gift Card Redemption - Device Authentication - Subflow** was canceled, the flow returns to the previous section. * **Step Up To Register Email MFA Device, If No MFA Devices Found During Authentication** A function node checks whether verification is required for the account. If verification is not required, the **Gift Card Redemption - Device Registration - Subflow** is invoked. The flow then splits based on the subflow result. * If the subflow completed successfully, the authentication method is stored as a variable, then the flow returns to the **MFA Authentication** section. * If the user canceled, the flow returns to the **Manage Account: Prompt User To Update Email / Redeem Rewards and step-up with MFA based on risk level** section if that was the previous section. If verification is required, the **Gift Card Redemption - Verify Email - Subflow** is invoked. If the subflow completes successfully, PingOne nodes enroll email as an MFA device and enable MFA for the user. A function node stores the authentication method as a variable, then the flow returns to the **MFA Authentication** section. * **Manage Account: Prompt User To Update Email / Redeem Rewards and step-up with MFA based on risk level** An HTML page presents the user with a choice of updating their email or redeeming rewards. If risk mitigation is required, a function node examines the PingOne Protect risk level. If the risk level is low, a PingOne node updates the risk evaluation if the risk evaluation ID is known. If the risk level is medium or high, the flow progresses to the **Step Up To Register Email MFA Device, If No MFA Devices Found During Authentication** section. The flow then progresses to the **Update Email** section or the **Redeem Rewards** section depending on the user's selection. * **Update Email** Uses a PingOne node to look up the user, then displays an email update form. The flow then branches based on the user's selection. If the user cancels, the flow returns to the **Manage Account: Prompt User To Update Email / Redeem Rewards and step-up with MFA based on risk level** section. If the user submits an email, function nodes verify that the new email is valid and that the current email matches the user's profile email. PingOne nodes then verify that the new email is not used by another user before updating the user's email address. The **Gift Card Redemption - Verify Email - Subflow** is then invoked. If the subflow completes successfully, a success message is displayed, then the flow returns to the **Manage Account: Prompt User To Update Email / Redeem Rewards and step-up with MFA based on risk level** section. * **Redeem Rewards** Uses a PingOne node to look up the user, then displays a reward redemption form. The flow then branches based on the user's selection. If the user cancels, the flow returns to the **Manage Account: Prompt User To Update Email / Redeem Rewards and step-up with MFA based on risk level** section. If the user proceeds, a function node calculates the user's remaining balance, then a PingOne node updates the user's balance. A success message displays, showing the user's updated balance, then the flow returns to the **Manage Account: Prompt User To Update Email / Redeem Rewards and step-up with MFA based on risk level** section. * **Return Success** Sends a success response, indicating that the flow completed successfully. If the risk evaluation ID is present and the user did not cancel, a PingOne node also updates the evaluation status. * **Return Error** Displays an error screen and sends an error JSON response, indicating that the flow completed unsuccessfully. If the risk evaluation ID is present, a PingOne node also updates the evaluation status. ## Input schema This flow has the following inputs: | Input Name | Required | Description | | ---------------- | -------- | ------------------------------------------------------------------------------------------------------------------------- | | `flowParameters` | No | An object containing parameters passed in if the flow was launched with the widget. This input replaces all other inputs. | ## Output schema This flow has the following outputs: | Output name | Description | | -------------- | ---------------------------------------------------------------------------------------------------------------------- | | `p1UserId` | The user ID of the current user. | | `flowResult` | The result status of the flow. | | `errorMessage` | The error message returned by the flow. Sent only if the flow progressed to the **Return Error** section. | | `errorDetails` | The detailed error information returned by the flow. Sent only if the flow progressed to the **Return Error** section. | ## Variables and parameters This flow uses the following variable or parameter values. | Variable name | Description | | ----------------------------- | -------------------------------------------------------------------------------------------------------------- | | `flowCompanyLogo` | The URL for your company logo. | | `p1MFAPolicyId` | The ID of the PingOne MFA policy to use in the flow. | | `p1AgreementId` | The ID of the agreement to present to users. | | `p1RiskPolicyIdAuthn` | The PingOne risk policy ID to use for authentication. | | `p1RiskPolicyIdAR` | The PingOne risk policy ID to use for account recovery. | | `p1RiskPolicyIdAuthZ` | The PingOne risk policy ID to use for authorization. | | `p1RiskPolicyIdReg` | The PingOne risk policy ID to use for registration. | | `protectRiskEvalId` | The risk ID of the current user as used by PingOne Protect. | | `protectRiskLevel` | The risk level of the current user as determined by PingOne Protect. | | `authMethod` | The authentication method used in the flow. | | `flowProtectAnalysisRequired` | Indicates whether a PingOne Protect analysis must be performed for all users. | | `ciam_magicLinkEnabled` | Indicates whether magic link authentication is enabled. | | `ciam_agreementEnabled` | Indicates whether the agreement is required. | | `ciam_logoUrl` | The URL for your company logo.This value is used only when the flow is launched with a redirect. | | `ciam_companyName` | Displays the name of your company.This value is used only when the flow is launched with a redirect. | | `ciam_logoStyle` | The HTML style to use for your company logo.This value is used only when the flow is launched with a redirect. | | `ciam_sessionLengthInMinute` | The maximum time a user can spend in the flow before it times out. |