PingOne Solution Packs

Healthcare - CSR Help Desk - Main Flow

The Healthcare - CSR Help Desk - Main Flow lets a customer service representative assist a customer in changing their password or regaining account access.

Purpose

The Healthcare - CSR Help Desk - Main Flow presents lets a customer service representative assist users with a variety of account management tasks. The CSR enters the user’s email address, then the flow verifies the user’s identity using the Healthcare - CSR Help Desk - Verify User Magic Link Authentication - Subflow.

The CSR is then presented with multiple account management options:

  • Enable the user’s account using the Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow.

  • Reset the user’s password using the Healthcare - CSR Help Desk - Password reset Magic Link - Subflow.

  • Disable the user’s account using the Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow.

Structure

This flow is divided into sections using teleport nodes:

Flow Configuration

Uses multiple function nodes to save the variable and parameter values so that the correct values are available in the flow and in subflows. The flow then progresses to the CSR Flow for Verification section.

CSR Flow for Verification

Uses an HTML node to request a username, then uses a PingOne node to look up the user. If the user has a configured email address, the flow progresses to the Check if some MFA device is registered for user and can be used section. When this section completes, the Healthcare - CSR Help Desk - Verify User Magic Link Authentication - Subflow is invoked.

When the subflow completes, a success message is displayed and the user ID is saved as a variable. The flow then progresses to the User Account management section.

User Account management

Invokes the Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow. When the subflow completes, a function node adjusts the date format, then an HTML node presents a form with the account management options:

  • If the agent selects Disable, the Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow is invoked with the disableUser action. If the subflow completes successfully, a success message displays, then the flow returns to the beginning of the User Account management section.

  • If the agent selects Reset, the Healthcare - CSR Help Desk - Password reset Magic Link - Subflow is invoked. If the subflow completes successfully, a success message appropriate to the subflow completion status displays, then the flow returns to the beginning of the User Account management section.

  • If the agent selects Enable, the Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow is invoked with the enableUser action. If the subflow completes successfully, a success message displays, then the flow returns to the beginning of the User Account management section.

  • If the agent selects Back, the flow progresses to the CSR Flow for Verification section.

Check if some MFA device is registered for user and can be used

Uses a PingOne MFA node to read the user’s devices, then uses a hidden HTML node to check if the user’s browser is compatible with WebAuthn. Function nodes then filter the user’s usable devices and verify that the user has at least one active device. The flow then returns to the CSR Flow for Verification section.

Return Error

Uses a function node to enrich the error details, then sends an error JSON response indicating that the flow completed unsuccessfully.

Input schema

This flow has no inputs.

Output schema

This flow has the following outputs:

Output name Description

errorMessage

The error message to display in the parent flow.

errorDetails

The details of the error that occurred in this flow.

Variables and parameters

This flow uses the following variable or parameter values:

Variable name Description

flowCompanyLogo

The URL for your company logo.

p1MFAPolicyId

The ID of the PingOne MFA policy to use in the flow.

p1AgreementId

The ID of the agreement to present to users.

p1RiskPolicyIdAuthn

The PingOne risk policy ID to use for authentication.

p1RiskPolicyIdAR

The PingOne risk policy ID to use for account recovery.

p1RiskPolicyIdReg

The PingOne risk policy ID to use for registration.

protectRiskEvalId

The risk ID of the current user as used by PingOne Protect.

authMethod

The authentication method used in the flow.

flowProtectAnalysisRequired

Indicates whether a PingOne Protect analysis must be performed for all users.

ciam_accountRecoveryEnabled

A Boolean that controls whether account recovery is enabled in your environment.

ciam_appleEnabled

Indicates whether authentication through Apple is enabled in your environment.

ciam_facebookEnabled

Indicates whether authentication through Facebook is enabled in your environment.

ciam_googleEnabled

Indicates whether authentication through Google is enabled in your environment.

ciam_magicLinkEnabled

Indicates whether magic link authentication is enabled.

ciam_agreementEnabled

Indicates whether the agreement is required.

ciam_protectAnalysisRequired

Indicates whether PingOne Protect analysis is required.

ciam_logoUrl

The URL for your company logo.

This value is used only when the flow is launched with a redirect.

ciam_companyName

Displays the name of your company.

This value is used only when the flow is launched with a redirect.

ciam_logoStyle

The HTML style to use for your company logo.

This value is used only when the flow is launched with a redirect.

ciam_requireMFA

A Boolean that controls whether MFA enrollment is required for all users.

flowRequireMFA

A Boolean that indicates whether MFA enrollment is required for all users in the current flow.

flowMethod

The method used to launch the flow.