--- title: Healthcare - CSR Help Desk - Main Flow description: Learn about the Healthcare - CSR Help Desk - Main Flow flow, including its purpose, structure, inputs, outputs, and variables. component: pingone-solutions page_id: pingone-solutions:healthcare:flow-reference/healthcare-csr-help-desk-main-flow canonical_url: https://docs.pingidentity.com/pingone-solutions/healthcare/flow-reference/healthcare-csr-help-desk-main-flow.html revdate: September 1, 2025 section_ids: purpose: Purpose structure: Structure input-schema: Input schema output-schema: Output schema variables-and-parameters: Variables and parameters --- # Healthcare - CSR Help Desk - Main Flow The **Healthcare - CSR Help Desk - Main Flow** lets a customer service representative assist a customer in changing their password or regaining account access. ## Purpose The **Healthcare - CSR Help Desk - Main Flow** presents lets a customer service representative assist users with a variety of account management tasks. The CSR enters the user's email address, then the flow verifies the user's identity using the **Healthcare - CSR Help Desk - Verify User Magic Link Authentication - Subflow**. The CSR is then presented with multiple account management options: * Enable the user's account using the **Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow**. * Reset the user's password using the **Healthcare - CSR Help Desk - Password reset Magic Link - Subflow**. * Disable the user's account using the **Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow**. ## Structure This flow is divided into sections using teleport nodes: * **Flow Configuration** Uses multiple function nodes to save the variable and parameter values so that the correct values are available in the flow and in subflows. The flow then progresses to the **CSR Flow for Verification** section. * **CSR Flow for Verification** Uses an HTML node to request a username, then uses a PingOne node to look up the user. If the user has a configured email address, the flow progresses to the **Check if some MFA device is registered for user and can be used** section. When this section completes, the **Healthcare - CSR Help Desk - Verify User Magic Link Authentication - Subflow** is invoked. When the subflow completes, a success message is displayed and the user ID is saved as a variable. The flow then progresses to the **User Account management** section. * **User Account management** Invokes the **Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow**. When the subflow completes, a function node adjusts the date format, then an HTML node presents a form with the account management options: * If the agent selects **Disable**, the **Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow** is invoked with the `disableUser` action. If the subflow completes successfully, a success message displays, then the flow returns to the beginning of the **User Account management** section. * If the agent selects **Reset**, the **Healthcare - CSR Help Desk - Password reset Magic Link - Subflow** is invoked. If the subflow completes successfully, a success message appropriate to the subflow completion status displays, then the flow returns to the beginning of the **User Account management** section. * If the agent selects **Enable**, the **Healthcare - CSR Help Desk - Active Directory - User Functions API - Subflow** is invoked with the `enableUser` action. If the subflow completes successfully, a success message displays, then the flow returns to the beginning of the **User Account management** section. * If the agent selects **Back**, the flow progresses to the **CSR Flow for Verification** section. * **Check if some MFA device is registered for user and can be used** Uses a PingOne MFA node to read the user's devices, then uses a hidden HTML node to check if the user's browser is compatible with WebAuthn. Function nodes then filter the user's usable devices and verify that the user has at least one active device. The flow then returns to the **CSR Flow for Verification** section. * **Return Error** Uses a function node to enrich the error details, then sends an error JSON response indicating that the flow completed unsuccessfully. ## Input schema This flow has no inputs. ## Output schema This flow has the following outputs: | Output name | Description | | -------------- | ---------------------------------------------------- | | `errorMessage` | The error message to display in the parent flow. | | `errorDetails` | The details of the error that occurred in this flow. | ## Variables and parameters This flow uses the following variable or parameter values: | Variable name | Description | | ------------------------------ | -------------------------------------------------------------------------------------------------------------- | | `flowCompanyLogo` | The URL for your company logo. | | `p1MFAPolicyId` | The ID of the PingOne MFA policy to use in the flow. | | `p1AgreementId` | The ID of the agreement to present to users. | | `p1RiskPolicyIdAuthn` | The PingOne risk policy ID to use for authentication. | | `p1RiskPolicyIdAR` | The PingOne risk policy ID to use for account recovery. | | `p1RiskPolicyIdReg` | The PingOne risk policy ID to use for registration. | | `protectRiskEvalId` | The risk ID of the current user as used by PingOne Protect. | | `authMethod` | The authentication method used in the flow. | | `flowProtectAnalysisRequired` | Indicates whether a PingOne Protect analysis must be performed for all users. | | `ciam_accountRecoveryEnabled` | A Boolean that controls whether account recovery is enabled in your environment. | | `ciam_appleEnabled` | Indicates whether authentication through Apple is enabled in your environment. | | `ciam_facebookEnabled` | Indicates whether authentication through Facebook is enabled in your environment. | | `ciam_googleEnabled` | Indicates whether authentication through Google is enabled in your environment. | | `ciam_magicLinkEnabled` | Indicates whether magic link authentication is enabled. | | `ciam_agreementEnabled` | Indicates whether the agreement is required. | | `ciam_protectAnalysisRequired` | Indicates whether PingOne Protect analysis is required. | | `ciam_logoUrl` | The URL for your company logo.This value is used only when the flow is launched with a redirect. | | `ciam_companyName` | Displays the name of your company.This value is used only when the flow is launched with a redirect. | | `ciam_logoStyle` | The HTML style to use for your company logo.This value is used only when the flow is launched with a redirect. | | `ciam_requireMFA` | A Boolean that controls whether MFA enrollment is required for all users. | | `flowRequireMFA` | A Boolean that indicates whether MFA enrollment is required for all users in the current flow. | | `flowMethod` | The method used to launch the flow. |