--- title: CIAM-Passwordless-Protect-Threat-Detection-Subflow description: The CIAM-Passwordless-Protect-Threat-Detection-Subflow uses PingOne Protect to provide a risk assessment of the current user. component: pingone-solutions page_id: pingone-solutions:pingone-customers-passwordless:flow_reference/ciam_passwordless_ciam_p1_protect_threat_detection canonical_url: https://docs.pingidentity.com/pingone-solutions/pingone-customers-passwordless/flow_reference/ciam_passwordless_ciam_p1_protect_threat_detection.html revdate: July 22, 2024 section_ids: purpose: Purpose structure: Structure input-schema: Input schema output-schema: Output schema variables-and-parameters: Variables and parameters --- # CIAM-Passwordless-Protect-Threat-Detection-Subflow The CIAM-Passwordless-Protect-Threat-Detection-Subflow uses PingOne Protect to provide a risk assessment of the current user. ## Purpose The CIAM-Passwordless-Protect-Threat-Detection-Subflow passes user information to PingOne Protect to perform a risk assessment. The assessment results are made available to other flows. ## Structure This flow has a single section. * **Detect Threat using PingOne** A function node verifies that the username, flow type, and `skriskcomponent` are all present. If any of these values are missing, the flow displays an HTML error screen. If all values are present, a PingOne Protect node performs a risk and bot evaluation. If the evaluation fails, the flow displays an error message. If the evaluation succeeds, a comparison node checks to see if the recommended action includes a bot, adversary in the middle, or temporary email mitigation response. If so, the flow returns a JSON error response. If not, the flow returns a JSON success response. ## Input schema This flow has the following inputs: | Input name | Required | Description | | ------------------ | -------- | -------------------------------------------------------------- | | `skriskcomponent` | Yes | The `SKRisk` component to be used in the risk evaluation. | | `userName` | Yes | The user name to be evaluated by PingOne Protect. | | `flowType` | Yes | The flow type to be passed to PingOne Protect. | | `ipAddress` | Yes | The user IP address to be passed to PingOne Protect. | | `userID` | No | The user ID to be passed to PingOne Protect. | | `applicationID` | No | The application ID to be passed to PingOne Protect. | | `sessionID` | No | The session ID to be passed to PingOne Protect. | | `riskPolicyID` | No | The risk policy ID to be passed to PingOne Protect. | | `customAttributes` | No | Any custom PingOne attributes to be passed to PingOne Protect. | | `userAgent` | No | The PingOne Protect user agent. | | `usercookie` | No | The PingOne Protect user cookie. | ## Output schema This flow has the following outputs: | Output name | Description | | -------------------------- | -------------------------------------------------------------------- | | `ciam_subflowResult` | The result status of the flow. | | `ciam_protectPredictor` | The action recommended by PingOne Protect. | | `ciam_protectDeviceStatus` | The status of the user's device as determined by PingOne Protect. | | `ciam_protectRiskID` | The risk ID of the current user as used by PingOne Protect. | | `ciam_protectRiskLevel` | The risk level of the current user as determined by PingOne Protect. | ## Variables and parameters This flow uses the following variable or parameter values: | Variable name | Parameter name | Description | | -------------------------- | -------------- | -------------------------------------------------------------------- | | `ciam_protectPredictor` | None | The recommendation made by PingOne Protect. | | `ciam_protectDeviceStatus` | None | The status of the user's device as determined by PingOne Protect. | | `ciam_protectRiskID` | None | The risk ID of the current user as used by PingOne Protect. | | `ciam_protectRiskLevel` | None | The risk level of the current user as determined by PingOne Protect. | | `ciam_protectRiskSDK` | None | The PingOne Protect SDK initialization value. |