--- title: CIAM Plus With Protect - Profile Management - Basic Profile Management - Main Flow description: The CIAM Plus With Protect - Profile Management - Basic Profile Management - Main Flow flow lets users update their account information. component: pingone-solutions page_id: pingone-solutions:pingone-customers-plus:flow_reference/ciam_plus_ciam_profile_management_main canonical_url: https://docs.pingidentity.com/pingone-solutions/pingone-customers-plus/flow_reference/ciam_plus_ciam_profile_management_main.html revdate: June 28, 2024 section_ids: purpose: Purpose structure: Structure input-schema: Input schema output-schema: Output schema variables: Variables --- # CIAM Plus With Protect - Profile Management - Basic Profile Management - Main Flow The CIAM Plus With Protect - Profile Management - Basic Profile Management - Main Flow flow lets users update their account information. ## Purpose The CIAM Plus With Protect - Profile Management - Basic Profile Management - Main Flow flow presents users with an option to update their account information. The flow uses the **CIAM Plus With Protect - SignOn - Subflow** to let users sign on if they do not already have a session, and uses the **CIAM Plus With Protect - Threat Detection - Subflow** to perform a threat assessment. Users are then presented are presented with a form that enables them to change the name and address associated with their account. The flow uses PingOne nodes to make the changes to the account. ## Structure This flow is divided into sections using teleport nodes: * **Flow Configuration** Uses function nodes to set variables. Then, if agreement is required but no agreement ID is present, the flow progresses to the **Check Session, Call To Protect Analysis & MFA Step-Up** section. * **Check Session, Call To Protect Analysis & MFA Step-Up** Uses a PingOne node to check for a valid session: * If a session exists, a hidden HTML node captures risk information, then a PingOne node gathers additional information. The flow then progresses to the **Threat Detection & Mitigation** section. When this section completes, the flow progresses to the **MFA Authentication** section. When this section completes, the flow progresses to the **Update Profile** section. * If no session exists, a PingOne node deletes any existing session token, then the **CIAM Plus With Protect - SignOn - Subflow** is invoked. When the flow completes, a PingOne node creates or updates the session while a loading screen is displayed for the user. A PingOne node retrieves user information, then the flow progresses to the **MFA Authentication** section. When this section completes, the flow progresses to the **Update Profile** section. * **Threat Detection & Mitigation** Invokes the **CIAM Plus With Protect - Threat Detection - Subflow**. If the **CIAM Plus With Protect - Threat Detection - Subflow** completes successfully, a function node stores the risk evaluation as a variable, then a second function node branches the flow based on the risk level: * If the risk level is low, the flow returns to the previous section. * If the risk level is medium, the flow progresses to the **MFA Authentication** section. The flow then returns to the previous section. * If the risk level is high, a function node checks if the high risk was the result of a new device. If not, a PingOne node notifies the user. The flow then progresses to the **Return Error** section. If the **CIAM Plus With Protect - Threat Detection - Subflow** completes unsuccessfully, a function node stores the risk evaluation as a variable, then the flow progresses to the **Return Error** section. * **MFA Authentication** Uses a PingOne node to retrieve the user's devices, then uses a hidden HTML node to check for WebAuthn compatibility. A function node then checks if the user has at least one active device: * If the user has at least one active device, the **CIAM Plus With Protect - Device Authentication - Subflow** is invoked, a function node stores the authentication method as a variable, and the flow then returns to the previous section. * If the user has no active devices, the flow progresses to the **Step Up To Register Email MFA Device, If No MFA Devices Found During Authentication** section. * **Step Up To Register Email MFA Device, If No MFA Devices Found During Authentication** A comparison node checks whether email verification is required. If email verification is not required, invokes the **CIAM Plus With Protect - Device Registration - Subflow**, then a function node evaluates the device registration result: * If the device registration was completed, the authentication method is stored as a variable, and the flow returns to the **MFA Authentication** section. * If the device registration was skipped, the flow returns to the **MFA Authentication** section. If email verification is required, invokes the **CIAM Plus With Protect - Verify Email - Subflow**, then uses PingOne nodes to enroll email as a multi-factor authentication (MFA) *(tooltip: \
\

An electronic authentication method where a user is granted access only after presenting two or more verification factors for authentication.\

\
)* device and enable MFA for the user. A function node stores the user's authentication method as a variable, and the flow returns to the **MFA Authentication** section. * **Update Profile** Uses a PingOne node to find the user. The flow then presents users with a custom HTML form that lets them enter updated name and address information. When the user submits this information, function nodes determine whether a new address was submitted, then PingOne nodes update the user's information with or without the address. The flow displays a success message on the custom HTML form, then progresses to the **Return Success** section. * **Return Success** Sends a JSON success message. * **Return Error** Displays an error message, then sends a JSON error message. ## Input schema This flow has the following inputs: | Input Name | Required | Description | | ---------------- | -------- | ------------------------------------------------------------------------------------------------------------------------- | | `flowParameters` | No | An object containing parameters passed in if the flow was launched with the widget. This input replaces all other inputs. | ## Output schema This flow has the following outputs: | Output Name | Description | | -------------- | ---------------------------------------------------- | | `flowResult` | The result status of the flow. | | `p1UserId` | The user's PingOne user ID. | | `errorMessage` | The error message to display in the parent flow. | | `errorDetails` | The details of the error that occurred in this flow. | ## Variables This flow uses the following variables: | Variable name | Parameter name | Description | | ---------------------------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `ciam_logoStyle` | None | The HTML style to use for your company logo. | | `ciam_logoUrl` | None | The URL for your company logo. | | `ciam_companyName` | None | Displays the name of your company. | | `ciam_magicLinkEnabled` | `isEmailMagicLinkEnabled` | Indicates whether magic link is enabled in your environment. | | `ciam_agreementEnabled` | `isTermsOfServiceEnabled` | A boolean indicating whether agreement is enabled in your environment. | | `ciam_requireMFA` | None | A boolean that controls whether MFA enrollment is required for all users. | | `ciam_resendOtpLimit` | None | The maximum number of times a user can resend a one-time passcode (OTP) *(tooltip: \
\

A passcode valid for only one sign-on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.\

\
)*. | | `ciam_verificationLimit` | None | The maximum number of times a user can attempt to verify their email address. | | `ciam_sessionLengthInMinute` | None | The maximum allowed session length for a user in the flow. | | `ciam_otpFallbackAllowed` | None | A boolean indicating whether a user can fall back to an OTP if a mobile push request times out. | | `p1AgreementId` | None | The ID of the PingOne agreement to present to users. | | `p1RiskPolicyIdAuthn` | None | The PingOne risk policy ID to use for authentication. | | `protectRiskEvalId` | None | The risk evaluation ID returned by PingOne Protect. | | `p1RiskPolicyIdReg` | None | The PingOne risk policy ID to use for registration. | | `p1RiskPolicyIdAR` | None | The PingOne risk policy ID to use for account recovery. | | `flowCompanyLogo` | None | The company logo to use during the flow. | | `p1MFAPolicyId` | None | The PingOne MFA policy ID. | | `p1RiskPolicyIdAuthZ` | None | The PingOne risk policy ID to use for authorization. | | `authMethod` | None | The authentication method used by the user. |