--- title: Configuring flows in DaVinci description: After you configure PingOne and test the solution using the wizard, perform additional configuration in DaVinci to enable all features and make the flows available to end users. component: pingone-solutions page_id: pingone-solutions:pingone-customers-plus:getting_started/ciam_plus_configuring_flows_in_davinci canonical_url: https://docs.pingidentity.com/pingone-solutions/pingone-customers-plus/getting_started/ciam_plus_configuring_flows_in_davinci.html revdate: September 6, 2024 section_ids: steps: Steps example: Example: choose-from: Choose from: result: Result: result-2: Result: choose-from-2: Choose from: --- # Configuring flows in DaVinci After you configure PingOne and test the solution using the wizard, perform additional configuration in DaVinci to enable all features and make the flows available to end users. ## Steps 1. Enter or verify the values for each company variable that's used in the PingOne for Customers Plus solution. These variables determine whether some processes and subflows are included or excluded. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you plan to invoke the flow using the widget, you can pass in parameter values that override some of these variables. These parameters are described later in this procedure. | 1. In DaVinci, click the **Variables** tab. 2. Locate a variable and click the **Pencil** icon. 3. In the **Value** field, verify that the value is correct, or enter a new value for the variable. 4. Click **Update**. 5. Repeat steps b-d for each remaining variable. > **Collapse: Company variables** > > | Variable | Description | > | ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | `ciam_sessionLengthInMinute` | The maximum allowed session length for a user in the flow\.The default value is 5 minutes. | > | `ciam_appleEnabled` | A boolean that controls whether Apple is enabled as a social sign-on option.The default value is `true`. | > | `ciam_facebookEnabled` | A boolean that controls whether Facebook is enabled as a social sign-on option.The default value is `true`. | > | `ciam_googleEnabled` | A boolean that controls whether Google is enabled as a social sign-on option.The default value is `true`. | > | `ciam_otpFallbackAllowed` | A boolean indicating whether a user can fall back to a one-time passcode (OTP) *(tooltip: \
\

A passcode valid for only one sign-on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.\

\
)* if a mobile push request times out.The default value is `true`. | > | `ciam_endUserErrMsg` | A string that is displayed to the user in an error message if an unexpected error occurs.The default value is `An error occurred`. | > | `ciam_requireMFA` | A boolean that controls whether MFA is required for all users.The default value is `true`. | > | `ciam_resendOtpLimit` | The maximum number of times a user can resend a one-time passcode.The default value is `5`. | > | `ciam_passwordlessRequired` | A boolean that controls whether all end users must use passwordless authentication.The default value is `true`. | > | `ciam_magicLinkEnabled` | A boolean that controls whether magic links are enabled for your end users.The default value is `true`. | > | `ciam_logoUrl` | The URL for the version of your company logo to display in flows.The default value is `https://assets.pingone.com/ux/ui-library/5.0.2/images/logo-pingidentity.png`. | > | `ciam_logoStyle` | The CSS style to use for your company logo.The default value is `width: 65px; height:65px;`. | > | `ciam_companyName` | The name of your company as it should be displayed in user-facing text.The default value is `Ping Identity`. | > | `ciam_agreementEnabled` | A boolean that controls whether agreement is enabled in your environment.The default value is `true`. | > | `ciam_agreementId` | The ID of the agreement to present to users if agreement is enabled.This value was copied in the [Configuring PingOne](ciam_plus_configuring_p1.html) procedure. There is no default value. | > | `ciam_recoveryLimit` | The maximum number of times a user can attempt to recover an account.The default value is `5`. | > | `ciam_verificationLimit` | The maximum number of times a user can attempt to verify their email address.The default value is `5`. | > | `ciam_smsOtpEnabled` | A boolean that controls whether OTP using SMS is enabled in your environment.The default value is `true`. | > | `ciam_emailOtpEnabled` | A boolean that controls whether OTP using email is enabled in your environment.The default value is `true`. | > | `ciam_fidoPasskeyEnabled` | A boolean that controls whether Fast IDentity Online (FIDO) *(tooltip: \
\

A set of open technical specifications developed by the FIDO Alliance for strong authentication.\

\
)* passkey is enabled in your environment.The default value is `true`. | > | `ciam_accountRecoveryEnabled` | A boolean that controls whether account recovery is enabled in your environment.The default value is `true`. | > | `ciam_protectAnalysisRequired` | A boolean that controls whether PingOne Protect is used to evaluate the user.The default value is `true`. | 2. Verify the configuration of the following connectors in your environment: | Connector | Description | Connector documentation | | --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | | PingOne | Enables DaVinci to view and update PingOne user information. | [PingOne Connector](https://docs.pingidentity.com/connectors/p1_connector.html) | | PingOne MFA | Enables DaVinci to use the PingOne MFA service for multi-factor authentication (MFA) *(tooltip: \
\

An electronic authentication method where a user is granted access only after presenting two or more verification factors for authentication.\

\
)*. | [PingOne MFA Connector](https://docs.pingidentity.com/connectors/p1_mfa_connector.html) | | PingOne Notifications | Enables DaVinci flows to send users general communications using SMS, email, and voice message with PingOne's notifications feature. | [PingOne Notifications Connector](https://docs.pingidentity.com/connectors/p1_notifications_connector.html) | | PingOne Protect | Enables DaVinci flows to perform a threat assessment of the current user through PingOne Protect.If your environment does not include PingOne Protect, this connector is not required. | [PingOne Protect Connector](https://docs.pingidentity.com/connectors/p1_protect_connector.html) | 1. On the **Connectors** tab, find the connector that you want to verify and go to **…​ → Edit**. 2. Verify that the **Environment ID** and **Client ID** field values match your PingOne values. 3. If you have made any changes to the values, click **Apply**. 4. Repeat the previous steps for each remaining connector. 3. Configure the PingOne Authentication node. 1. Click **Flows**. 2. Select the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** and go to **…​ → Edit**. 3. In the **Return Success** section, click the **Return Success Response** node. 4. Verify that the **PingOne Application** list is set to **Use Application ID**. 5. In the **Application ID** field, enter the client ID from your PingOne application. 6. Click **Apply**. 7. Click **Save**. 4. If you want to use social sign-on, update the `skIdp` component in the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** flow to use your PingOne identity provider (IdP) *(tooltip: \
\

A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\

\
)*. 1. Click **Flows**. 2. Select the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** flow and go to **…​ → Edit**. 3. Click the **Password Sign On Page** node. 4. Click the `skIdp` component corresponding to a social IdP option that you want to provide. The section of the node contents that contains these components looks like this: ```json {{#if googleEnabled}} {{skIDP}} {{/if}} {{#if facebookEnabled}} {{skIDP}} {{/if}} {{#if appleEnabled}} {{skIDP}} {{/if}} ``` 5. In the **Identity Provider Connector** list, select **PingOne Authentication**. 6. In the **PingOne External Identity Provider** list, select an external IdP. 7. Select **Link with PingOne User**. 8. In the **PingOne Population** list, select **Default**. 9. Click **Save**. 10. Click **Apply**. 11. Repeat steps d-j for each other social IdP option that you want to use. 5. Verify or add values for the **Agreement ID** and **MFA Policy ID**. 1. Click **Flows**. 2. Select the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** flow and go to **…​ → Edit**. 3. Click the **Initialize Or Set Flow Variables** node. 4. For the `ciam_agreementID` variable value, enter the **Agreement ID** value that you copied in [Configuring PingOne](ciam_plus_configuring_p1.html) if it is not present. | | | | - | ---------------------------------------------------------------------------------- | | | If your environment has only one agreement, this value is automatically populated. | 5. For the `ciam_mfaPolicyID` variable value, enter the MFA policy ID that you want to use. | | | | - | ----------------------------------------------------------------- | | | If you do not enter an MFA policy ID, the default policy is used. | 6. Click **Apply**. 7. Click **Save**. 8. Repeat steps c-g in the following flows: * **CIAM Plus With Protect - Profile Management - Agreement TOS - Main Flow** * **CIAM Plus With Protect - SignOn - Subflow** 6. If you want to launch the solution using the widget, add your company name: 1. Click **Flows**. 2. Select the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** flow and go to **…​ → Edit**. 3. Click the **Set Industry Variables** node. 4. In the **Code** section, update the text to include your company name. ### Example: ``` const flowCompanyGreeting = (flowMethod === 'WIDGET' ) ? '

Welcome to Company Name

' :

Welcome to ${ciam_companyName}

; ``` 5. Click **Apply**. 7. Verify that the PingOne flow setting is correct for your environment. ### Choose from: * If you want to launch the PingOne for Customers Plus solution using a redirect, the flow must be configured as a PingOne flow. 1. Click **Flows**. 2. Click the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** flow. 3. Go to **More Options ( [icon: ellipsis-v, set=fa]) → Flow Settings**. 4. Enable the **PingOne Flow** toggle if it's not already enabled. 5. If you made changes to the flow settings, click **Save**, close the flow settings pane, and click **Deploy**. 6. If you plan to use the profile management flows, repeat steps a-e for the **CIAM Plus With Protect - Profile Management - Manage MFA - Main Flow**, **CIAM Plus - User Profile Management - Main flow**, and **CIAM Plus With Protect - Profile Management - Change Password - Main Flow** flows. * If you want to launch the PingOne for Customers Plus solution using the widget, the flow must not be configured as a PingOne flow. 1. Click **Flows**. 2. Click the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** flow. 3. Go to **More Options ( [icon: ellipsis-v, set=fa]) → Flow Settings**. 4. Disable the **PingOne Flow** toggle if it's not already disabled. 5. If you made changes to the flow settings, click **Save**, close the flow settings pane, and click **Deploy**. 6. If you plan to use the profile management flows, repeat steps a-e for the **CIAM Plus With Protect - Profile Management - Manage MFA - Main Flow**, **CIAM Plus - User Profile Management - Main flow**, and **CIAM Plus With Protect - Profile Management - Change Password - Main Flow** flows. 8. Configure a DaVinci application with a flow policy that invokes the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** flow. Learn more in [Creating an application](https://docs.pingidentity.com/davinci/applications/davinci_creating_an_application.html). 1. On the **Applications** tab, click **Add Application**. 2. In the **Name** field, enter a name for the application. 3. Click **Create**. 9. Create a flow policy for the application that you created. Learn more in [Configuring a flow policy](https://docs.pingidentity.com/davinci/applications/davinci_configuring_a_flow_policy.html). 1. On the **Applications** tab, find the application that you created and click **Edit**. 2. On the **Flow Policy** tab, click **+ Add Flow Policy**. 3. In the **Policy Name** field, enter a name for the flow policy. 4. Select **PingOne Flow Policy** if you plan to invoke the flow using a PingOne redirect. 5. In the **Flows** section, select a flow. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | * To launch the PingOne for Customers Plus solution, select the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** flow. * To launch a device management flow, select **CIAM Plus With Protect - Profile Management - Change Password - Main Flow** or **CIAM Plus With Protect - Profile Management - Manage MFA - Main Flow**. | 6. In the **Version** section, select one or more versions of the flow to use. 7. Click **Next**. 8. In the **Distribution** field, set the weight for the **CIAM-Passwordless-Protect-Registration-Authentication-Account-Recovery-Main Flow** flow to `100`. 9. Click **Create Flow Policy**. 10. If you are using a test environment, move the flows to your production environment: 1. In your testing environment, click **Flows**. 2. Click the **CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow** flow. 3. Go to **More options ( [icon: ellipsis-v, set=fa]) → Download Flow JSON**. ### Result: The **Export Flow** panel opens. 4. Click **Yes**. ### Result: The flow and its subflows are downloaded locally. 1. Sign on to your production environment and click **Flows**. 2. Click **Add Flow → Import from JSON**. 3. Select the JSON file containing the flows. 4. Click **Import**. 5. **Optional:** Repeat steps a-h for the CIAM Plus With Protect - Profile Management - Manage MFA - Main Flow, CIAM Plus - User Profile Management - Main flow, and CIAM Plus With Protect - Profile Management - Change Password - Main Flow flows. 6. Repeat steps 1-14 in your production environment. 11. If you imported the CIAM Plus With Protect - Profile Management - Manage MFA - Main Flow or CIAM Plus With Protect - Profile Management - Change Password - Main Flow flows, remove the duplicate copies of the CIAM Plus With Protect - Device Registration - Subflow and CIAM Plus With Protect - Change Password - Subflow flows. | | | | - | ----------------------------------------------------------------------- | | | The duplicate copies of the flows have `- 1` appended to the flow name. | 1. Click **Flows**. 2. Find the OOTB - Device Registration - Subflow - 1 flow and go to **…​ → Delete**, then click **Delete** in the confirmation window. 3. Find the OOTB - Change Password - Subflow - 1 flow and go to **…​ → Delete**, then click **Delete** in the confirmation window. 4. Click the CIAM Plus With Protect - Profile Management - Manage MFA - Main Flow. 5. Click the **Flow Conductor** connector, then replace the contents of the **Flow ID** field with the CIAM Plus With Protect - Device Registration - Subflow flow. 6. Click **Save**. 7. Click **Deploy**. 8. Click **Flows**. 9. Click the CIAM Plus With Protect - Profile Management - Change Password - Main Flow. 10. Click the **Flow Conductor** connector, then replace the contents of the **Flow ID** field with the CIAM Plus With Protect - Change Password - Subflow flow. 11. Click **Save**. 12. Click **Deploy**. 12. Invoke the flow or flows using the widget or a redirect. ### Choose from: * If you want to launch the flow in a separate window using a PingOne redirect, use the procedure in [Launching a PingOne flow with a redirect](https://docs.pingidentity.com/davinci/integrating_flows_into_applications/davinci_launch_flow_redirect.html). The CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow flow can be launched with a redirect. * If you want to launch the flow in a widget within the user's current window, use the procedure in [Launching a flow with the widget](https://docs.pingidentity.com/davinci/integrating_flows_into_applications/davinci_launching_a_flow_with_the_widget.html). The following flows can be launched with the widget: * CIAM Plus With Protect - Registration and Authentication with Username and Password - Main Flow * CIAM Plus With Protect - Profile Management - Manage MFA - Main Flow * CIAM Plus - User Profile Management - Main flow * CIAM Plus With Protect - Profile Management - Change Password - Main Flow | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When you invoke the flow using the widget, you must include your company logo as a background image in the `dialog-content-header__logo` CSS class. For example:``` .dialog-content-header__logo { background-image: url("./company-logo.svg"); } ``` | | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When you invoke the flow using the widget, you can include any of the following parameters. When present, the parameter value is used instead of the corresponding variable value.Use the following format to pass parameters to the flow:``` flowParameters:{ parameter1: "value", parameter2: "value" } ``` | > **Collapse: Parameters** > > | Parameter | Corresponding variable | Description | > | -------------------------- | ----------------------------- | ------------------------------------------------------------------------------------------ | > | `isAppleEnabled` | `ciam_appleEnabled` | A boolean indicating whether Apple is enabled as a social sign-on option. | > | `isFacebookEnabled` | `ciam_facebookEnabled` | A boolean indicating whether Facebook is enabled as a social sign-on option. | > | `isGoogleEnabled` | `ciam_googleEnabled` | A boolean indicating whether Google is enabled as a social sign-on option. | > | `isPasswordlessRequired` | `ciam_passwordlessRequired` | A boolean indicating whether all end users must use passwordless authentication. | > | `isEmailMagicLinkEnabled` | `ciam_magicLinkEnabled` | A boolean indicating whether magic links are enabled for your end users. | > | `isTermsOfServiceEnabled` | `ciam_agreementEnabled` | A boolean indicating whether agreement is enabled in your environment. | > | `isSmsOTPEnabled` | `ciam_smsOtpEnabled` | A boolean indicating whether one-time passcode using SMS is enabled in your environment. | > | `isEmailOTPEnabled` | `ciam_emailOtpEnabled` | A boolean indicating whether one-time passcode using email is enabled in your environment. | > | `isFidoPasskeyEnabled` | `ciam_fidoPasskeyEnabled` | A boolean indicating whether FIDO passkey is enabled in your environment. | > | `isAccountRecoveryEnabled` | `ciam_accountRecoveryEnabled` | A boolean indicating whether account recovery is enabled in your environment. |