PingOne

Scenario: Revoking a credential and notifying the user

In this scenario, John Smith (the user) decided he had a good experience with BX Rental Cars (the credential verification service) on his previous trip over the summer, and decides to rent with them again when he visits his family over the holidays. However, he missed both a notice from BX Insurance (the credential issuer) prompting him to renew his auto insurance and a later notification in his wallet app that his credential was revoked. He no longer has an active auto policy.

Scenario participants

The following parties are involved in this scenario:

Credential issuer

BX Insurance

User

John Smith

Provider of a service

BX Rental Cars

Verifier service

The service BX Insurance contracts with for credential verification

Assumptions

BX Insurance meets the following requirements:

  • PingOne Credentials and PingOne MFA are available in the BX Insurance PingOne environment.

  • They created a credential type for the user data required to issue the credential. The credential type includes a connection to a digital wallet app that users can install and use to store their personal credentials.

    For more information about creating a credential type, see Creating a credential.

  • The issuance rules for the credential type require that the user belong to the "Active Policy" group in PingOne. Membership in that group requires that the user’s auto insurance policy is not expired.

    For more information about groups, see Groups.

  • BX Insurance customized the Credential Revoked notification template to inform users when their credentials are revoked.

    For more information about notification templates, see Notification templates.

Scenario

Revoking and notifying user credential flow

  1. John visits the Reservations page of the BX Rental Cars website from his computer and starts his new reservation request.

  2. An API call is made from the website to the verifier service BX Rental Cars uses. This creates a new verification session and provides a QR code that BX Rental Cars displays on the screen for John to scan.

  3. Using the wallet app on his phone, John scans the QR code.

  4. Depending on how the wallet app is configured, John is authenticated by the app.

  5. John sees a notification that his credential from BX Insurance was revoked. When John did not renew his auto policy, he was removed from the "Active Policy" group, invalidating his credential. He cannot complete his reservation.

  6. John calls his BX Insurance agent, renews his policy, and pays for his policy extension.

  7. After John’s policy data updates, John is re-added to the "Active Policy" group and his credential from BX Insurance is reissued.

  8. After receiving the updated credential and saving it to his wallet app, John returns to BX Rental Cars reservation site and is able to complete the reservation process.

For more information about revoking credentials, see Revoking a credential.