PingOne

Building a custom flow with PingOne DaVinci

Before you begin

Add PingOne DaVinci to your PingOne environment. Learn more in Adding an environment.

About this task

PingOne DaVinci is the graphic orchestration tool used for designing flows, such as user registration and authentication flows. You can find general information on using PingOne DaVinci here.

You can use the PingOne Protect connector to define different paths in an user journey flow, based on the result of a risk evaluation.

For example, you can use a risk evaluation connector before a multi-factor authentication (MFA) step, and then define different paths based on the risk score calculated:

  • Skip the MFA challenge if low risk.

  • Use a specific authentication method if user behavior data suggests medium or high risk.

  • Block access completely in a high-risk situation, such as when the recommended action is equal to bot mitigation.

    A screen capture of a Davinci flow with a PingOne Risk connector, showing the user flow for different risk levels.

For examples of using the PingOne Protect connector in different types of flows, see the following templates in the Flow Library:

  • PingOne - Sign On and Adaptive MFA

  • PingID - MFA flow + Protect

  • PingID - FIDO2 Passwordless + Protect

To use Protect connectors in a flow:

Steps

  1. After you have added DaVinci to your PingOne environment, ensure any risk connectors you add to your flows already have been configured with the correct information for environment ID, client ID, and client secret.

    If you import a flow from a different PingOne environment, you must go to the settings for the Protect connector and update this information to reflect the environment where you’re adding the flow.

  2. Add two different Protect connectors to your flow by following the documentation for the PingOne Protect connector:

    1. Add a Protect connector with the Create risk evaluation capability.

      The response returns a final risk evaluation result - High, Medium, or Low. The Protect connector with the Create Risk Evaluation capability should be added at a point in the flow where you would like to base the next action on the risk score assigned, for example, show an MFA prompt for Medium or High, but automatically grant access if the risk is deemed Low.

    2. Add risk evaluation feedback to the flow by adding a Protect connector with the Update risk evaluation capability.

      This step is included after authentication has been completed, and it consists of sending an update with the final state of the transaction, such as SUCCESS or FAIL. The Update risk evaluation capability represents the system’s ability to learn over time in order to improve results. You should always include an update connector in your flow because this step is essential for improving the accuracy of the machine learning models.

      Flows may take users on different paths. Make sure to include a Protect connector with the Update risk evaluation capability at the end of each possible path.

Troubleshooting

If you are having issues with the PingOne Protect Connector, try the following:

  • For each connector in the flow, make sure that all of the mandatory inputs have been provided.

  • If you are using the skrisk component to include the data provided by the PingOne Signals (Protect) SDK, make sure that you have carried out all of the necessary steps.

  • Use the Analytics feature to see where the flow stopped.

  • Select the Options icon, and turn on Show Node ID. This will make it easier to identify the source of inputs and outputs.