PingOne

Updating completion status for risk evaluations

When PingOne Protect is integrated into a user journey, you can define different paths in the flow based on the risk evaluation response. For example, in an authentication flow, each risk evaluation created determines whether the user is granted access, challenged with multi-factor authentication (MFA), or denied access.

About this task

For every Create Risk Evaluation event in a user flow, PingOne Protect also requires an Update Risk Evaluation event that includes the flow completion status for the risk evaluation. Updating the flow completion status allows PingOne Protect to improve the accuracy of future risk evaluations and ensure protection against fraudulent access attempts.

Many of the predictors used in risk policies gradually learn characteristics from access attempts made by your users, such as where the user is physically located and what operating system they’re using. This learning process can only take place if your flow provides the completion status to indicate which access attempts were made by legitimate users.

Steps

  • Update the risk evaluation completion status for an event:

    Choose from:

    • PingOne API: Use the completionStatus property in the risk evaluation.

    • PingOne DaVinci: Add a PingOne Protect connector with the Update Risk Evaluation capability at the end of a user flow.

    • PingOne Advanced Identity Cloud: Add a PingOne Protect Result node to an Advanced Identity Cloud journey.

    • PingAM: Add a PingOne Protect Result node to a PingAM journey.

    • PingFederate: The PingOne Protect Integration Kit handles updating the risk evaluation automatically and does not require additional configuration.

    • For any other integration, make sure to include an Update Risk Evaluation event at the end of your user journey.

Result

After adding an Update Risk Evaluation event, completionStatus is updated as one of the following:

  • SUCCESS when the user was granted access or passed the MFA challenge

    Only events with completionStatus=SUCCESS allow the predictors to learn.

  • FAILED when the user was denied access or failed the MFA challenge.

    If a user is unable to successfully complete an event (for example, if their authentication failed), the risk evaluation for the event is updated as completionStatus=FAILED.

If completionStatus is not updated, the status remains completionStatus=IN_PROGRESS, and the predictor cannot learn from the event and stays in training mode.