CIAM-Passwordless-Protect-Account-Registration-Subflow
The CIAM-Passwordless-Protect-Account-Registration-Subflow lets users register a new account.
Purpose
The CIAM-Passwordless-Protect-Account-Registration-Subflow presents users with the ability to create a new account. The flow first uses PingOne Protect to check for bots and high-risk users before proceeding to account creation. Depending on your environment’s properties, the flow can let a user create a password, add an multi-factor authentication (MFA) device using the CIAM-Passwordless-Protect-Device-Registration-Subflow flow, and view and agree to an agreement using the CIAM-Passwordless-Protect-Agreement(ToS)-Subflow flow.
Structure
This flow is divided into sections using teleport nodes:
- Progressive Profiling
-
Presents users with an HTML form on which to enter their email address. If the user clicks Sign On, the flow progresses to the Return Success section. If the user clicks Register the flow progresses to the PingOne Protect Threat Detection Analysis section.
A PingOne node verifies that the email address is not already in use, then an HTML form lets the user enter a first and last name. If passwordless is not required, a third form lets the user decide whether to provide a password or use other authentication. The flow then progresses to the Create Account section.
- PingOne Protect Threat Detection Analysis
-
Invokes the CIAM-Passwordless-Protect-Threat-Detection-Subflow subflow.
If the CIAM-Passwordless-Protect-Threat-Detection-Subflow subflow completes successfully, the PingOne Protect values are saved as variables.
A function node then examines the risk score.
-
If the risk score is low or medium, the flow returns to the Progressive Profiling section.
-
If the risk score is high, a PingOne node updates PingOne Protect with the failed evaluation and an error message is displayed.
If the CIAM-Passwordless-Protect-Threat-Detection-Subflow subflow does not complete successfully, any available PingOne Protect values are saved as variables, then the flow progresses to the Return Error section.
- Create Account
-
Uses PingOne nodes to create the new account, with or without a password depending on earlier selections. The flow then progresses to the Accept Agreement and Verify Email section.
- Accept Agreement and Verify Email
-
Invokes the CIAM-Passwordless-Protect-Agreement(ToS)-Subflow flow to ensure that the user agrees to any required agreements, then invokes the CIAM-Passwordless-Protect-Verify-Email-Subflow flow to ensure that the user’s email address is verified if necessary. The flow then progresses to the Device Registration section.
- Device Registration
-
Checks if the user selected passwordless. If not, the flow progresses to the Return Success section. If so, the CIAM-Passwordless-Protect-Device-Registration-Subflow flow is invoked, after which the flow progresses to the Return Success section if a device was registered, or to the Set Password section if the user switched to password authentication.
- Set Password
-
Uses an HTML node to prompt the user for a new password, verifies that the password matches the confirmed password, and uses a PingOne node to set the password. The flow then progresses to the Return Success section.
- Return Success
-
Sends a success JSON response, indicating that the flow has completed successfully.
- Return Error
-
Sends an error JSON response, indicating that the flow completed unsuccessfully. A comparison node also checks for a risk ID, and uses a PingOne node to update the risk evaluation if a risk ID is present.
Input schema
This flow has the following inputs:
Input name | Required | Description |
---|---|---|
|
Yes |
Indicates whether passwordless authentication is required for sign-on. |
|
Yes |
A string containing any or all of |
|
Yes |
Indicates whether agreement is enabled for user registration. |
|
Yes |
The ID of the agreement to present to users. |
|
No |
The company logo. Used only when the main flow was launched using the widget. |
Output schema
This flow has the following outputs:
Output name | Description |
---|---|
|
The result status of the flow. |
|
The user ID of the current user. |
|
The authentication method chosen by the user. |
|
The error message text to display, if any. |
Variables and parameters
This flow uses the following variable or parameter values:
Variable name | Parameter name | Description |
---|---|---|
|
|
Indicates whether passwordless authentication is required for sign-on. |
|
None |
The HTML style to use for your company logo. |
|
None |
The URL for your company logo. |
|
None |
Displays the name of your company. |
|
None |
The recommendation made by PingOne Protect. |
|
None |
The status of the user’s device as determined by PingOne Protect. |
|
None |
The risk ID of the current user as used by PingOne Protect. |
|
None |
The risk level of the current user as determined by PingOne Protect. |