PingOne for Customers Passwordless

CIAM-Passwordless-Protect-Account-Registration-Subflow

The CIAM-Passwordless-Protect-Account-Registration-Subflow lets users register a new account.

Purpose

The CIAM-Passwordless-Protect-Account-Registration-Subflow presents users with the ability to create a new account. The flow first uses PingOne Protect to check for bots and high-risk users before proceeding to account creation. Depending on your environment’s properties, the flow can let a user create a password, add an multi-factor authentication (MFA) device using the CIAM-Passwordless-Protect-Device-Registration-Subflow flow, and view and agree to an agreement using the CIAM-Passwordless-Protect-Agreement(ToS)-Subflow flow.

Structure

Diagram of the structure, as described below.

This flow is divided into sections using teleport nodes:

Progressive Profiling

Presents users with an HTML form on which to enter their email address. If the user clicks Sign On, the flow progresses to the Return Success section. If the user clicks Register the flow progresses to the PingOne Protect Threat Detection Analysis section.

A PingOne node verifies that the email address is not already in use, then an HTML form lets the user enter a first and last name. If passwordless is not required, a third form lets the user decide whether to provide a password or use other authentication. The flow then progresses to the Create Account section.

PingOne Protect Threat Detection Analysis

Invokes the CIAM-Passwordless-Protect-Threat-Detection-Subflow subflow.

If the CIAM-Passwordless-Protect-Threat-Detection-Subflow subflow completes successfully, the PingOne Protect values are saved as variables.

A function node then examines the risk score.

  • If the risk score is low or medium, the flow returns to the Progressive Profiling section.

  • If the risk score is high, a PingOne node updates PingOne Protect with the failed evaluation and an error message is displayed.

If the CIAM-Passwordless-Protect-Threat-Detection-Subflow subflow does not complete successfully, any available PingOne Protect values are saved as variables, then the flow progresses to the Return Error section.

Create Account

Uses PingOne nodes to create the new account, with or without a password depending on earlier selections. The flow then progresses to the Accept Agreement and Verify Email section.

Accept Agreement and Verify Email

Invokes the CIAM-Passwordless-Protect-Agreement(ToS)-Subflow flow to ensure that the user agrees to any required agreements, then invokes the CIAM-Passwordless-Protect-Verify-Email-Subflow flow to ensure that the user’s email address is verified if necessary. The flow then progresses to the Device Registration section.

Device Registration

Checks if the user selected passwordless. If not, the flow progresses to the Return Success section. If so, the CIAM-Passwordless-Protect-Device-Registration-Subflow flow is invoked, after which the flow progresses to the Return Success section if a device was registered, or to the Set Password section if the user switched to password authentication.

Set Password

Uses an HTML node to prompt the user for a new password, verifies that the password matches the confirmed password, and uses a PingOne node to set the password. The flow then progresses to the Return Success section.

Return Success

Sends a success JSON response, indicating that the flow has completed successfully.

Return Error

Sends an error JSON response, indicating that the flow completed unsuccessfully. A comparison node also checks for a risk ID, and uses a PingOne node to update the risk evaluation if a risk ID is present.

Input schema

This flow has the following inputs:

Input name Required Description

ciam_passwordlessRequired

Yes

Indicates whether passwordless authentication is required for sign-on.

allowedDeviceTypes

Yes

A string containing any or all of SMS, EMAIL, FIDO2 indicating the allowed device types.

ciam_agreementEnabled

Yes

Indicates whether agreement is enabled for user registration.

ciam_agreementId

Yes

The ID of the agreement to present to users.

ciam_companyLogo

No

The company logo.

Used only when the main flow was launched using the widget.

Output schema

This flow has the following outputs:

Output name Description

ciam_subflowResult

The result status of the flow.

ciam_pingOneUserId

The user ID of the current user.

ciam_authMethod

The authentication method chosen by the user.

ciam_errorMessage

The error message text to display, if any.

Variables and parameters

This flow uses the following variable or parameter values:

Variable name Parameter name Description

ciam_passwordlessRequired

isPasswordlessRequired

Indicates whether passwordless authentication is required for sign-on.

ciam_logoStyle

None

The HTML style to use for your company logo.

ciam_logoUrl

None

The URL for your company logo.

ciam_companyName

None

Displays the name of your company.

ciam_protectPredictor

None

The recommendation made by PingOne Protect.

ciam_protectDeviceStatus

None

The status of the user’s device as determined by PingOne Protect.

ciam_protectRiskID

None

The risk ID of the current user as used by PingOne Protect.

ciam_protectRiskLevel

None

The risk level of the current user as determined by PingOne Protect.