CIAM-Passwordless-Protect-Device-Registration-Subflow
The CIAM-Passwordless-Protect-Device-Registration-Subflow lets users register a new device.
Purpose
The CIAM-Passwordless-Protect-Device-Registration-Subflow presents users with options to register any available device type. The flow finds the available devices, then uses an HTML node to let the user select one:
-
If the user selects Text Message, the flow gathers the number and uses an one-time passcode (OTP) to verify the SMS number.
-
If the user selects Email, the flow uses an OTP to verify the email address.
-
If the user selects Biometrics/Security Key, the flow pairs the current device.
-
After any successful device registration, or if the user selects password, the flow redirects to the {ciam_account_registration } parent flow.
Structure
This flow is divided into sections using teleport nodes:
- Gather device types that user can register with
-
Uses a PingOne node to retrieve the user’s current devices and a hidden HTML form to gather browser information. The flow then uses multiple comparison nodes to determine if the user can register another device. If so, the flow progresses to the User select device to register with section. If not, the flow progresses to the Return Error section.
- User select device to register with
-
Presents the user with an HTML page where they can select a device from one of the available registration options. If the user selects SMS, email, or FIDO2, the flow progresses to the corresponding section: User selected SMS, User selected email, or Register FIDO2 device and enable MFA for user. If the user selects password or cancel, the flow progresses to the Return Success section.
- User Selected SMS
-
Presents the user with an HTML form on which they can enter a phone number. The flow then progresses to the Prepare to register OTP device section.
- User selected email
-
Checks if the user’s email is known, and presents the user with an HTML form on which they can enter an email if the email is not known. The flow then progresses to the Prepare to register OTP device section.
- Prepare to register OTP device
-
uses a PingOne node to create an OTP device, stores the device ID as a variable, then progresses to the Ask for OTP section.
- Ask for OTP
-
Presents the user with an HTML form on which they can enter the OTP or resend it. If they enter the OTP, the flow progresses to the Activate OTP and enable MFA for user section. If they resend, the flow progresses to the Resend OTP section.
- Resend OTP
-
Uses PingOne nodes to delete the previous OTP device and create a new one. The flow then stores the device ID as a variable and displays a message to the user indicating that the OTP has been resent.
- Activate OTP and enable MFA for user
-
Uses PingOne nodes to activate the device to which the OTP was sent, then update the user’s MFA status. The flow then progresses to the Return Success section.
- Register FIDO2 device and enable MFA for user
-
Uses a PingOne node to create a FIDO2 device, then presents an HTML page from which the user can confirm the registration. Two PingOne nodes activate the FIDO device, then update the user’s MFA status. The flow then progresses to the Return Success section.
- Return Success
-
Sends a success JSON response, indicating that the flow has completed successfully.
- Return Error
-
Sends an error JSON response, indicating that the flow completed unsuccessfully.
Input schema
This flow has the following inputs.
| Input name | Required | Description |
|---|---|---|
|
Yes |
The email address to use for registration. |
|
Yes |
The user ID of the current user. |
|
Yes |
Indicates whether to display the cancel option on the initial user page. |
|
Yes |
Indicates whether all users are required to use passwordless authentication. |
|
Yes |
A string containing any or all of |
|
No |
The company logo. Used only when the main flow was launched using the widget. |