CIAM-Passwordless-Protect-Magic-Link-Authentication-Subflow

The CIAM-Passwordless-Protect-Magic-Link-Authentication-Subflow lets existing users authenticate using a link sent to the email address that’s associated with their account.

Purpose

The CIAM-Passwordless-Protect-Magic-Link-Authentication-Subflow presents users with the option to send a magic link to the email address associated with their account. After the link is sent, the flow checks the status of the link. If the link is clicked, the flow authenticates the user. If the link expires, the flow presents an error message. The magic link expires after 2 minutes.

Structure

This flow is divided into sections using teleport nodes:

Display Magic Link Form: Uses a PingOne node to look up the user, then presents an HTML form from which the user can send a magic link. The flow then simultaneously progresses to the Create Challenge and Send Email and Challenge Acceptance By The User sections.
Create Challenge and Send Email: Uses a PingOne node to send a magic link email. The flow then progresses to the Display Magic Link Polling And Check For Challenge Status section.
Challenge Acceptance By The User: Checks the challenge status and displays a success message if the magic link is clicked and an error message if the magic link times out.
Display Magic Link Polling And Check For Challenge Status: Displays a custom HTML template directing users to click the magic link. When the challenge is approved, the flow progresses to the Show Success Message section.
Show Success Message: Displays one of two success forms depending on whether the user has any other MFA devices. The flow then progresses to the Return Success section.
Challenge Expiration: Denies the challenge if the magic link expires. The flow then progresses to the Return Error section.
Return Success: Sends a success JSON response, indicating that the flow has completed successfully.
Return Error: Sends an error JSON response, indicating that the flow completed unsuccessfully.

Input schema

This flow has the following inputs.

Input name Required Description

Input name	Required	Description
`email`	Yes	The email address to use for registration.
`canChangeDevice`	Yes	Indicates whether the user can change the device used for authentication.
`ciam_companyLogo`	No	The company logo. Used only when the main flow was launched using the widget.

email

Yes

The email address to use for registration.

canChangeDevice

Yes

Indicates whether the user can change the device used for authentication.

ciam_companyLogo

The company logo.

Used only when the main flow was launched using the widget.

Output schema

This flow has the following outputs.

Output name Description

Output name	Description
`ciam_pingOneUserId`	The user ID of the current user.
`ciam_subflowResult`	The result status of the flow.
`ciam_errorMessage`	The error message to display in the parent flow.

ciam_pingOneUserId

The user ID of the current user.

ciam_subflowResult

The result status of the flow.

ciam_errorMessage

The error message to display in the parent flow.

Variables

This flow uses the following variables.

Variable name Description

Variable name	Description
`ciam_logoStyle`	The HTML style to use for your company logo.
`ciam_logoUrl`	The URL for your company logo.
`ciam_companyName`	Displays the name of your company.

ciam_logoStyle

The HTML style to use for your company logo.

ciam_logoUrl

The URL for your company logo.

ciam_companyName

Displays the name of your company.

PingOne for Customers Passwordless