PingOne for Customers Plus

CIAM Plus With Protect - Account Registration - Subflow

The CIAM Plus With Protect - Account Registration - Subflow lets users register a new account.

Purpose

The CIAM Plus With Protect - Account Registration - Subflow presents users with the ability to create a new account. Depending on your environment’s properties, the flow can let a user create a password, add an multi-factor authentication (MFA) device using the CIAM Plus With Protect - Device Registration - Subflow flow, and view and agree to an agreement.

Structure

This flow is divided into sections using teleport nodes:

Fetch User Details for Registration

Uses function nodes to set flow instance variables and check whether agreement is enabled. If agreement is enabled, a PingOne node reads the agreement content. The flow then presents users with an HTML form on which to enter their email address.

If the user clicks Sign On, the flow progresses to the Return Success section.

If the user clicks Register, a PingOne node verifies that the email address is not already in use, then a function node checks whether the user accepted the agreement if one is in use. If the user accepted the agreement or no agreement is in use, an HTML form lets the user enter a first and last name and click Register or Back.

If the user clicks Register, a second HTML form lets the user enter and confirm a password, then the flow progresses to the Create Account section.

If the user clicks Back, the flow returns to the email address form.

Create Account

Uses a function node to process the user’s selection on the password form. If the user clicked Back, the flow returns to the name entry page. If the user clicked Register, function nodes verify that the password is valid and matches the confirmed password, then a PingOne node creates the new account. The flow then progresses to the Accept Agreement and Verify Email section.

Accept Agreement and Verify Email

Uses a function node to check whether an agreement is enabled. If an agreement is enabled, a PingOne updates the user’s information to include their acceptance of the agreement. The flow then invokes the CIAM Plus With Protect - Verify Email - Subflow flow to ensure that the user’s email address is verified, then progresses to the Auto enroll email as a MFA device section.

Auto enroll email as a MFA device

Uses PingOne nodes to enroll the user’s email as an MFA device, enable MFA for the user, and send a device registration confirmation email. The flow then progresses to the Return Success section.

Return Success

Sends a success JSON response, indicating that the flow completed successfully.

Return Error

Sends an error JSON response, indicating that the flow completed unsuccessfully.

Input schema

This flow has the following inputs:

Input name Required Description

email

No

The user’s email address.

agreementEnabled

Yes

Indicates whether agreement is enabled for user registration.

agreementId

Yes

The ID of the agreement to present to users.

socialRegistrationEnabled

No

A boolean indicating whether registration through a third-party login is enabled.

googleEnabled

No

A boolean indicating whether authentication through Google is enabled in your environment.

facebookEnabled

No

A boolean indicating whether authentication through Facebook is enabled in your environment.

appleEnabled

No

A boolean indicating whether authentication through Apple is enabled in your environment.

companyLogo

No

The company logo.

Used only when the main flow was launched using a redirect.

protectRiskPolicyId

No

The PingOne Protect risk policy ID to use. If not specified, the default policy is used.

verificationLimit

No

The number of times a user can attempt verification.

resendOtpLimit

No

The number of times a user can resend a one-time passcode (OTP).

Output schema

This flow has the following outputs:

Output name Description

subflowResult

The result status of the flow.

p1UserId

The user ID of the current user.

authMethod

The authentication method chosen by the user.

isSocialIDpAuth

A boolean that indicates whether the user signed on using social IdP.

errorMessage

The error message text to display, if any.

errorDetails

The details of the error that occurred in this flow.

Variables and parameters

This flow uses the following variable or parameter values:

Variable name Parameter name Description

cachedEmail

None

The user’s cached email address.

errorMessage

None

The error message text to display, if any.

protectRiskEvalId

None

The risk evaluation ID returned by PingOne Protect.