CIAM Plus With Protect - Threat Detection - Subflow

The CIAM Plus With Protect - Threat Detection - Subflow uses PingOne Protect to provide a risk assessment of the current user.

Purpose

The CIAM Plus With Protect - Threat Detection - Subflow passes user information to PingOne Protect to perform a risk assessment. The assessment results are made available to other flows.

Structure

This flow is divided into sections using teleport nodes:

Detect Threat using PingOne Protect: A function node verifies that the username, flow type, and skriskcomponent are all present. If any of these values are missing, the flow progresses to the Return Error section. If all values are present, a PingOne Protect node performs a risk and bot evaluation.

If the evaluation fails, the flow progresses to the Return Error section. If the evaluation succeeds, a comparison node checks if a new device was found. If so, function nodes verify that the calling flow is not CIAM Plus With Protect - Account Registration - Subflow, that the user’s PingOne user ID is known, and that the user is active. If these conditions are met, a PingOne node sends an email to the user notifying them of the new device.

Regardless of whether a new device was found, the flow then uses a function node to check whether the PingOne Protect analysis found a bot, AITM, or disposable email attack. If so, the flow progresses to the Disable User And Return Error If BOT/AITM/Disposable Mail Detected section.

If no threats are identified, the flow uses function nodes to verify that the user’s PingOne user ID is unknown or that their account is enabled if their PingOne user ID is known. The flow progresses to the Return Success section if these conditions are met, and progresses to the Return Error section otherwise.
Disable User And Return Error If BOT/AITM/Disposable Mail Detected: A function node checks whether the calling flow was the CIAM Plus With Protect - Account Registration - Subflow. If so, the flow progresses to the Return Error section.

If the calling flow was not CIAM Plus With Protect - Account Registration - Subflow, a function node checks if the user’s account is enabled. If it is not enabled, the flow progresses to the Return Error section. If it is enabled, PingOne nodes disable the user’s account and send a notification to the user regarding their account status. The flow then progresses to the Return Error section.
Return Success: Sends a JSON success message.
Return Error: Sends a JSON error message, then updates the PingOne Protect risk evaluation to Failed if it is not already set.

Input schema

This flow has the following inputs:

Input name Required Description

Input name	Required	Description
`skriskcomponent`	Yes	The `SKRisk` component to be used in the risk evaluation.
`p1UserId`	No	The user ID to be passed to PingOne Protect.
`p1UserName`	Yes	The username to be evaluated by PingOne Protect.
`p1UserEmail`	No	The email address to be passed to PingOne Protect.
`p1ProtectRiskPolicyId`	No	The risk policy ID to be passed to PingOne Protect. If it is not provided, the default risk policy is used.
`flowType`	Yes	The flow type to be passed to PingOne Protect.
`ipAddress`	Yes	The user IP address to be passed to PingOne Protect.
`isAccountEnabled`	No	A boolean indicating whether the user’s account is enabled.
`applicationID`	No	The application ID to be passed to PingOne Protect.
`sessionID`	No	The session ID to be passed to PingOne Protect.
`customAttributes`	No	Any custom PingOne attributes to be passed to PingOne Protect.
`userAgent`	No	The PingOne Protect user agent.
`usercookie`	No	The PingOne Protect user cookie.

skriskcomponent

Yes

The SKRisk component to be used in the risk evaluation.

p1UserId

The user ID to be passed to PingOne Protect.

p1UserName

Yes

The username to be evaluated by PingOne Protect.

p1UserEmail

The email address to be passed to PingOne Protect.

p1ProtectRiskPolicyId

The risk policy ID to be passed to PingOne Protect. If it is not provided, the default risk policy is used.

flowType

Yes

The flow type to be passed to PingOne Protect.

ipAddress

Yes

The user IP address to be passed to PingOne Protect.

isAccountEnabled

A boolean indicating whether the user’s account is enabled.

applicationID

The application ID to be passed to PingOne Protect.

sessionID

The session ID to be passed to PingOne Protect.

customAttributes

Any custom PingOne attributes to be passed to PingOne Protect.

userAgent

The PingOne Protect user agent.

usercookie

The PingOne Protect user cookie.

Output schema

This flow has the following outputs:

Output name Description

Output name	Description
`protectRiskEvalID`	The risk ID of the current user as used by PingOne Protect.
`protectActivityState`	The user’s state or province, as determined by PingOne Protect.
`protectActivityCity`	The user’s city, as determined by PingOne Protect.
`protectDeviceStatus`	The status of the user’s device as determined by PingOne Protect.
`protectPredictor`	The action recommended by PingOne Protect.
`protectRiskLevel`	The risk level of the current user as determined by PingOne Protect.
`errorMessage`	The error message returned by the flow. Only sent if the flow progressed to the Return Error section.
`errorDetails`	The detailed error information returned by the flow. Only sent if the flow progressed to the Return Error section.

protectRiskEvalID

The risk ID of the current user as used by PingOne Protect.

protectActivityState

The user’s state or province, as determined by PingOne Protect.

protectActivityCity

The user’s city, as determined by PingOne Protect.

protectDeviceStatus

The status of the user’s device as determined by PingOne Protect.

protectPredictor

The action recommended by PingOne Protect.

protectRiskLevel

The risk level of the current user as determined by PingOne Protect.

errorMessage

The error message returned by the flow. Only sent if the flow progressed to the Return Error section.

errorDetails

The detailed error information returned by the flow. Only sent if the flow progressed to the Return Error section.

Variables and parameters

This flow does not directly use any variable or parameter values.

PingOne for Customers Plus