--- title: Create a script in a journey to record last login time description: "Estimated time to complete: 20 minutes" component: pingoneaic page_id: pingoneaic:use-cases:use-case-last-login-time canonical_url: https://docs.pingidentity.com/pingoneaic/use-cases/use-case-last-login-time.html keywords: ["Implementation Guide", "JavaScript", "Scripts", "Use Case"] page_aliases: ["implementation:use-case-last-login-time.adoc"] section_ids: description: Description goals: Goals prerequisites: Prerequisites tasks: Tasks task_1_create_a_journey_decision_script: "Task 1: Create a journey decision script" task_2_update_the_target_managed_user_field: "Task 2: Update the target managed user field" task_3_create_a_last_login_journey: "Task 3: Create a last login journey" duplicate_the_default_login_journey: Duplicate the default login journey configure_your_last_login_time_journey: Configure your last login time journey task_4_check_journey_path_connections: "Task 4: Check journey path connections" validation: Validation steps: Steps video_of_validation: Video of validation explore_further: Explore further reference_material: Reference material nodes_used: Nodes used --- # Create a script in a journey to record last login time ## Description Estimated time to complete: 20 minutes *(tooltip: This assumes you complete the prerequisites beforehand.)* In this use case, you duplicate an existing journey and modify it to record the time the user signs on to the hosted account pages. You use a script in your journey to record the login time. ### Goals After completing this use case, you will know how to do the following: * Create a script to use in a journey, referred to as a *journey decision script*. * Change a field name in the end user profile. * Adapt a journey to record shared state data in the end user profile. ## Prerequisites Before you start work on this use case, make sure you have: * A basic understanding of: * JavaScript * Journeys and nodes * Realms * The Advanced Identity Cloud admin console and hosted pages * The `managed/alpha_user` object schema * Access to your Advanced Identity Cloud development environment as an administrator * A test identity in Advanced Identity Cloud ## Tasks ### Task 1: Create a journey decision script A journey decision script runs in Advanced Identity Cloud during an authentication journey. It's called a *decision* script because it's programmed to decide how the journey continues. When the script runs, it can also read and change the shared state *(tooltip: An object nodes use to share information during the authentication journey.)* of the journey. In this example, the script adds a timestamp to record when it runs in the shared state. Later, nodes can use the shared state data to take action. You can configure nodes to use shared state data and script the actions Advanced Identity Cloud takes. In this example, a later node writes the timestamp in the authenticating user's profile. 1. Sign on to the Advanced Identity Cloud admin console as an administrator. Select the `alpha` realm if it is not selected by default. 2. In the left menu pane, select Scripts > Auth scripts and click + New script. 3. Select Journey Decision Node and click Next to open the script editor. 4. Set the fields as follows and click Save and Close: | Field | Value | | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Name | `last-login-time` | | Description | `Set last login time. Use this after successful authentication.` | | JavaScript | ```JavaScript function tag(message) { return '*** last-login-time: '.concat(message) } var lastLoginAttribute = 'frUnindexedDate1' var lastLoginTime = new Date().toISOString() sharedState.get('objectAttributes').put(lastLoginAttribute, lastLoginTime) logger.message(tag('Setting ' + lastLoginAttribute + ' to ' + lastLoginTime)) outcome = 'Success' ``` | The script sets the shared state `objectAttributes.frUnindexedDate1` to the current time as an ISO date string. Managed users have [many optional fields](../identities/user-identity-properties-attributes-reference.html). The `frUnindexedDate1` field is one of them. The script sets this field in `objectAttributes`, the attributes of the managed user object, so a later node can write the updated `frUnindexedDate1` value from shared state to the user's profile. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The `frUnindexedDate1` field is an *unindexed* field, meaning Advanced Identity Cloud does not maintain a search index for the field. If applications look up profiles based on the last login time, use one of the `frIndexedDate*` fields instead. | Notice the following objects from Advanced Identity Cloud bound to the journey decision script execution context; the script uses them directly without having to define them first: * `sharedState`: Use this to access the shared journey state. * `logger`: Use this to log debug messages. * `outcome`: Set the outcome to a string as the last processing step. There is no authentication decision to make, so the script's only outcome is `Success`. You include each outcome in the Scripted Decision node Outcomes setting when using the script in a journey. Check in At this point, you: [icon: check, set=fa]Created a script to add last login time to the journey's shared state data. ### Task 2: Update the target managed user field By default, the label in the hosted account pages for the `frUnindexedDate1` field is `Generic Unindexed Date 1`. The journey uses this field for last login times; therefore, you change the label to `Last Login Time` for readability. 1. In the left menu pane of Advanced Identity Cloud admin console, select Native Consoles > Identity Management. The IDM admin console dashboard displays. 2. In the top menu of the IDM admin console, select Configure > Managed Objects and click the card for Alpha\_user to edit the managed object properties. 3. Scroll to the `frUnindexedDate1` row and click it to edit the property. 4. Set the fields as follows and click Save: | Field | Value | | ------------------------------------- | -------------------------------------------------------------------- | | Readable Title | `Last Login Time`This changes the label in the hosted account pages. | | Show advanced options > Searchable | Enable this. | | Show advanced options > User Editable | Disable this. | Check in At this point, you: [icon: check, set=fa]Created a script to add last login time to the journey's shared state data. [icon: check, set=fa]Configured the `Last Login Time` label in the hosted account pages. ### Task 3: Create a last login journey You base the last login journey on the default Login journey. To reference the script, you add a Scripted Decision node. To write the last login time to the user's profile, you add a Patch Object node. #### Duplicate the default login journey 1. In the left menu pane of Advanced Identity Cloud admin console, select Journeys 2. Select the More ([icon: ellipsis-h, set=fa]) menu for the default Login journey and select Duplicate to display the Duplicate Journey modal. 3. Set the fields as follows and click Save: | Field | Value | | --------------- | ------------------------------------------------------------------- | | Name | `Log in and set last login time` | | Identity Object | Alpha realm - Users `managed/alpha_user` | | Description | `Duplicate of default Login journey that also sets last login time` | The Advanced Identity Cloud admin console displays the journey editor. #### Configure your last login time journey 1. In the journey editor, find these nodes to drag and drop them onto the journey canvas: * Scripted Decision node * Patch Object node 2. Select the Scripted Decision node and set the fields as follows: | Field | Value | | -------- | ----------------- | | Name | `Last login time` | | Script | `last-login-time` | | Outcomes | `Success` | Leave the default settings for other fields. When the journey reaches this node, your journey decision script runs. 3. Select the Patch Object node and set the fields as follows: | Field | Value | | ----------------- | -------------------- | | Identity Resource | `managed/alpha_user` | Leave the default settings for other fields. When the journey reaches this node, it updates the `managed/alpha_user` object properties with the shared state `objectAttributes` fields including the `frUnindexedDate1` field set by your script. This update stores the last login time in the end user's profile. 4. Reconnect the Scripted Decision node `True` outcome to the `Last login time` node input. 5. Connect the `Last login time` node outcome to the Patch Object node input. 6. Connect the Patch Object node `Patched` outcome to the Increment Login Count node input. 7. Connect the Patch Object node `Failed` outcome to the Failure node. At this point, the authentication journey is complete. The following shows a rectangle around the nodes you added after duplicating the default journey: ![Last login time journey](_images/last-login-time/last-login-time.png) * a Collects the username and password. * b Validates the username and password. * c Records the time in the shared state object attributes on `frUnindexedDate1`. * d Writes the time to the user's profile. * e Increments the number of authentications. * f Triggers an inner journey; in this case, a journey for progressive profiling. Check in At this point, you: [icon: check, set=fa]Created a script to add last login time to the journey's shared state data. [icon: check, set=fa]Configured the `Last Login Time` label in the hosted account pages. [icon: check, set=fa]Duplicate and configured a journey to record the last Login time. ### Task 4: Check journey path connections Use the following table to check the connections for each node in the `Log in and set last login time` journey. Some nodes have more than one outcome. The → symbol means the node only has one outcome path. | Source node | Outcome path | Target node | | ----------------------------------------------------------------------- | ------------ | ----------------------------------------- | | Start (person icon) | → | Page node | | Page node containing:- Platform Username node - Platform Password node | → | Data Store Decision node | | Data Store Decision node | `True` | Scripted Decision node(`Last login time`) | | | `False` | Failure node | | Scripted Decision node(`Last login time`) | → | Patch Object node | | Patch Object node | `Patched` | Increment Login Count node | | | `Failed` | Failure node | | Increment Login Count node | → | Inner Tree Evaluator node | | Inner Tree Evaluator node | `True` | Success node | | | `False` | Failure node | ## Validation Now that you have created your script, updated a label in the hosted account pages, duplicated the default Login journey, and updated the copy to record the last login time in the user's profile, you are ready to validate the journey. Before validating, make sure you have a test user in the `alpha` realm. ### Steps 1. Get a URL you can use to test the journey: 1. Log in to the Advanced Identity Cloud admin console as an administrator. 2. Select Journeys. 3. Select the journey you created, Log in and set last login time. A preview screen of the journey displays. 4. Click the copy icon next to Preview URL, a URL you can use to test the journey as an end user: ![Copy the test URL for the journey](_images/last-login-time/copy-test-url.png) 2. Sign on to the hosted pages: 1. Paste the URL into an incognito window. Use incognito mode for testing to avoid caching issues and interference with any current sessions. 2. In the sign-on page, enter the test user's username and password. 3. Click Next. The hosted account pages display the test user's profile. 3. Click Edit Your Profile to display the profile screen then Edit Personal Info to display the profile fields. 4. Scroll to the Last Login Time field. The field contains the timestamp written when the test user signed on: ![Last login timestamp](_images/last-login-time/last-login-time-field.png) The hosted account pages append `(optional)` to the field name for managed object properties without Required enabled. ### Video of validation From the end user's perspective, the journey works as follows. The video starts with the test user signed on before trying the last login time journey: **Video (Brightcove)** \ ## Explore further ### Reference material | Reference | Description | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | | [Admin consoles in Advanced Identity Cloud](../getting-started/getting-started-explore-platform.html) | Get to know the admin interfaces; Advanced Identity Cloud admin console, AM native admin console, and IDM admin console. | | [Journeys](../journeys/journeys.html) | Conceptual information on journeys and their purpose in Advanced Identity Cloud. | | [Introduction to journeys with ForgeRock University](https://backstage.forgerock.com/university/on-demand/path/TGVhcm5pbmdQYXRoOjY%3D/chapter/Q291cnNlOjE1Nzg0/video/Q29udGVudDoxNDA4) | A guided video of journeys in Advanced Identity Cloud and how to use them. | | [Journey nodes](../journeys/auth-nodes.html) | Learn about the configurable nodes Advanced Identity Cloud offers for use in journeys. | | [User identity attributes and properties reference](../identities/user-identity-properties-attributes-reference.html) | Reference information for end user profile properties. | | [Scripted Decision node API](../am-scripting/scripting-api-node.html) | Reference information for journey decision node scripts. | ### Nodes used The last login time journey uses the following nodes: * [Page node](https://docs.pingidentity.com/auth-node-ref/latest/page.html) * [Platform Username node](https://docs.pingidentity.com/auth-node-ref/latest/platform-username.html) * [Platform Password node](https://docs.pingidentity.com/auth-node-ref/latest/platform-password.html) * [Data Store Decision node](https://docs.pingidentity.com/auth-node-ref/latest/data-store-decision.html) * [Scripted Decision node](https://docs.pingidentity.com/auth-node-ref/latest/scripted-decision.html) * [Patch Object node](https://docs.pingidentity.com/auth-node-ref/latest/patch-object.html) * [Increment Login Count node](https://docs.pingidentity.com/auth-node-ref/latest/increment-login-count.html) * [Inner Tree Evaluator node](https://docs.pingidentity.com/auth-node-ref/latest/inner-tree-evaluator.html) * [Success node](https://docs.pingidentity.com/auth-node-ref/latest/success.html) * [Failure node](https://docs.pingidentity.com/auth-node-ref/latest/failure.html)