Overview of ID DataWeb - PingFederate

Device profile and user attributes

ID DataWeb uses a device profile to determine a "trust score" for each user sign-on event. The device profile is collected by a ThreatMetrix JavaScript script that runs during the sign-on flow.

You can opt to provide user attributes, such as name, address, and email, to ThreatMetrix or other verification services that are offered by ID DataWeb. You can populate these attributes from other sources in your PingFederate authentication policy. For the complete list of attributes that ID DataWeb can collect, see Attribute List in the ID DataWeb documentation.

The ID DataWeb IdP Adapter is responsible for sending the device profile and user attributes to ID DataWeb as part of the sign-on flow.

Verification services

The ID DataWeb service supports a network of 70+ identity verification services. ID DataWeb combines the results from all of these services into a unified "trust score".

As an ID DataWeb administrator, you can choose the verification services that you want to involve in user sign on events as shown in Managing Verification Services in the ID DataWeb documentation.

The ID DataWeb Integration Kit is designed to use the ThreatMetrix verification service, which allows you to build risk-based authentication into your PingFederate authentication policy. For more information, see ThreatMetrix in the ID DataWeb documentation.

Policy decisions

ID DataWeb processes the sign-on event information through the rules and identity verification services that you configure in the ID DataWeb dashboard. It then matches the resulting trust score to one of three policy decisions: "approve", "obligation", or "deny".

The ID DataWeb API provides the policy decision in a response to PingFederate. By including the ID DataWeb policy decision in your PingFederate authentication policy, you decide how each of the "approve", "obligation", and "deny" results affects a user's ability to sign on in your environment. For example, you can configure the "obligation" result to require a second authentication factor.

Attributes in the response from ID DataWeb

The response from ID DataWeb also contains user attributes and sign-on event data from the various ID DataWeb verification services.

In your ID DataWeb IdP Adapter instance configuration, you have the option to capture attributes from the response. This makes them available in other adapters and contracts in the PingFederate authentication policy.