The following figure shows how the iovation API is integrated into the sign-on process:

Description

  1. A user initiates the sign-on process by requesting access to a protected resource.
  2. Depending on the device profiling method, the iovation IdP Adapter or a previous authentication adapter retrieves the latest JavaScript from iovation. For the "previous adapter" method, this takes place at the same time as step 1.
  3. Depending on the device profiling method, the iovation IdP Adapter or a previous authentication adapter runs the iovation JavaScript, which builds the device profile and packages it in an encrypted blackbox.
  4. The iovation IdP Adapter sends the blackbox and transaction insight parameters to the iovation API and requests the risk result for the transaction.
  5. The iovation API returns a JSON payload with the risk result and other attributes to the iovation IdP Adapter.
  6. The iovation IdP Adapter makes the risk result and contract attributes available in the authentication policy.
  7. PingFederate executes the authentication policy, which branches based on the risk result reported by the iovation IdP Adapter.
  8. PingFederate returns the resource that the user requested.