Page created: 3 Jun 2022
|
Page updated: 16 Jun 2023
With the PingOne Risk Integration Kit, PingFederate includes PingOne Risk in the sign-on flow.
The following figure shows how PingOne Risk is integrated into the sign-on process:
Description
- A user initiates the sign-on process by requesting access to a protected resource.
- When device profiling is enabled, one of the following occurs (depending on the
device profiling method):
- An adapter that is earlier in the authentication flow runs a script that creates a device profile. The script passes the device profile to the PingOne Risk IdP Adapter in a series of HTTP cookies.
- The PingOne Risk IdP Adapter creates a device profile.
- The PingOne Risk IdP Adapter collects transaction information, such as the user's IP address.
- The adapter sends the transaction information and optional device profile to PingOne Risk.
- PingOne Risk returns a JSON payload with the risk result and other information, such as the IP reputation, to the adapter.
- The PingOne Risk IdP Adapter makes the risk result and other information available in the PingFederate authentication policy.
- PingFederate executes the authentication policy, which branches based on the risk result provided by the adapter.
- PingFederate returns the resource that the user requested.
- The adapter notifies PingOne Risk whether authentication ultimately succeeded. This helps PingOne Risk evaluate subsequent sign-on attempts.