The following figure shows how ThreatMetrix is integrated into the sign-on process:
A sign-on flow diagram including the ThreatMetrix IdP Adapter


  1. A user initiates the sign-on process by requesting access to a protected resource.
  2. Depending on the device profiling method, the ThreatMetrix IdP Adapter or a previous authentication adapter collects the device profile and sends it back to ThreatMetrix with a session ID.

    For the "captured by a previous adapter" device profiling method, this step takes place at the same time as step 1.

  3. The ThreatMetrix IdP Adapter sends the session ID and any optional user attributes to ThreatMetrix.
  4. ThreatMetrix responds with the review status ("pass", "review", "challenge", or "reject") as well as additional attributes and sign-on event data.
  5. The ThreatMetrix IdP Adapter makes the review status and attributes and sign-on event data available in the PingFederate authentication policy.
  6. PingFederate continues executing the authentication policy, which branches based on the review status provided by the adapter.
  7. If the user authenticates successfully, PingFederate returns the resource that the user requested.
  8. Optional: If the review status was ""review"" and authentication ultimately succeeded, the adapter notifies ThreatMetrix. This allows ThreatMetrix to train models and tune policies for future sign-on attempts.