Scenario participants

The following parties are involved in this scenario:

Credential issuer
BX Insurance
John Smith
Provider of a service
BX Rental Cars
Verifier service
The service BX Insurance contracts with for credential verification


BX Insurance meets the following requirements:

  • PingOne Credentials and PingOne MFA are available in the BX Insurance PingOne environment.
  • They created a credential type for the user data required to issue the credential. The credential type includes a connection to a digital wallet app that users can install and use to store their personal credentials.

    For more information about creating a credential type, see Creating a credential.

  • The issuance rules for the credential type require that the user belong to the "Active Policy" group in PingOne. Membership in that group requires that the user's auto insurance policy is not expired.

    For more information about groups, see Groups.

  • BX Insurance customized the Credential Revoked notification template to inform users when their credentials are revoked.

    For more information about notification templates, see Notification templates.


Revoking and notifying user credential flow
  1. John visits the Reservations page of the BX Rental Cars website from his computer and starts his new reservation request.
  2. An API call is made from the website to the verifier service BX Rental Cars uses. This creates a new verification session and provides a QR code that BX Rental Cars displays on the screen for John to scan.
  3. Using the wallet app on his phone, John scans the QR code.
  4. Depending on how the wallet app is configured, John is authenticated by the app.
  5. John sees a notification that his credential from BX Insurance was revoked. When John did not renew his auto policy, he was removed from the "Active Policy" group, invalidating his credential. He cannot complete his reservation.
  6. John calls his BX Insurance agent, renews his policy, and pays for his policy extension.
  7. After John's policy data updates, John is re-added to the "Active Policy" group and his credential from BX Insurance is reissued.
  8. After receiving the updated credential and saving it to his wallet app, John returns to BX Rental Cars reservation site and is able to complete the reservation process.

For more information about revoking credentials, see Revoking a credential.