After you add PingOne Protect to your environment, integrate PingOne Protect into a user journey.
You’ll need a PingOne account with at least one environment that includes the PingOne Protect service. For more information, see Add an environment.
You can integrate your risk policy into a user journey in one of the following ways:
- Using the integration with PingFederate
- Building a custom flow with PingOne DaVinci
- Using the PingOne API
- Integrating with PingOne Advanced Identity Cloud
Regardless of the integration approach you use, the high-level steps are the same. The steps below use an authentication flow as an example for integration, but you can also use other user journeys, such as registration and authorization:
Using the PingOne Protect Integration Kit with PingFederate
Before proceeding, make sure PingFederate is installed. For help installing PingFederate, see Installing PingFederate.
Building a custom flow with PingOne DaVinci
Add PingOne DaVinci to your PingOne environment. Learn more in Adding an environment.
PingOne DaVinci is the graphic orchestration tool used for designing flows, such as user registration and authentication flows. You can find general information on using PingOne DaVinci here.
You can use the PingOne Protect connector to define different paths in an user journey flow, based on the result of a risk evaluation.
For example, you can use a risk evaluation connector before a multi-factor authentication (MFA) step, and then define different paths based on the risk score calculated:
- Skip the MFA challenge if low risk.
- Use a specific authentication method if user behavior data suggests medium or high risk.
- Block access completely in a high-risk situation, such as when the recommended action is equal to bot mitigation.
For examples of using the PingOne Protect connector in different types of flows, see the following templates in the Flow Library:
- PingOne - Sign On and Adaptive MFA
- PingID - MFA flow + Protect
- PingID - FIDO2 Passwordless + Protect
To use Protect connectors in a flow:
If you are having issues with the PingOne Protect Connector, try the following:
- For each connector in the flow, make sure that all of the mandatory inputs have been provided.
- If you are using the
skrisk
component to include the data provided by the PingOne Signals (Protect) SDK, make sure that you have carried out all of the necessary steps. - Use the Analytics feature to see where the flow stopped.
- Select the Options icon, and turn on Show Node ID. This will make it easier to identify the source of inputs and outputs.
Using the PingOne API
To integrate using the PingOne API:
Integrating with PingOne Advanced Identity Cloud
Make sure you have:
- A PingOne Advanced Identity Cloud administrator account
- A PingOne account (see Starting a PingOne trial)
- The client ID and client secret for a PingOne environment
- A risk policy configured in PingOne (or use the default risk policy)
- A worker application with the Identity Data admin role assigned in PingOne
Advanced Identity Cloud is a comprehensive identity and access management (IAM) service that lets you deploy applications anywhere: on-premises, in your own private cloud, or in your choice of public cloud. With Advanced Identity Cloud, you can manage user journeys and take advantage of the PingOne Protect threat protection features by integrating the three PingOne Protect nodes into your journey.
- Configure the PingOne Service in Advanced Identity Cloud.
-
Set up your user journey in Advanced Identity Cloud with the three PingOne Protect nodes in the
journey:
- The PingOne Protect Initialize node to initialize the PingOne Protect Web SDK on the client device.
- The PingOne Protect Evaluation node to calculate the risk level and other risk-related details associated with an event.
- The PingOne Protect Result node to update the risk evaluation configuration or modify the completion status of the resource when the risk evaluation is still in progress.
- Validate that the PingOne Protect Evaluation node is working by checking the PingOne Audit log for Risk Evaluation Created events.