OOTB - Account Recovery - Subflow - PingOne Services - PingOne Cloud Platform - PingOne

Page created: 26 Jun 2023 |

Page updated: 28 Sep 2023

| 3 min read

PingOne DaVinci Product PingOne Cloud Platform PingOne PingOne Services Administrator Guide User task Configuration Content Type Guide Solution Guide

The OOTB - Account Recovery - Subflow lets users regain access to their account if they know their username and have at least one alternate method of identification configured for their account.

Purpose

The OOTB - Account Recovery - Subflow presents users who have forgotten their password with multiple means of recovering their account. Users provide their username and select an alternate method of identification. The flow verifies that the username exists and has multi-factor authentication (MFA) enabled, then uses the selected method to reset the account password.

Structure

This flow is divided into sections using teleport nodes:

Forgot Password Form: Presents a custom HTML form on which users can enter the email address of their account. When the user clicks Submit, the flow progresses to the Send Recovery Code If Applicable section.
Send Recovery Code If Applicable: Uses a PingOne node to find a user with the specified email address. If the user is found, a second PingOne node sends a recovery code, and the flow progresses to the Recovery Code Form section. If the user is not found, an error message is displayed.
Recovery Code Form: Uses a flow instance variable to begin tracking the number of recovery attempts, then presents the user with an HTML page with multiple options. If the user submits a recovery code with a new password, the flow progresses to the Verify Password and Recovery Code section. If the user resends the recovery code, the flow progresses to the Resend Recovery Code section.
Verify Password and Recovery Code: Uses a comparison node to verify that the new password and the confirmed password match, displaying an error message if they do not. The number of recovery attempts is then incremented by one and compared to the maximum. If it does not exceed the maximum, the flow progresses to the Update Password and Show Success Message section.
Resend Recovery Code: Uses a PingOne node to send a new recovery code, then displays a success message to the user.
Update Password and Show Success Message: Uses a PingOne node to send the recovery code and new password to PingOne. If the recovery code is correct and the new password is valid, a success message is displayed and the flow progresses to the Return Success section. If the recovery code or new password is incorrect or invalid, an error message is displayed.
Return Success: Sends a success JSON response, indicating that the flow has completed successfully.
Return Error: Sends an error JSON response, indicating that the flow completed unsuccessfully.

Input schema

This flow has the following inputs.

Input Name Required? Description

Input Name	Required?	Description
`ciam_companyLogo`	No	The company logo. Used only when the main flow was launched using the widget.

ciam_companyLogo

The company logo.

Used only when the main flow was launched using the widget.

Output schema

This flow has the following outputs.

Output Name	Description
`ciam_pingOneUserId`	The user ID of the current user.
`ciam_subflowResult`	The result status of the flow.
`ciam_authMethod`	The authentication method that was configured by the flow.
`ciam_errorMessage`	The error message to display in the parent flow.

Variables

This flow uses the following variables.

Variable Name	Description
`ciam_logoStyle`	The HTML style to use for your company logo.
`ciam_logoUrl`	The URL for your company logo.
`ciam_companyName`	Displays the name of your company.
`ciam_recoveryLimit`	The maximum number of times a user can attempt to recover an account.

OOTB - Account Recovery - Subflow - PingOne Services - PingOne Cloud Platform - PingOne - PingOne DaVinci

PingOne for Customers Passwordless

Purpose

Structure

Input schema

Output schema

Variables