Purpose

The OOTB - Account Registration - Subflow presents users with the ability to create a new account. The flow first uses PingOne Protect to check for bots and high-risk users before proceeding to account creation. Depending on your environment's properties, the flow can let a user create a password, add an multi-factor authentication (MFA) device using the OOTB - Device Registration - Subflow flow, and view and agree to an agreement using the OOTB - Agreement (ToS) - Subflow flow.

Structure

Diagram of the OOTB - Account Registration - Subflow structure, as described below.

This flow is divided into sections using teleport nodes:

Progressive Profiling
Presents users with an HTML form on which to enter their email address. If the user clicks Sign On, the flow progresses to the Return Success section. If the user clicks Register the flow progresses to the PingOne Protect Threat Detection Analysis section.

A PingOne node verifies that the email address is not already in use, then an HTML form lets the user enter a first and last name. If passwordless is not required, a third form lets the user decide whether to provide a password or use other authentication. The flow then progresses to the Create Account section.

PingOne Protect Threat Detection Analysis

Invokes the OOTB - PingOne Protect Threat Detection - Subflow subflow.

If the OOTB - PingOne Protect Threat Detection - Subflow subflow completes successfully, the PingOne Protect values are saved as variables.

A function node then examines the risk score.
  • If the risk score is low or medium, the flow returns to the Progressive Profiling section.
  • If the risk score is high, a PingOne node updates PingOne Protect with the failed evaluation and an error message is displayed.

If the OOTB - PingOne Protect Threat Detection - Subflow subflow does not complete successfully, any available PingOne Protect values are saved as variables, then the flow progresses to the Return Error section.

Create Account
Uses PingOne nodes to create the new account, with or without a password depending on earlier selections. The flow then progresses to the Accept Agreement and Verify Email section.
Accept Agreement and Verify Email
Invokes the OOTB - Agreement (ToS) - Subflow flow to ensure that the user agrees to any required agreements, then invokes the OOTB - Verify Email - Subflow flow to ensure that the user's email address is verified if necessary. The flow then progresses to the Device Registration section.
Device Registration
Checks if the user selected passwordless. If not, the flow progresses to the Return Success section. If so, the OOTB - Device Registration - Subflow flow is invoked, after which the flow progresses to the Return Success section if a device was registered, or to the Set Password section if the user switched to password authentication.
Set Password
Uses an HTML node to prompt the user for a new password, verifies that the password matches the confirmed password, and uses a PingOne node to set the password. The flow then progresses to the Return Success section.
Return Success
Sends a success JSON response, indicating that the flow has completed successfully.
Return Error
Sends an error JSON response, indicating that the flow completed unsuccessfully. A comparison node also checks for a risk ID, and uses a PingOne node to update the risk evaluation if a risk ID is present.

Input schema

This flow has the following inputs:

Input name Required Description

ciam_passwordlessRequired

Yes

Indicates whether passwordless authentication is required for sign-on.

allowedDeviceTypes

Yes

A string containing any or all of SMS, EMAIL, FIDO2 indicating the allowed device types.

ciam_agreementEnabled

Yes

Indicates whether agreement is enabled for user registration.

ciam_agreementId

Yes

The ID of the agreement to present to users.

ciam_companyLogo

No

The company logo.

Used only when the main flow was launched using the widget.

Output schema

This flow has the following outputs:

Output name Description

ciam_subflowResult

The result status of the flow.

ciam_pingOneUserId

The user ID of the current user.

ciam_authMethod

The authentication method chosen by the user.

ciam_errorMessage

The error message text to display, if any.

Variables and parameters

This flow uses the following variable or parameter values:

Variable name Parameter name Description

ciam_passwordlessRequired

isPasswordlessRequired

Indicates whether passwordless authentication is required for sign-on.

ciam_logoStyle

None

The HTML style to use for your company logo.

ciam_logoUrl

None

The URL for your company logo.

ciam_companyName

None

Displays the name of your company.

ciam_protectPredictor

None

The recommendation made by PingOne Protect.

ciam_protectDeviceStatus

None

The status of the user's device as determined by PingOne Protect.

ciam_protectRiskID

None

The risk ID of the current user as used by PingOne Protect.

ciam_protectRiskLevel

None

The risk level of the current user as determined by PingOne Protect.