OOTB - Device Registration - Subflow - PingOne Services - PingOne Cloud Platform - PingOne - PingOne DaVinci

Purpose

The OOTB - Device Registration - Subflow presents users with options to register any available device type. The flow finds the available devices, then uses an HTML node to let the user select one:

• If the user selects Text Message, the flow gathers the number and uses an one-time passcode (OTP) to verify the SMS number.
• If the user selects Email, the flow uses an OTP to verify the email address.
• If the user selects Biometrics/Security Key, the flow pairs the current device.
• After any successful device registration, or if the user selects password, the flow redirects to the parent flow.

Structure

This flow is divided into sections using teleport nodes:

Gather device types that user can register with

Uses a PingOne node to retrieve the user's current devices and a hidden HTML form to gather browser information. The flow then uses multiple comparison nodes to determine if the user can register another device. If so, the flow progresses to the User select device to register with section. If not, the flow progresses to the Return Error section.

User select device to register with

Presents the user with an HTML page where they can select a device from one of the available registration options. If the user selects SMS, email, or FIDO2, the flow progresses to the corresponding section: User selected SMS, User selected email, or Register FIDO2 device and enable MFA for user. If the user selects password or cancel, the flow progresses to the Return Success section.

User Selected SMS

Presents the user with an HTML form on which they can enter a phone number. The flow then progresses to the Prepare to register OTP device section.

User selected email

Checks if the user's email is known, and presents the user with an HTML form on which they can enter an email if the email is not known. The flow then progresses to the Prepare to register OTP device section.

Prepare to register OTP device

uses a PingOne node to create an OTP device, stores the device ID as a variable, then progresses to the Ask for OTP section.

Ask for OTP

Presents the user with an HTML form on which they can enter the OTP or resend it. If they enter the OTP, the flow progresses to the Activate OTP and enable MFA for user section. If they resend, the flow progresses to the Resend OTP section.

Resend OTP

Uses PingOne nodes to delete the previous OTP device and create a new one. The flow then stores the device ID as a variable and displays a message to the user indicating that the OTP has been resent.

Activate OTP and enable MFA for user

Uses PingOne nodes to activate the device to which the OTP was sent, then update the user's MFA status. The flow then progresses to the Return Success section.

Register FIDO2 device and enable MFA for user

Uses a PingOne node to create a FIDO2 device, then presents an HTML page from which the user can confirm the registration. Two PingOne nodes activate the FIDO device, then update the user's MFA status. The flow then progresses to the Return Success section.

Return Success

Sends a success JSON response, indicating that the flow has completed successfully.

Return Error

Sends an error JSON response, indicating that the flow completed unsuccessfully.

Input schema

This flow has the following inputs.

Output schema

This flow has the following outputs.

Variables

This flow uses the following variables.