Purpose

The OOTB - PingOne Protect Threat Detection - Subflow passes user information to PingOne Protect to perform a risk assessment. The assessment results are made available to other flows.

Structure

This flow has a single section.

Detect Threat using PingOne
A function node verifies that the username, flow type, and skriskcomponent are all present. If any of these values are missing, the flow displays an HTML error screen. If all values are present, a PingOne Protect node performs a risk and bot evaluation. If the evaluation fails, the flow displays an error message. If the evaluation succeeds, a comparison node checks to see if the recommended action includes a bot, adversary in the middle, or temporary email mitigation response. If so, the flow returns a JSON error response. If not, the flow returns a JSON success response.

Input schema

This flow has the following inputs:

Input name Required Description

skriskcomponent

Yes

The SKRisk component to be used in the risk evaluation.

userName

Yes

The user name to be evaluated by PingOne Protect.

flowType

Yes

The flow type to be passed to PingOne Protect.

ipAddress

Yes

The user IP address to be passed to PingOne Protect.

userID

No

The user ID to be passed to PingOne Protect.

applicationID

No

The application ID to be passed to PingOne Protect.

sessionID

No

The session ID to be passed to PingOne Protect.

riskPolicyID

No

The risk policy ID to be passed to PingOne Protect.

customAttributes

No

Any custom PingOne attributes to be passed to PingOne Protect.

userAgent

No

The PingOne Protect user agent.

usercookie

No

The PingOne Protect user cookie.

Output schema

This flow has the following outputs:

Output name Description

ciam_subflowResult

The result status of the flow.

ciam_protectPredictor

The action recommended by PingOne Protect.

ciam_protectDeviceStatus

The status of the user's device as determined by PingOne Protect.

ciam_protectRiskID

The risk ID of the current user as used by PingOne Protect.

ciam_protectRiskLevel

The risk level of the current user as determined by PingOne Protect.

Variables and parameters

This flow uses the following variable or parameter values:

Variable name Parameter name Description

ciam_protectPredictor

None

The recommendation made by PingOne Protect.

ciam_protectDeviceStatus

None

The status of the user's device as determined by PingOne Protect.

ciam_protectRiskID

None

The risk ID of the current user as used by PingOne Protect.

ciam_protectRiskLevel

None

The risk level of the current user as determined by PingOne Protect.

ciam_protectRiskSDK

None

The PingOne Protect SDK initialization value.