The CIAM Plus - Account Recovery - Email - Subflow lets users recovery a lost account using an email address.
Purpose
The CIAM Plus - Account Recovery - Email - Subflow presents users who have forgotten their password with the ability to reset it using their email address. Users provide and verify their email address. The flow provides a form for the user to enter a new password, then verifies and saves the new password.
Structure
This flow is divided into sections using teleport nodes:
- Forgot Password Form
- Presents a custom HTML form on which users can enter the email address of their account. When the user clicks Submit, the flow progresses to the Verify User And Validate Entered Email section.
- Verify User And Validate Entered Email
- Uses a PingOne node to find a user with the specified email address. If the user is found, is active, and currently has a password, the flow progresses to the Check If MFA Enabled And Return To Send OTP To Email section. The flow then invokes the CIAM Plus - Verify Email - Subflow, then progresses to the Reset Password Form section.
- Reset Password Form
- Uses a flow instance variable to begin tracking the number of recovery attempts, then presents the user with an HTML page to enter and confirm a new password. If the user submits a new password, the flow progresses to the Verify Password section.
- Verify Password
- Uses function nodes to validate the new password and verify that the new password and the confirmed password match, displaying an error message if either condition is not met. The number of recovery attempts is then incremented by one and compared to the maximum. If it does not exceed the maximum, the flow progresses to the Update Password and Show Success Message section.
- Update Password And Show Success Message
- Uses a PingOne node to save the new password, then displays a success message and uses a second PingOne node to send a password change email. The flow then progresses to the Return Success section. If the recovery code or new password is incorrect or invalid, an error message is displayed.
- Check If MFA Enabled And Return To Send OTP To Email
- Uses a PingOne node to check if MFA is enabled. If MFA is not enabled, an HTML node presents the user with the option to enable it and a PingOne node saves the new MFA status. After MFA is enabled, the flow returns to the Verify User and Validate Entered Email section.
- Return Success
- Sends a success JSON response, indicating that the flow has completed successfully.
- Return Error
- Sends an error JSON response, indicating that the flow completed unsuccessfully.
Input schema
This flow has the following inputs.
Input Name | Required? | Description |
---|---|---|
|
No |
The company logo. Used only when the main flow was launched using the widget. |
|
No |
The ID of the PingOne MFA policy to use in the flow. |
|
No |
The username of the account being recovered. |
Output schema
This flow has the following outputs.
Output Name | Description |
---|---|
|
The user ID of the current user. |
|
The result status of the flow. |
|
The authentication method that was configured by the flow. |
|
The error message to display in the parent flow. |
Variables
This flow uses the following variables.
Variable Name | Description |
---|---|
|
The HTML style to use for your company logo. |
|
The URL for your company logo. |
|
Displays the name of your company. |
|
The maximum number of times a user can attempt to recover an account. |