The CIAM Plus - Profile Management - Basic Profile Management - Main Flow flow lets users update their account information.
Purpose
The CIAM Plus - Profile Management - Basic Profile Management - Main Flow flow presents users with an option to update their account information. Users with an existing session are presented with a form that enables them to change the name and address associated with their account. The flow uses PingOne nodes to make the changes to the account.
Structure
This flow is divided into sections using teleport nodes:
- Check for Session
- Uses function nodes to set variables, then uses a PingOne node to check for an
existing session.
-
If a session exists, a hidden HTML node invokes the skpolling component.
-
If no session exists, a PingOne node deletes any existing session token, then the CIAM Plus - SignOn - Subflow is invoked. When the flow completes, a PingOne node creates or updates the session.
A function node retrieves the user ID, then a PingOne node retrieves the user details. The flow then progresses to the MFA Authentication section.
When the MFA Authentication has completed, a PingOne node retrieves the user's devices and a function node examines the number of devices. If the user has zero devices, the flow progresses to the Verifying and auto enrolling the email section. If the user has one or more devices, the CIAM Plus - Agreement (ToS) - Subflow is invoked and the flow progresses to the Return Success section.
-
- MFA Authentication
- Uses a PingOne node to retrieve the user's devices, then uses a hidden HTML node to check for WebAuthn compatibility. Function nodes verify that the user has at least one active device, then a PingOne node enables MFA for the user. The CIAM Plus - Device Authentication - Subflow is invoked, then the flow returns to the Check for session section.
- Verifying and auto enrolling the email
- Uses a PingOne node to send a verification code, then presents an HTML page on which the user can enter the verification code. If the user submits a code, PingOne nodes validate the code, register email as an MFA device, and send a device registration email. The flow then returns to the Check for session section.
- Update Profile
- Uses a PingOne node to find the user. The flow then presents users with a custom HTML form that lets them enter updated name and address information. When the user submits this information, function nodes determine whether a new address was submitted, then PingOne nodes update the user's information with or without the address. The flow displays a success message on the custom HTML form, then progresses to the Return Success section.
- Return Success
- Sends a JSON success message.
- Return Error
- Displays an error message, then sends a JSON error message.
Input schema
This flow has the following inputs.
Input Name | Required | Description |
---|---|---|
|
No |
An object containing parameters passed in if the flow was launched with the widget. This input replaces all other inputs. |
|
No |
Information used to pre-fill the username. |
|
No |
The maximum amount of time allowed since the user last authenticated. |
|
No |
An object containing all of the parameters from the OIDC authorization request. |
|
No |
An object containing all of the parameters from the SAML authorization request. |
|
No |
An object containing all of the parameters from the WS-FED authorization request. |
|
Yes |
An object containing the configuration information from the PingOne application that initiated the authentication request. |
|
Yes |
State information used by PingOne. |
Output schema
This flow has the following outputs.
Output Name | Description |
---|---|
|
The error message to display in the parent flow. |
|
The error code to display in the parent flow. |
Variables
This flow uses the following variables.
Variable Name | Description |
---|---|
|
The number of minutes after which a session is no longer valid. |
|
Indicates whether magic link is enabled in your environment. |
|
A boolean indicating whether agreement is enabled in your environment. |
|
A boolean indicating whether passwordless signon is required in your environment. |
|
A boolean indicating whether one-time passcode using email is enabled in your environment. |
|
A boolean indicating whether FIDO2 passkey is enabled in your environment. |
|
A boolean indicating whether one-time passcode using sms is enabled in your environment. |
|
Indicates whether authentication through Apple is enabled in your environment. |
|
Indicates whether authentication through Facebook is enabled in your environment. |
|
Indicates whether authentication through Google is enabled in your environment. |
|
A boolean that controls whether account recovery is enabled in your environment. |
|
A boolean indicating whether voice one-time passcodes are enabled. |
|
A boolean indicating whether TOTP is enabled. |
|
A boolean indicating whether mobile push one-time passcodes are enabled. |
|
The HTML style to use for your company logo. |
|
The URL for your company logo. |
|
Displays the name of your company. |
|
The method used to launch the flow. |