Purpose

The CIAM Plus - Profile Management - Basic Profile Management - Main Flow flow presents users with an option to update their account information. Users with an existing session are presented with a form that enables them to change the name and address associated with their account. The flow uses PingOne nodes to make the changes to the account.

Structure

This flow is divided into sections using teleport nodes:

Check for Session
Uses function nodes to set variables, then uses a PingOne node to check for an existing session.
  • If a session exists, a hidden HTML node invokes the skpolling component.

  • If no session exists, a PingOne node deletes any existing session token, then the CIAM Plus - SignOn - Subflow is invoked. When the flow completes, a PingOne node creates or updates the session.

A function node retrieves the user ID, then a PingOne node retrieves the user details. The flow then progresses to the MFA Authentication section.

When the MFA Authentication has completed, a PingOne node retrieves the user's devices and a function node examines the number of devices. If the user has zero devices, the flow progresses to the Verifying and auto enrolling the email section. If the user has one or more devices, the CIAM Plus - Agreement (ToS) - Subflow is invoked and the flow progresses to the Return Success section.

MFA Authentication
Uses a PingOne node to retrieve the user's devices, then uses a hidden HTML node to check for WebAuthn compatibility. Function nodes verify that the user has at least one active device, then a PingOne node enables MFA for the user. The CIAM Plus - Device Authentication - Subflow is invoked, then the flow returns to the Check for session section.
Verifying and auto enrolling the email
Uses a PingOne node to send a verification code, then presents an HTML page on which the user can enter the verification code. If the user submits a code, PingOne nodes validate the code, register email as an MFA device, and send a device registration email. The flow then returns to the Check for session section.
Update Profile
Uses a PingOne node to find the user. The flow then presents users with a custom HTML form that lets them enter updated name and address information. When the user submits this information, function nodes determine whether a new address was submitted, then PingOne nodes update the user's information with or without the address. The flow displays a success message on the custom HTML form, then progresses to the Return Success section.
Return Success
Sends a JSON success message.
Return Error
Displays an error message, then sends a JSON error message.

Input schema

This flow has the following inputs.

Input Name Required Description

flowParameters

No

An object containing parameters passed in if the flow was launched with the widget. This input replaces all other inputs.

loginHint

No

Information used to pre-fill the username.

maxSecondsSinceLastSignOn

No

The maximum amount of time allowed since the user last authenticated.

authorizationRequest

No

An object containing all of the parameters from the OIDC authorization request.

samlRequest

No

An object containing all of the parameters from the SAML authorization request.

wsFedRequest

No

An object containing all of the parameters from the WS-FED authorization request.

application

Yes

An object containing the configuration information from the PingOne application that initiated the authentication request.

relayState

Yes

State information used by PingOne.

Output schema

This flow has the following outputs.

Output Name Description

ciam_errorMessage

The error message to display in the parent flow.

ciam_errorCode

The error code to display in the parent flow.

Variables

This flow uses the following variables.

Variable Name Description

ciam_sessionLengthInMinute

The number of minutes after which a session is no longer valid.

ciam_magicLinkEnabled

Indicates whether magic link is enabled in your environment.

ciam_agreementEnabled

A boolean indicating whether agreement is enabled in your environment.

ciam_passwordlessRequired

A boolean indicating whether passwordless signon is required in your environment.

ciam_emailOtpEnabled

A boolean indicating whether one-time passcode using email is enabled in your environment.

ciam_fidoPasskeyEnabled

A boolean indicating whether FIDO2 passkey is enabled in your environment.

ciam_smsOtpEnabled

A boolean indicating whether one-time passcode using sms is enabled in your environment.

ciam_appleEnabled

Indicates whether authentication through Apple is enabled in your environment.

ciam_facebookEnabled

Indicates whether authentication through Facebook is enabled in your environment.

ciam_googleEnabled

Indicates whether authentication through Google is enabled in your environment.

ciam_accountRecoveryEnabled

A boolean that controls whether account recovery is enabled in your environment.

ciam_voiceOtpEnabled

A boolean indicating whether voice one-time passcodes are enabled.

ciam_totpEnabled

A boolean indicating whether TOTP is enabled.

ciam_mobilePushOtpEnabled

A boolean indicating whether mobile push one-time passcodes are enabled.

ciam_logoStyle

The HTML style to use for your company logo.

ciam_logoUrl

The URL for your company logo.

ciam_companyName

Displays the name of your company.

flowMethod

The method used to launch the flow.