Purpose

The CIAM Plus - Verify Email MFA - Subflow displays an HTML page giving users the option to enter a verification code sent to their email or resend the code. If the user enters the code, a PingOne node verifies the code. If the user requests that the code be resent, a PingOne node resends the code, then the user is returned to the beginning of the flow.

Structure

This flow is divided into sections using teleport nodes:

Ask for email verification code
Uses a flow instance variable to track the number of verification attempts, then uses a PingOne node to send a verification code to the user's email. The flow then presents the user with an HTML page on which they can enter a verification code or request that the code be resent. If the user submits a verification code, the flow progresses to the Verify verification code section. If the user requests a new code, the flow progresses to the Resend verification code section.
Verify verification code
Increments the number of validation attempts. If the number of attempts has not reached the maximum, a PingOne node validates the verification code. If the validation succeeds, a JSON success message is sent. If the validation fails, an error message is displayed.
Resend verification code
Increments the number of resend attempts. If the number of attempts has not reached the maximum, a PingOne node sends a new verification code and a function node updates the device authentication ID.
Return Success
Sends a JSON success message.
Return Error
Sends a JSON error message.

Input schema

This flow has the following inputs.

Input Name Required? Description

pingOneUserID

Yes

The user ID of the current user.

email

Yes

The current user's email address.

ciam_mfaPolicyId

No

The ID of the PingOne MFA policy to use.

ciam_companyLogo

No

The company logo.

Used only when the main flow was launched using the widget.

Output schema

This flow has the following outputs.

Output Name Description

ciam_errorMessage

The error message to display in the parent flow.

Variables

This flow uses the following variables.

Variable Name Description

ciam_verificationValidationAttempts

The number of device validation attempts made so far.

ciam_verificationLimit

The maximum number of times a user can attempt to verify their email.

ciam_resendOtpAttempts

The number of OTP resend attempts made so far.

ciam_resendOtpLimit

The maximum number of times a user can have an OTP resent.

ciam_deviceAuthnID

The ID of the device being used for MFA.

ciam_logoStyle

The HTML style to use for your company logo.

ciam_logoUrl

The URL for your company logo.

ciam_companyName

Displays the name of your company.