Advanced Identity Cloud

PingOne Protect Result node

The PingOne Protect Result node updates the risk evaluation configuration or modifies the completion status of the resource while the risk evaluation is still in progress.

You can check the results of the evaluation in the PingOne admin console by filtering for Risk Evaluation Updated event types.

Compatibility

Product Compatible?

Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

This node requires that you’ve initialized PingOne Protect in your client application. For example, by using a PingOne Protect Evaluation node previously in the journey or by initializing the SDK within the app itself.

Dependencies

This node requires a PingOne Worker Service configuration so that it can connect to your PingOne instance and send it the necessary data to make risk evaluations as part of the journey.

Configuration

Property Usage

Completion Status

Report the status of the journey back to PingOne.

Choose from:

  • FAILED

  • SUCCESS

Outputs

This node does not change the shared node state.

Outcomes

Single outcome path.

The node attempts to update the PingOne server but continues along the single outcome without confirming the server received the update.

Example

The following example journey leverages PingOne Protect functionality to perform a risk evaluation on a client app. The client app is built using the ForgeRock SDKs.

Example PingOne Protect journey
Figure 1. Example PingOne Protect journey
  • 1 The PingOne Protect Initialization node instructs the SDK to initialize the PingOne Protect Signals API with the configured properties.

    Initialize the PingOne Protect Signals API as early in the journey as possible, before any user interaction.

    This enables it to gather sufficient contextual data to make an informed risk evaluation.

  • The user enters their credentials, which are verified against the identity store.

  • 2 The PingOne Protect Evaluation node performs a risk evaluation against a risk policy in PingOne.

    The example journey continues depending on the outcome:

    High

    The journey requests that the user respond to a push notification.

    Medium or Low

    The risk is not significant, so no further authentication factors are required.

    Exceeds Score Threshold

    The score returned is higher than the configured threshold and is considered too risky to complete successfully.

    Failure

    The risk evaluation could not be completed, so the authentication attempt continues to the Failure node.

    BOT_MITIGATION

    The risk evaluation returned a recommended action to check for the presence of a human, so the journey continues to a CAPTCHA node.

    AITM_MITIGATION

    The risk evaluation returned a recommended action regarding the possible presence of an adversary-in-the-middle attack, so the journey continues to the Failure node.

    ClientError

    The client returned an error when attempting to capture the data to perform a risk evaluation, so the authentication attempt continues to the Failure node.

  • 3 An instance of the PingOne Protect Result node returns the Success result to PingOne, which can be viewed in the console to help with analysis and risk policy tuning.

  • 4 A second instance of the PingOne Protect Result node returns the Failed result to PingOne, which can be viewed in the console to help with analysis and risk policy tuning.