TypingDNA Decision node

The TypingDNA Decision node handles the authentication logic by communicating with the TypingDNA Authentication API. To perform this, the TypingDNA Decision node uses the API key and API secret from the TypingDNA user account dashboard.

Compatibility

Product	Compatible?
Advanced Identity Cloud	Yes
PingAM (self-managed)	Yes
Ping Identity Platform (self-managed)	Yes

Product

Compatible?

Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

This node reads TDNA_TEXT_TO_ENTER, TDNA_DEVICE_TYPE, TDNA_TEXT_ID, and TDNA_TYPING_PATTERN parameters from the shared state.

Dependencies

Before using the TypingDNA nodes, you must set up Advanced Identity Cloud integration with TypingDNA as described in the Step-by-step: TypingDNA as a 2FA factor in Ping. This node also requires that the TypingDNA Recorder node be configured earlier in the journey.

Properties

Property Usage

Property	Usage
API URL	The URL for TypingDNA API, for example, https://api.typingdna.com
API key	The API key from your TypingDNA account
API secret	The API secret from your TypingDNA account
Retries	The number of times a user is allowed to retry authentication if it fails. Default: `0`, meaning no retries are allowed.
Authentication API Configuration	Two options are available: `Basic`: Uses the default settings of Authentication API for auto-enroll, minimum number of enrollments, and thresholds for auto-enroll and verification. All requests will use the `/auto` endpoint that is free for all types of Authentication API clients. `Advanced`: Uses the `/verify` endpoint. The authentication behavior can be managed by using the API Settings menu in the TypingDNA Dashboard for Authentication API. Don’t use the `Advanced` configuration with the free starter account.
Hash algorithm	The hash-algorithm used to anonymize user IDs before sending them to the TypingDNA Authentication API.
Salt	A string that is used to anonymize the user ID for additional security. For example, username or user email. Default: null.
Request identifier	An optional parameter that may be used to identify requests coming from a specific Advanced Identity Cloud authentication tree. The identifier also appears in the TypingDNA logs. Default: ForgeRock.
Request time out	Time in milliseconds after which each request to the TypingDNA Authentication API times out if no response was received. Default: 8000 ms.

API URL

The URL for TypingDNA API, for example, https://api.typingdna.com

API key

The API key from your TypingDNA account

API secret

The API secret from your TypingDNA account

Retries

The number of times a user is allowed to retry authentication if it fails.

Default: 0, meaning no retries are allowed.

Authentication API Configuration

Two options are available:

Basic: Uses the default settings of Authentication API for auto-enroll, minimum number of enrollments, and thresholds for auto-enroll and verification. All requests will use the /auto endpoint that is free for all types of Authentication API clients.
Advanced: Uses the /verify endpoint. The authentication behavior can be managed by using the API Settings menu in the TypingDNA Dashboard for Authentication API. Don’t use the Advanced configuration with the free starter account.

Hash algorithm

The hash-algorithm used to anonymize user IDs before sending them to the TypingDNA Authentication API.

Salt

A string that is used to anonymize the user ID for additional security. For example, username or user email.

Default: null.

Request identifier

An optional parameter that may be used to identify requests coming from a specific Advanced Identity Cloud authentication tree. The identifier also appears in the TypingDNA logs.

Default: ForgeRock.

Request time out

Time in milliseconds after which each request to the TypingDNA Authentication API times out if no response was received.

Default: 8000 ms.

Outputs

This node doesn’t store any output in the shared state.

Outcomes

Enroll: This occurs if the user’s number of saved patterns was lower than the number of enrollments. The newly presented typing pattern will be saved to the profile. In this case, no authentication is actually performed.

For passive enrollment, you need to continue the flow to an alternative authentication node or to success. For active enrollment, you need to link this outcome back to the page node, such as the login page or the short phrase page, where the typing patterns are collected.
Initial enrollment complete: This occurs when the user’s number of saved patterns is equal to that needed for enrollment. The minimum number of patterns for initial enrollment can be configured from the API Settings menu in the TypingDNA Dashboard for Authentication API.

The API Settings menu is available only for paid Authentication API plans.
Retry: This occurs if the authentication fails and the number of times the user has retried is lower than the Retries property value configured. The authentication can fail because the Match threshold hasn’t been reached or because a non-critical error, which could be overcome by trying again, has occurred. To effectively allow retry effectively, link this outcome back to the page node that collects typing patterns.
Fail: This occurs when a critical error occurs, such as if invalid API credentials are entered. This outcome should be linked to an alternative authentication node or Failure.
Match: This occurs when the authentication is successful. For this, the net score of the authentication must exceed the Match threshold. This outcome is usually linked to Success.
No match: This occurs if the authentication fails and the allowed number of retries has reached. This outcome would be linked to an alternative authentication node.

Example

Sample journey using this node.

Troubleshooting

If this node logged an error, review the transaction log to find the reason for the error.