PingOne DaVinci

Configuring a flow policy

Configure flow policies to control which flows and flow versions are displayed for users.

Steps

  1. On the Applications tab, browse or search for the application and click Edit.

  2. On the Flow Policy tab, click + Add Flow Policy.

  3. In the Policy Name field, enter a name for the flow policy.

  4. Select PingOne Flow Policy to enable flows in the policy to be launched directly through PingOne.

    This option cannot be changed after the flow policy is created. PingOne flow policies can only include flows and flow versions that have the PingOne Flow setting enabled.

  5. (Optional) If the flow policy is a PingOne flow policy, select one or more options for bypassing the flow if an existing session is found.

    This option is useful if you want to avoid unnecessary flow executions for users who already have a session. The PingOne Authentication - Return Success node includes the appropriate session options.

    1. Select Password Based Authentication to bypass the flow if a password-based session exists, and select MFA Based Authentication to bypass the flow if an MFA-based session exists.

      If you select both Password Based Authentication and MFA Based Authentication, the user’s session must have both authentication method reference values for the flow to be bypassed.

    2. For each selected authentication method, provide a time range by entering a number and selecting minutes, hours, or days. The flow is only bypassed if the existing session was created within the time range you select.

  6. Click Next.

  7. Add one or more flows to the policy:

    1. In the Flows section, select a flow.

    2. In the Version section, select one or more versions of the flow to use.

      The Latest Version option always uses the latest version.

    3. (Optional) Repeat the previous steps to add additional flows.

  8. Click Next.

    Result:

    The Edit Your Weight Distribution modal opens.

  9. Add weight distribution and analytics information for each flow and flow version:

    1. In the Distribution field for each flow version, enter or select a distribution weight from 1 - 100.

      When a flow policy with more than one flow is invoked, the flow policy selects a flow to run, using the distribution weight for each flow as the percent chance of its selection. You can use this feature to A/B test flows or flow versions.

    2. (Optional) Click Add IP Whitelist, then enter one or more IP addresses in the Whitelist IP field.

      If a request comes from an IP address on the allow list, the weight is ignored, and the specified flow is triggered.

    3. (Optional) In the Analytics - Select Success Nodes list, select one or more nodes that, when run, indicate that the flow run was successful.

    This information is used to calculate the flow policy’s success rate.

  10. Click Create Flow Policy.

  11. Click the General tab, then click Apply.