Gift Card Redemption Authentication

Gift Card Redemption - Account Registration - Subflow

The Gift Card Redemption - Account Registration - Subflow lets users register a new account.

Purpose

The Gift Card Redemption - Account Registration - Subflow presents users with the ability to create a new account. Depending on your environment’s properties, the flow can let a user create a password, add a multi-factor authentication (MFA) device using the Gift Card Redemption - Device Registration - Subflow flow, and view and consent to an agreement.

Structure

This flow is divided into sections using teleport nodes:

Fetch User Details for Registration

Uses function nodes to set flow instance variables and check whether agreement is enabled. If agreement is enabled, a PingOne node reads the agreement content. The flow then presents users with an HTML form on which to enter their email address.

If the user clicks Sign On, the flow progresses to the Return Success section.

If the user clicks Register, the flow progresses to the PingOne Protect Threat Detection And Mitigation. When this section completes, a PingOne node verifies that the email address is not already in use, then a function node checks whether the user consented to the agreement if one is in use. If the user consented to the agreement or no agreement is in use, an HTML form lets the user enter a first and last name and click Register or Back.

If the user clicks Register, a second HTML form lets the user enter and confirm a password. The flow then progresses to the Create Account section.

If the user clicks Back, the flow returns to the email address form.

PingOne Protect Threat Detection And Mitigation

If PingOne Protect analysis is required, uses a PingOne node to look up the user, then invokes the Gift Card Redemption - Threat Detection - Subflow subflow.

If the Gift Card Redemption - Threat Detection - Subflow subflow completes successfully, the PingOne Protect values are saved as variables.

A function node then examines the risk score.

  • If the risk score is low or medium, the flow returns to the Fetch User Details for Registration section.

  • If the risk score is high, a PingOne node updates PingOne Protect with the failed evaluation and an error message is displayed.

If the Gift Card Redemption - Threat Detection - Subflow subflow does not complete successfully, an error message is displayed.

Validate Password & Create Account

Uses a function node to process the user’s selection on the password form. If the user clicks Back, the flow returns to the name entry page. If the user clicks Register, function nodes verify that the password is valid and matches the confirmed password, then a PingOne node creates the new account. The flow then progresses to the Accept Agreement and Verify Email section.

Accept Agreement and Verify Email

Uses a function node to check whether an agreement is enabled. If an agreement is enabled, a PingOne updates the user’s information to include their consent to the agreement. The flow then invokes the Gift Card Redemption - Verify Email - Subflow flow to ensure that the user’s email address is verified, then progresses to the Auto enroll email as a MFA device section.

Auto enroll email as a MFA device

Uses PingOne nodes to enroll the user’s email as an MFA device and enable MFA for the user. The flow then progresses to the Return Success section.

Return Success

Uses a PingOne node to update the risk evaluation if the risk evaluation ID is available and sends a success JSON response indicating that the flow completed successfully.

Return Error

Uses a PingOne node to update the risk evaluation if the risk evaluation ID is available and sends an error JSON response indicating that the flow completed unsuccessfully.

Input schema

This flow has the following inputs.

Input name Required Description

email

No

The user’s email address.

agreementEnabled

No

Indicates whether agreement is enabled for user registration.

agreementId

No

The ID of the agreement to present to users.

socialRegistrationEnabled

No

A boolean indicating whether registration through a third-party authentication is enabled.

googleEnabled

No

A boolean indicating whether authentication through Google is enabled in your environment.

facebookEnabled

No

A boolean indicating whether authentication through Facebook is enabled in your environment.

appleEnabled

No

A boolean indicating whether authentication through Apple is enabled in your environment.

companyLogo

No

The company logo.

Used only when the main flow was launched using a redirect.

protectRiskPolicyId

No

The PingOne Protect risk policy ID to use. If not specified, the default policy is used.

verificationLimit

No

The number of times a user can attempt verification.

resendOtpLimit

No

The number of times a user can resend a one-time passcode (OTP).

Output schema

This flow has the following outputs.

Output name Description

subflowResult

The result status of the flow.

p1UserId

The user ID of the current user.

authMethod

The authentication method chosen by the user.

isSocialIDpAuth

A boolean that indicates whether the user signed on using social identity provider (IdP).

errorMessage

The error message text to display, if any.

errorDetails

The details of the error that occurred in this flow.

Variables and parameters

This flow uses the following variable or parameter values.

Variable name Parameter name Description

cachedEmail

None

The user’s cached email address.

errorMessage

None

The error message text to display, if any.

protectRiskEvalId

None

The risk evaluation ID returned by PingOne Protect.