Gift Card Redemption - Threat Detection - Subflow

The Gift Card Redemption - Threat Detection - Subflow uses PingOne Protect to provide a risk assessment of the current user.

Purpose

The Gift Card Redemption - Threat Detection - Subflow passes user information to PingOne Protect to perform a risk assessment. The assessment results are made available to other flows.

Structure

This flow is divided into sections using teleport nodes:

Detect Threat using PingOne Protect: A function node verifies that the username, flow type, and skriskcomponent are all present. If all values are present, a PingOne Protect node creates a risk evaluation.

If the evaluation succeeds, comparison nodes verify that no bot, AITM, or disposable email was detected. If a bot is detected, the flow progresses to the Return Error section. If an AITM or disposable email is detected, the flow progresses to the Disable User, Notify User With Password Reset Link And Return Error If AITM/Disposable Mail Detected section.

If no AITM or disposable email is detected, a function node checks the risk level. If a high risk is detected, function nodes verify that the calling flow is not Gift Card Redemption - Account Registration - Subflow, that the user’s PingOne user ID is known, and that the user is active. PingOne nodes then either notify the user of the new device login if a new device was found or notify the user of the high risk if a new device was not found.

Regardless of the risk level, function nodes check for a PingOne user ID and verify that the user’s account is not disabled. The flow then proceeds to the Return Success section.
Disable User, Notify User With Password Reset Link And Return Error If AITM/Disposable Mail Detected: Function nodes verify that the calling flow is not Gift Card Redemption - Account Registration - Subflow, that the user’s PingOne user ID is known, and that the user is active. If these conditions are met, a PingOne node disables the user, then the flow progresses to the Create And Send Link To User’s Email To Reset Password And Enable Account After Password Reset section.
Create And Send Link To User’s Email To Reset Password And Enable Account After Password Reset: Uses a flow connector node to create a magic link with an out-of-band start while simultaneously progressing to the Challenge Acceptance By The User By Clicking On The Link From Email section. The section then uses a PingOne node to notify the user of the account suspesnsion and progresses to the Return Error section.
Challenge Acceptance By The User By Clicking On The Link From Email: Uses function nodes to check the challenge status. When the challenge is approved, invokes the Gift Card Redemption - Account Recovery - Main Flow.
Return Success: Sends a JSON success message.
Return Error: Uses a function node to enrich the error details, then sends a JSON error message. If the PingOne Protect evaluation ID is not present, a PingOne Protect node updates the PingOne Protect risk evaluation to Failed.

Input schema

This flow has the following inputs:

Input name Required Description

Input name	Required	Description
`skriskcomponent`	Yes	The `SKRisk` component to be used in the risk evaluation.
`p1UserId`	No	The user ID to be passed to PingOne Protect.
`p1UserName`	Yes	The username to be evaluated by PingOne Protect.
`p1ProtectRiskPolicyId`	No	The risk policy ID to be passed to PingOne Protect. If it is not provided, the default risk policy is used.
`flowType`	Yes	The flow type to be passed to PingOne Protect.
`ipAddress`	Yes	The user IP address to be passed to PingOne Protect.
`isAccountEnabled`	No	A boolean indicating whether the user’s account is enabled.
`applicationID`	No	The application ID to be passed to PingOne Protect.
`sessionID`	No	The session ID to be passed to PingOne Protect.
`customAttributes`	No	Any custom PingOne attributes to be passed to PingOne Protect.
`userAgent`	No	The PingOne Protect user agent.
`usercookie`	No	The PingOne Protect user cookie.

skriskcomponent

Yes

The SKRisk component to be used in the risk evaluation.

p1UserId

The user ID to be passed to PingOne Protect.

p1UserName

Yes

The username to be evaluated by PingOne Protect.

p1ProtectRiskPolicyId

The risk policy ID to be passed to PingOne Protect. If it is not provided, the default risk policy is used.

flowType

Yes

The flow type to be passed to PingOne Protect.

ipAddress

Yes

The user IP address to be passed to PingOne Protect.

isAccountEnabled

A boolean indicating whether the user’s account is enabled.

applicationID

The application ID to be passed to PingOne Protect.

sessionID

The session ID to be passed to PingOne Protect.

customAttributes

Any custom PingOne attributes to be passed to PingOne Protect.

userAgent

The PingOne Protect user agent.

usercookie

The PingOne Protect user cookie.

Output schema

This flow has the following outputs:

Output name Description

Output name	Description
`protectRiskEvalID`	The risk ID of the current user as used by PingOne Protect.
`protectActivityState`	The user’s state or province, as determined by PingOne Protect.
`protectActivityCity`	The user’s city, as determined by PingOne Protect.
`protectDeviceStatus`	The status of the user’s device as determined by PingOne Protect.
`protectPredictor`	The action recommended by PingOne Protect.
`protectRiskLevel`	The risk level of the current user as determined by PingOne Protect.
`errorMessage`	The error message returned by the flow. Sent only if the flow progressed to the Return Error section.
`errorDetails`	The detailed error information returned by the flow. Sent only if the flow progressed to the Return Error section.

protectRiskEvalID

The risk ID of the current user as used by PingOne Protect.

protectActivityState

The user’s state or province, as determined by PingOne Protect.

protectActivityCity

The user’s city, as determined by PingOne Protect.

protectDeviceStatus

The status of the user’s device as determined by PingOne Protect.

protectPredictor

The action recommended by PingOne Protect.

protectRiskLevel

The risk level of the current user as determined by PingOne Protect.

errorMessage

The error message returned by the flow. Sent only if the flow progressed to the Return Error section.

errorDetails

The detailed error information returned by the flow. Sent only if the flow progressed to the Return Error section.

Variables and parameters

This flow does not directly use any variable or parameter values.

Gift Card Redemption Authentication