PingOne Advanced Identity Cloud

PingOne Verify Proofing node

The PingOne Verify Proofing node lets administrators integrate PingOne Verify verification functionality using Government ID, Facial Comparison, and Liveness in a journey.

Compatibility

Product Compatible?

Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

The node reads the username from shared state.

To provide the username in shared state for earlier in the journey, configure a node such as the Platform Username node.

Additionally, the node first looks for the attribute containing the PingOne UserID in the shared state. If that information is not found in the journey state, the node looks up the user in the local datastore to retrieve the PingOne UserID.

If the PingOne UserID does not exist in the local datastore, or does not exist in the PingOne datastore, a new user is created in PingOne to perform the verification.

Dependencies

You must configure PingOne Verify service before using this node.

Configuration

Property Usage

PingOne Service

The ID of the PingOne Worker service for connecting to PingOne.

PingOne Verify Policy ID

PingOne Verify Policy ID to use. The policy is expected to have the following details set:

  • ID Verification is set REQUIRED.

  • Facial Comparison is set REQUIRED.

  • Liveness is set REQUIRED.

Verify URL delivery mode

Select from these options:

  • To display the verify URL to the end user as a QR code, select QR.

  • To email the end user with the verify URL, select EMAIL.

  • To send an SMS to the end user with the verify URL, select SMS.

  • To redirect the end user to the PingOne Verify service, select REDIRECT.

Let user choose the delivery method

If selected, the user is prompted for the delivery method.

Delivery message choice

The message to display and allow user to select the delivery route (QR, SMS, or EMAIL). If QR delivery route is selected, the verify code displays along with the message.

Document type required

For any valid government ID leave ANY, otherwise, specify the document type to enforce.

PingOne UserID Attribute

Local attribute name to retrieve the PingOne UserID from. Will look in journey state first, then the local datastore.

Age threshold

If specified (years), the node extracts the date of birth from the claims and validates if age is equal or greater than the specified threshold. (Set 0 to disable age check).

Attribute map

Map PingOne Verify Claims to objectAttributes on shared state. The KEY is objectAttribute and the VALUE is the Verify Claim Key. Use IDM keys for claim mapping. Refer to user mapping details for claim mapping keys.

Attribute match confidence map

Optionally, send the attributes entered by the user during registration to verify with imprecise matching in PingOne Verify. Value represents minimum confidence level to mark verification successful (LOW/MEDIUM/HIGH/EXACT).

Fail expired documents

For documents that contain expiration date, fail if out of date.

Submission timeout

Verification submission timeout in seconds. Value must be under authentication session validity time.

Waiting message

The message to display while waiting for the user to complete the authentication with PingOne Verify.

Save verified claims from PingOne Verify to Transient State

To save verified claims from PingOne Verify API response to transient state with a key of VerifyClaimResult.

Save verification metadata from PingOne Verify to Transient State

Save verification explanation data from PingOne Verify to transient state with a key of VerifyMetadataResult.

Leave access token in transientState

If checked, PingOne access token is preserved in transient state, with a key of VerifyAT.

Leave PingOne Verify transaction id in transientState

If checked, PingOne transaction ID is preserved in transient state with a key of VerifyTransactionID.

Demo mode

When selected, the journey continues along the Success outcome path.

Outputs

  • VerifyNeedPatch: The new PingOne User’s GUID

  • VerifyClaimResult: Verified claims

  • VerifyMetadataResult: The verification metadata

  • VerifyAT: The access token used to perform the PingOne Verify

  • VerifyTransactionID: The PingOne Verify transaction ID

  • VerifyNeedPatch: The new PingOne GUID if a new PingOne user was created

  • VerifiedFailedReason: If a failure occurs, summary detail of reason

Outcomes

Success

All configured checks passed.

Success (Patch ID)

All configured checks passed. Additionally, the node needed to create a new PingOne user in PingOne to perform the Verification. This is because the stored GUID on the local user was invalid or didn’t exist. The node stored the new users PingOne GUID in the shared state on the PingOne UserID Attribute key and on the objectAttribute, so the GUID can be saved to the local users account and used for future verifications.

Fail

One of the configured checks failed.

Fail (Patch ID)

One of the configured checks failed. Additionally, the node needed to create a new PingOne user in PingOne to perform the Verification. This is because the stored GUID on the local user was invalid or did exist. The node stored the new users PingOne GUID in the shared state on the PingOne UserID Attribute key and on the objectAttribute, so the GUID can be saved to the local users account and used for future verifications.

Error

There was an error during the authentication process.

Troubleshooting

If this node logs an error, review the log messages to find the reason for the error and address the issue appropriately.