PingOne Verify Proofing node
The PingOne Verify Proofing node lets administrators integrate
PingOne Verify verification functionality using Government ID
, Facial
Comparison
, and Liveness
in a journey.
Compatibility
Product | Compatible? |
---|---|
Advanced Identity Cloud |
Yes |
PingAM (self-managed) |
Yes |
Ping Identity Platform (self-managed) |
Yes |
Inputs
The node reads the username
from shared state.
To provide the username
in shared state for earlier in the journey, configure a node such as the Platform Username node.
Additionally, the node first looks for the attribute containing the PingOne UserID in the shared state. If that information is not found in the journey state, the node looks up the user in the local datastore to retrieve the PingOne UserID.
If the PingOne UserID does not exist in the local datastore, or does not exist in the PingOne datastore, a new user is created in PingOne to perform the verification.
Dependencies
You must configure PingOne Verify service before using this node.
Configuration
Property | Usage |
---|---|
PingOne Service |
The ID of the PingOne Worker service for connecting to PingOne. |
PingOne Verify Policy ID |
PingOne Verify Policy ID to use. The policy is expected to have the following details set:
|
Verify URL delivery mode |
Select from these options:
|
Let user choose the delivery method |
If selected, the user is prompted for the delivery method. |
Delivery message choice |
The message to display and allow user to select the delivery route (QR, SMS, or EMAIL). If QR delivery route is selected, the verify code displays along with the message. |
Document type required |
For any valid government ID leave ANY, otherwise, specify the document type to enforce. |
PingOne UserID Attribute |
Local attribute name to retrieve the PingOne UserID from. Will look in journey state first, then the local datastore. |
Age threshold |
If specified (years), the node extracts the date of birth from the claims and validates if age is equal or greater than the specified threshold. (Set 0 to disable age check). |
Attribute map |
Map PingOne Verify Claims to |
Attribute match confidence map |
Optionally, send the attributes entered by the user during registration to verify with imprecise matching in PingOne Verify. Value represents minimum confidence level to mark verification successful (LOW/MEDIUM/HIGH/EXACT). |
Fail expired documents |
For documents that contain expiration date, fail if out of date. |
Submission timeout |
Verification submission timeout in seconds. Value must be under authentication session validity time. |
Waiting message |
The message to display while waiting for the user to complete the authentication with PingOne Verify. |
Save verified claims from PingOne Verify to Transient State |
To save verified claims from PingOne Verify API response to transient state
with a key of |
Save verification metadata from PingOne Verify to Transient State |
Save verification explanation data from PingOne Verify to transient state
with a key of |
Leave access token in transientState |
If checked, PingOne access token is preserved in transient state, with a key of
|
Leave PingOne Verify transaction id in transientState |
If checked, PingOne transaction ID is preserved in transient state with a key
of |
Demo mode |
When selected, the journey continues along the |
Outputs
-
VerifyNeedPatch
: The new PingOne User’s GUID -
VerifyClaimResult
: Verified claims -
VerifyMetadataResult
: The verification metadata -
VerifyAT
: The access token used to perform the PingOne Verify -
VerifyTransactionID
: The PingOne Verify transaction ID -
VerifyNeedPatch
: The new PingOne GUID if a new PingOne user was created -
VerifiedFailedReason
: If a failure occurs, summary detail of reason
Outcomes
Success
-
All configured checks passed.
Success (Patch ID)
-
All configured checks passed. Additionally, the node needed to create a new PingOne user in PingOne to perform the Verification. This is because the stored GUID on the local user was invalid or didn’t exist. The node stored the new users PingOne GUID in the shared state on the
PingOne UserID Attribute
key and on the objectAttribute, so the GUID can be saved to the local users account and used for future verifications. Fail
-
One of the configured checks failed.
Fail (Patch ID)
-
One of the configured checks failed. Additionally, the node needed to create a new PingOne user in PingOne to perform the Verification. This is because the stored GUID on the local user was invalid or did exist. The node stored the new users PingOne GUID in the shared state on the
PingOne UserID Attribute
key and on the objectAttribute, so the GUID can be saved to the local users account and used for future verifications. Error
-
There was an error during the authentication process.