PingOne Protect Result node

The PingOne Protect Result node updates the risk evaluation configuration, or modify the completion status of the resource while the risk evaluation is still in progress.

You can check the results of the evaluation in the PingOne admin console, by filtering for Risk Evaluation Updated event types.

Compatibility

Product	Compatible?
ForgeRock Identity Cloud	No
ForgeRock Access Management (self-managed)	Yes
ForgeRock Identity Platform (self-managed)	Yes

Product

Compatible?

ForgeRock Identity Cloud

ForgeRock Access Management (self-managed)

Yes

ForgeRock Identity Platform (self-managed)

Yes

This node is not currently compatible with the following user interfaces:

The XUI interface provided by standalone AM deployments.
The Platform UI interface provided by Identity Cloud and ForgeOps deployments.

You can only use this node in client applications built using the ForgeRock SDK. Refer to Integrate with PingOne Protect for risk evaluations.

Inputs

This node requires that you have initialized PingOne Protect in your client application. For example, by using a PingOne Protect Evaluation node previously in the journey or by initializing the SDK within the app itself.

Dependencies

This node requires a PingOne Worker Service configuration so that it can connect to your PingOne instance and send it the necessary data to make risk evaluations as part of the journey.

Configuration

Property Usage

Property	Usage
Completion Status	Report the status of the journey back to PingOne. Choose from: `FAILED` `SUCCESS`

Completion Status

Report the status of the journey back to PingOne.

Choose from:

FAILED
SUCCESS

Outputs

This node does not change the shared node state.

Outcomes

Single outcome path.

The node attempts to update the PingOne server but continues along the single outcome without confirming the server received the update.

Example

The following example journey leverages PingOne Protect functionality to perform a risk evaluation on a client app. The client app is built using the ForgeRock SDKs.

Figure 1. Example PingOne Protect journey

1 The PingOne Protect Initialization node instructs the SDK to initialize the PingOne Protect Signals API with the configured properties.

Initialize the PingOne Protect Signals API as early in the journey as possible, before any user interaction.

+ This enables it to gather sufficient contextual data to make an informed risk evaluation.

The user enters their credentials, which are verified against the identity store.
2 The PingOne Protect Evaluation node performs a risk evaluation against a risk policy in PingOne.

The example journey continues depending on the outcome:

High

The journey requests that the user respond to a push notification.

Medium or Low

The risk is not significant, so no further authentication factors are required.

Exceeds Score Threshold

The score returned is higher than the configured threshold and is considered too risky to complete successfully.

Failure

The risk evaluation could not be completed, so the authentication attempt continues to the Failure node.

BOT_MITIGATION

The risk evaluation returned a recommended action to check for the presence of a human, so the journey continues to a CAPTCHA node.

ClientError

The client returned an error when attempting to capture the data to perform a risk evaluation, so the authentication attempt continues to the Failure node.
3 An instance of the PingOne Protect Result node returns the Success result to PingOne, which can be viewed in the console to help with analysis and risk policy tuning.
4 A second instance of the PingOne Protect Result node returns the Failed result to PingOne, which can be viewed in the console to help with analysis and risk policy tuning.