Advanced Identity Cloud

PingOne Create User node

The PingOne Create User node can create new users in the PingOne platform.

You can configure the node to create a user including their profile data or to create an anonymized user.

Compatibility

Product Compatible?

Advanced Identity Cloud

Yes 1

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

1 Currently available only in the rapid release channel.

Inputs

This node reads the username field from the shared node state to access the user’s identity profile.

Implement a Platform Username node before this node in the journey.

You should also verify the user’s identity by using an Identity Store Decision node.

Dependencies

This node requires a PingOne Worker Service configuration so that it can authenticate to your PingOne instance.

You can find information on the properties used by the service in PingOne Worker service.

Configuration

Property Usage

PingOne Worker Service ID

The ID of the PingOne worker service for connecting to PingOne.

Population ID

The ID of the population in PingOne to check for users or provision new ones.

If not specified, the node uses the environment’s default population ID.

Anonymized user

When enabled, the node creates a user in PingOne with only a unique identifier and a language attribute.

It does not add any other profile attributes, helping prevent any personally identifiable information (PII) from being shared.

AM Identity Attribute

The attribute from the user’s PingOne Advanced Identity Cloud profile that the node uses as the username for the account created in PingOne.

When creating anonymized users, choose a profile attribute that does not contain PII.

Default: uid

Capture failure

Capture the details in shared state if a failure occurs.

The node stores the details in a variable named pingOneCreateUserFailureReason.

Default: False

Example:

{
  "code": "MISSING_ATTRIBUTE_FROM_PROFILE",
  "message": "Could not get attribute from user profile.",
  "exception": "",
}

Outputs

The node is non-interactive and does not send a callback to the client.

If the node was able to create a new user in PingOne it stores the PingOne user identifier in a state variable named pingOneUserId. For example a648aaac-ch15-b357-457b-8d2e714180ff.

If you select Capture failure, the node stores any error response in a shared state variable named pingOneCreateUserFailureReason.

Outcomes

True

The node created an account in PingOne.

False

The node did not create an account in PingOne.

The journey also uses this outcome if any error occurs. Enable Capture Failure to store the details in node state.

Example

The following example journey leverages PingOne Verify to perform user identity verification.

Example PingOne Verify journey
Figure 1. Example PingOne Verify journey
  • The user enters their credentials, which the Data Store Decision node then verifies against the identity store.

  • 1 The PingOne Identity Match node checks PingOne for a matching user.

  • 2 If a user is found, the PingOne Verify Completion Decision node checks the user’s most recent verification transaction to determine the status:

    Success

    The user successfully completed the most recent PingOne Verify transaction, so continue directly to the Success node, completing the authentication journey.

    Not Completed

    The user has an existing PingOne Verify transaction in progress, so continue the journey to resume the existing verification transaction.

    The node adds the user’s existing transaction ID to the shared node state in a variable named pingOneVerifyTransactionId.

    Not Started / Failure / Expired

    The user either does not have an existing transaction (Not Started), or did not successfully complete the most recent PingOne Verify transaction, or it expired, so continue the journey to start a new verification transaction.

  • 3 If a user is not found, the PingOne Create User node creates a new user in PingOne.

  • 4 The PingOne Verify Evaluation node starts a new PingOne Verify evaluation, or continues an existing one if pingOneVerifyTransactionId is present in the shared node state, and either completes or fails the journey based on the result.

Copyright © 2010-2024 ForgeRock, all rights reserved.