PingOne Advanced Identity Cloud

End-user UX journey flows

Journey flows define the sign-on experience for end users. The End-user UX options available in PingOne Advanced Identity Cloud offer two journey flows:

Not every end-user UX option supports both centralized and embedded journey flows. Learn more in Compare end-user UX options for more information.

Centralized journey flows

Centralized journey flows redirect end users to an external page to sign in. This is a common experience for most users. This approach is considered the security best practice for Advanced Identity Cloud, ensuring all your applications and websites can share the same, centralized authentication processes.

An example of a centralized journey flow is Google G Suite, where an end user is redirected to the same authentication page no matter which application they’re trying to access.

The following video shows a centralized journey flow with ForgeRock SDKs:

Use the hosted pages and the SDK end-user UX options to implement centralized journey flows.

Embedded journey flows

Embedded journey flows offer a more traditional sign-on experience, as end users are not redirected to an external page.

Embedded journey flows aren’t considered to be a security best practice for the following reasons:

  • Individual applications have access to end user’s credentials.

  • Individual applications have access to the authorization grant.

  • Each application must manually build in security during the sign-on process.

The following video shows an embedded journey flow with ForgeRock SDKs:

Use the Login Widget and the SDK end-user UX options to implement embedded journey flows.

Copyright © 2010-2024 ForgeRock, all rights reserved.