Journeys
PingOne Advanced Identity Cloud comes with pre-configured end-user journeys. A journey is an end-to-end workflow invoked by an end user or device. Advanced Identity Cloud provides templates for common end-user journeys; for example, account registration and sign-in.
You can use the Advanced Identity Cloud hosted pages theme editor to configure or modify the layout and appearance of journeys.
You can use the drag-and-drop journey editor to configure or modify the journey templates:
- Authentication template
-
Use the Login authentication template to configure sign-in journeys.
- User self-service templates
-
Use a self-service template to let end users manage their accounts or resolve simple password issues without having to engage a tenant administrator.
- Custom journey
-
Start with a blank canvas when you want to build a custom journey, and drag and drop nodes from the nodes list.
- Default end-user journey
-
The journey Advanced Identity Cloud displays to end users when they access a default webpage URL. For example, application webpages commonly display a sign-in link. When the end user clicks the link, the Login journey is invoked by default.
Set a default end-user journey as follows:
-
Set a new journey as the default:
-
In the Advanced Identity Cloud admin UI, click Journeys and New Journey.
-
On the New Journey page, enable the option Default journey for end users.
-
-
Set an existing journey as the default:
-
In the Advanced Identity Cloud admin UI, click Journeys to view the list of journeys.
-
Select a journey, and click and Set as default.
-
-
- Device profiling support
-
Use the ForgeRock SDKs to create authentication journeys based on device context. Learn more in Configure device profiling authentication.
- Scripting
-
Add JavaScript to a Scripted Decision node to customize the outcome of an authentication journey.
Use the auth scripting editor to do the following:
-
Manage scripted decision node scripts directly from within a scripted decision node
Authentication templates
Login
Create a basic Login journey for end users to authenticate and sign in to an app or service with a username and password.
-
In the Advanced Identity Cloud admin UI, go to Journeys > Login.
-
Hover over the journey schematic, and click Edit.
-
Enter information for each node in the journey:
-
To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.
-
When you’re satisfied with your journey, click Save.
Learn more about the Login journey in Login with self-service.
If you implement account lockout using the Account Lockout node, it creates a persistent lockout on user accounts. User accounts can be unlocked by a tenant administrator. Advanced Identity Cloud also supports configurable persistent and duration account lockout. Learn more in Account lockout. |
Device profiling
Use the ForgeRock SDK to create journeys that let inanimate objects authenticate based on device context. Cell phones and smartwatches are examples of devices that have their own identities. Device context provides Advanced Identity Cloud with information about how or where a device is used to authenticate.
For detailed instructions, learn more in Configure device profiling authentication.
User self-service templates
Registration
Create a registration journey to let end users create their own account for an app or service.
-
In the Advanced Identity Cloud admin UI, go to Journeys > Registration.
-
Hover over the journey schematic, and click Edit.
-
Enter information for each node in the journey:
Learn about all available nodes in Nodes for journeys.
-
To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.
-
When you’re satisfied with your journey, click Save.
Learn more about the Registration journey in User self-registration.
Progressive profile
Create a Progressive Profile journey to trigger a conditional event in the journey.
The default journey triggers a reminder to set preferences for receiving news and special offers. The reminder is displayed only if the end user logs in three times without selecting preferences. If the end user makes no selection, the reminder expires and is not displayed again. If the end user selects one or more options, the preferences get set in the end user’s profile.
-
In the Advanced Identity Cloud admin UI, go to Journeys > Progressive Profile.
-
Hover over the journey schematic, and click Edit.
-
Enter information for each node in the journey:
Learn about all available nodes in Nodes for journeys.
-
To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.
-
When you’re satisfied with your journey, click Save.
Learn more about the Progressive Profile journey in Progressive profile.
Update password
Create an Update Password journey to let end users change their passwords. End users may be required to change passwords at regular intervals or if a password is compromised.
-
In the Advanced Identity Cloud admin UI, go to Journeys > Update Password.
-
Hover over the journey schematic, and click Edit.
-
Enter information for each node in the journey:
Learn about all available nodes in Nodes for journeys.
-
To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.
-
When you’re satisfied with your journey, click Save.
Learn more about the Update Password journey in Password updates.
Reset password
Create a Reset Password journey to let end users change their existing passwords. End users typically reset their passwords when they’ve forgotten the password they set.
-
In the Advanced Identity Cloud admin UI, go to Journeys > Reset Password.
-
Hover over the journey schematic, and click Edit.
-
Enter information for each node in the journey:
Learn about all available nodes in Nodes for journeys.
-
To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.
-
When you’re satisfied with your journey, click Save.
Learn more about the Reset Password journey in Password reset.
Forgotten username
Create a Forgotten Username journey to let end users retrieve their username from their user account data.
-
In the Advanced Identity Cloud admin UI, go to Journeys > Forgotten Username.
-
Hover over the journey schematic, and click Edit.
-
Enter information for each node in the journey:
Learn about all available nodes in Nodes for journeys.
-
To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.
-
When you’re satisfied with your journey, click Save.
Learn more about the Forgotten Username journey in Username recovery.
Custom journeys
Create a custom journey when none of the ready-to-use templates suits your needs.
-
In the Advanced Identity Cloud admin UI, click Journeys.
-
Click + New Journey.
-
Enter journey details:
-
Name: Name to display in the Journeys list.
-
Identity Object: Identifier for the user or device to authenticate.
-
(Optional) Description: Summarize end user interaction.
-
(Optional) Tags: For organizing journeys to make them easier to find.
-
-
(Optional) To override the default theme for the realm, select the Override theme checkbox, then select a theme from the Theme list.
-
(Optional) Select the Inner Journey checkbox to allow the journey to run only inside another journey. This prevents end users from directly accessing the journey in the Advanced Identity Cloud login UI.
-
Click Create journey.
-
Use the journey editor to create your custom journey.
Drag nodes from the palette and arrange them on the blank canvas. -
Provide information for each node, and connect nodes.
Learn about all available nodes in Nodes for journeys.
-
To test the journey, copy the Preview URL, and paste the URL into a browser using Incognito mode.
-
When you’re satisfied with your journey, click Save.
Deactivate journeys
Deactivate a journey to prevent end users using it to authenticate. If you deactivate it, you can reactivate it at any time.
For example, if you are building a new journey in your development environment and you need to run a promotion, you can deactivate the journey prior to the promotion so that there’s no risk of the journey being discovered and used by end users in your upper environments and potentially allowing insecure access. You can activate the journey in your development environment again after a promotion.
Ping Identity recommends you deactivate any default journeys not in use. Learn more in Deactivate unused or insecure journeys.
-
In the Advanced Identity Cloud admin UI, go to Journeys to view the existing journeys list.
-
Find the journey.
-
Click its More () menu:
-
To deactivate the journey, choose Deactivate, then in the Deactivate Journey dialog, click Deactivate.
-
To activate the journey, choose Activate.
-
You can also deactivate and activate a journey using the More () menu in the journey editor.
Duplicate journeys
Duplicate a journey to preserve a template for future use. For example, if you are testing a journey, start with a duplicate. Give the duplicate journey a unique name.
Create a duplicate journey in the following ways:
-
Click Journeys to view the existing journeys list. Find the template name. Then, click its More () menu, and choose Duplicate.
-
In the Journey editor, click More (), and choose Duplicate.
Export journeys
You can export journeys, including all dependencies like nodes, inner journeys, and scripts of any type apart from library scripts.
Use this feature to export journeys from one environment, such as a development environment, to another.
-
In the Advanced Identity Cloud admin UI, go to Journeys.
-
Check the checkbox beside one more journeys.
-
Click Export.
-
View the information on the Export Journeys page.
-
Click Export.
Import journeys
You can import journeys, including all dependencies such as nodes, inner journeys, and scripts, and scripts of any type apart from library scripts.
Use this feature to import a journey from one environment, such as a development environment, to another.
-
In the Advanced Identity Cloud admin UI, go to Journeys, and click Import.
-
Download or skip back up:
-
Download a backup of your existing journeys so that you can restore them in case of error or unexpected behavior during or after import:
-
To view the backup summary, click Show backup summary.
-
Click Download Backup.
-
-
Skip the download:
-
Click Skip Backup.
-
In the dialog box, click Skip Backup again.
-
-
-
Configure the import:
-
On the Import Journeys page, browse to and select a JSON file that contains the journey’s configurations to import.
-
Select the identity object that the journey authenticates.
-
In the Conflict Resolution section, choose how the system resolves import conflicts:
-
Overwrite all conflicts (default)
-
Manually pick conflict resolution
-
-
Click Next.
-
Review the information on the Import Summary page.
-
Click Start Import.
-
On the Import Complete page, click Done.
-