Identity Cloud

PingOne Protect Initialize node

Please note, this node only targets Identity Cloud hosted pages. In a future release, support for native devices will be incorporated through the ForgeRock SDK.

The PingOne Protect Initialize node initializes the PingOne Protect Web SDK on the client device. It uses configuration properties to gather behavioral biometrics and device data.

It is important to initialize the PingOne Protect SDK on the client device as early as possible so that it can gather sufficient contextual information to make risk evaluations.


Product Compatible?

ForgeRock Identity Cloud


ForgeRock Access Management (self-managed)


ForgeRock Identity Platform (self-managed)


For more information, refer to Threat Protection using PingOne Protect.


This node has no required predecessor nodes.

It does not read from the shared node state.


This node requires a PingOne Service configuration so that it can connect to your PingOne instance and send it the necessary data to make risk evaluations as part of the journey.


The configuration properties are as follows:

Property Usage

PingOne Service ID

The ID of the PingOne service for connecting to PingOne.


The PingOne Protect SDK for Web URL.

Enable SDK Logs

Enables SDK log messages in the developer console. Default: False.

Device Attributes to Ignore

List of device attributes to ignore when collecting device signals.

Custom Host

Optional. The custom host to retrieve the PingOne token.

Lazy Metadata

When enabled (True), calculate the metadata on demand; otherwise, do it automatically on initialization. Default: False.

Collect Behavioral Data

When enabled (True), collect behavioral data. When disabled, (FALSE), no behavioral data is collected. Default: True.

Disable Hub

When enabled (True), the client stores the device data to the browser’s local storage only. When not enabled (False), an iframe (hub) is used. Default: False.

Device Key Rsync Intervals (in days)

The number of days used to window the next time the device attestation should use the device fallback key. Default: 14 days.

Enable Trust

When enabled (True), tie the device payload to a non-extractable crypto key stored on the browser for content authenticity verification. Default: False.

Disable Tags

When enabled (True), collect tag data; otherwise, tag data is not collected. Default: False.


The node sends a ScriptTextOutputCallback to the client application.

The callback initializes the PingOne Protect functionality so it can start gathering the data it needs to make risk evaluations.



The client application confirmed successful receipt of the configuration.


The client application did not confirm successful receipt of the configuration or returned a client error.


Warning messages:

  • 'Cannot find PingOne Service'


Refer to the Set up your journey section for an example of setting up this node in your journey.

Copyright © 2010-2024 ForgeRock, all rights reserved.