PingOne Protect Initialize node

Please note, this node only targets Identity Cloud hosted pages. In a future release, support for native devices will be incorporated through the ForgeRock SDK.

The PingOne Protect Initialize node initializes the PingOne Protect Web SDK on the client device. It uses configuration properties to gather behavioral biometrics and device data.

It is important to initialize the PingOne Protect SDK on the client device as early as possible so that it can gather sufficient contextual information to make risk evaluations.

Compatibility

Product	Compatible?
ForgeRock Identity Cloud	Yes
ForgeRock Access Management (self-managed)	Yes
ForgeRock Identity Platform (self-managed)	Yes

Product

Compatible?

ForgeRock Identity Cloud

Yes

ForgeRock Access Management (self-managed)

Yes

ForgeRock Identity Platform (self-managed)

Yes

For more information, refer to Threat Protection using PingOne Protect.

Inputs

This node has no required predecessor nodes.

It does not read from the shared node state.

Dependencies

This node requires a PingOne Service configuration so that it can connect to your PingOne instance and send it the necessary data to make risk evaluations as part of the journey.

Configuration

The configuration properties are as follows:

Property Usage

Property	Usage
PingOne Service ID	The ID of the PingOne service for connecting to PingOne.
Web SDK URL	The PingOne Protect SDK for Web URL.
Enable SDK Logs	Enables SDK log messages in the developer console. Default: `False`.
Device Attributes to Ignore	List of device attributes to ignore when collecting device signals.
Custom Host	Optional. The custom host to retrieve the PingOne token.
Lazy Metadata	When enabled (`True`), calculate the metadata on demand; otherwise, do it automatically on initialization. Default: `False`.
Collect Behavioral Data	When enabled (`True`), collect behavioral data. When disabled, (`FALSE`), no behavioral data is collected. Default: `True`.
Disable Hub	When enabled (`True`), the client stores the device data to the browser’s local storage only. When not enabled (`False`), an iframe (hub) is used. Default: `False`.
Device Key Rsync Intervals (in days)	The number of days used to window the next time the device attestation should use the device fallback key. Default: `14 days`.
Enable Trust	When enabled (`True`), tie the device payload to a non-extractable crypto key stored on the browser for content authenticity verification. Default: `False`.
Disable Tags	When enabled (`True`), collect tag data; otherwise, tag data is not collected. Default: `False`.

PingOne Service ID

The ID of the PingOne service for connecting to PingOne.

Web SDK URL

The PingOne Protect SDK for Web URL.

Enable SDK Logs

Enables SDK log messages in the developer console. Default: False.

Device Attributes to Ignore

List of device attributes to ignore when collecting device signals.

Custom Host

Optional. The custom host to retrieve the PingOne token.

Lazy Metadata

When enabled (True), calculate the metadata on demand; otherwise, do it automatically on initialization. Default: False.

Collect Behavioral Data

When enabled (True), collect behavioral data. When disabled, (FALSE), no behavioral data is collected. Default: True.

Disable Hub

When enabled (True), the client stores the device data to the browser’s local storage only. When not enabled (False), an iframe (hub) is used. Default: False.

Device Key Rsync Intervals (in days)

The number of days used to window the next time the device attestation should use the device fallback key. Default: 14 days.

Enable Trust

When enabled (True), tie the device payload to a non-extractable crypto key stored on the browser for content authenticity verification. Default: False.

Disable Tags

When enabled (True), collect tag data; otherwise, tag data is not collected. Default: False.

Outputs

The node sends a ScriptTextOutputCallback to the client application.

The callback initializes the PingOne Protect functionality so it can start gathering the data it needs to make risk evaluations.

Outcomes

Next: The client application confirmed successful receipt of the configuration.
Error: The client application did not confirm successful receipt of the configuration or returned a client error.

Messages

Warning messages:

'Cannot find PingOne Service'

Example

Refer to the Set up your journey section for an example of setting up this node in your journey.