FAQ
ForgeRock Identity Cloud

FAQ: Journeys in Identity Cloud

Last updated Sep 22, 2021

The purpose of this FAQ is to provide answers to commonly asked questions regarding end-user journeys in Identity Cloud.


Frequently asked questions 

Q. How can I collect multiple attributes in the same node where some are required and some are optional?

A. If you include multiple attributes in a single Attribute Collector Node, they must all be required or all optional.

If you want attributes to have different validation options, you can use multiple Attribute Collector nodes to specify whether individual attributes are required or optional. You can then include these Attribute Collector nodes in a single Page Node to present them on the same page in the end-user journey.

Q. How do I know what policy will be used to validate a user's input?

A. When you use the Attribute Collector Node for user input, you can choose whether the input value for an attribute is validated or not by selecting the  Validate Input option.

To find out what validation policies are defined for an attribute, you can navigate to: Native Consoles > Identity Management > Configure > Managed Objects > [Managed Object Type] and click the name of the attribute (property) you are interested in. On the Validation tab, you will see a list of policies that have been added to the attribute. See Default Policy Reference for further details about these policies.

Q. When is an attribute validation policy evaluated?

A. If an attribute has a validation policy attached to it, the policy will always be evaluated when there is user input, even if the attribute has been marked as optional in the Attribute Collector node. If a non-required field has data within it, the policy will be evaluated. 

Note

If you have a Scripted Decision Node that removes an attribute’s value (that is, by setting the value to null), then all policies attached to all attributes for the managed object (for example, alpha_user) will be re-evaluated when the object is updated/patched with the null value.

Q. How do I ensure a user input attribute is mandatory when I use policy validation?

A. If you are using policy validation with an Attribute Collector Node, you can add the not-empty validation policy to the attribute to ensure the field cannot be left blank. 

To make an attribute mandatory:

  1. Add a new policy by navigating to: Native Consoles > Identity Management > Configure > Managed Objects > [Managed Object Type] and clicking the name of the attribute (property) you want to make mandatory.
  2. Select the Validation tab, click Add Policy, enter not-empty in the Policy Id field and click Add.
  1. Return to the Attribute Collector node in your journey and make the following changes to ensure policies are used which give user feedback:
    • Deselect the All Attributes Required option.
    • Select the Validate Input option.

Q. How do I return a custom error message using the Scripted Decision node?

A. You can include the following in your script to define a custom error message:sharedState.put("errorMessage", "custom error message") outcome = "false" For example, if you would like to see a custom authentication failure response such as:{"code":401,"reason":"Unauthorized","message":"Token registration not possible"}Instead of the standard:{"code":401,"reason":"Unauthorized","message":"Login failure"} Your script would look similar to the following example:if (sharedState.get('transaction_mfa_option') != 'MFA') { logger.warning('Register Token not allowed for MFA option:' + sharedState.get('transaction_mfa_option')) sharedState.put("errorMessage", "Token registration not possible") outcome = "false" }else{ outcome = "true" }

Q. How can I reference environment-specific secret or non-secret values in a Scripted Decision node?

A. You can add a variable to a script that references a secret or non-secret value in your Development environment. This variable then allows different values to be used in your other environments.

See How do I reference an environment-specific secret or non-secret value from a script in the Identity Cloud? for further information and instructions.

Q. How do I debug an end-user journey?

A. You can include a Scripted Decision node in your journey for debugging. See GitHub: Scripted Decision Debugger for some examples to get you started. 

You can insert a Scripted Decision node such as this at each stage of the journey that you want to debug. This node will then send script debug statements to the browser with the caught error, sharedState content or even just a simple message such as passed.

Caution

Please be aware that script debug statements will be visible to ForgeRock support, so you should ensure you do not log any personally identifiable information (PII) or any sensitive information. 

Writing scripts for end-user journeys is outside the scope of ForgeRock support; if you want more tailored advice, consider engaging Deployment Support Services.  

See Also

Manage Journeys


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.