Authentication flow states
An application’s sign-on policy determines the flow states and the corresponding actions required to complete an authentication workflow. When the authentication workflow begins, the flow gets the list of sign-on policies assigned to the application and evaluates the policy conditions that must be met to complete sign on. The sign-on policy evaluation logic is shown in the diagram below:
For more information about sign-on policies, refer to Sign-on policies, Sign-on policy actions, and Application sign-on policy assignments in the PingOne Platform API Reference.
Common authentication actions
The PingOne flow API supports single-factor and multi-factor actions to complete an authentication workflow. For a single-factor login flow, there are four branches that allow the user to submit a username and password (or create a new account). PingOne also supports an identity first discovery action that identifies the user and determines the user’s applicable identity provider and authentication methods. For a multi-factor authentication action, there are two branches in which either a one-time password (OTP) or a push confirmation is used as the second factor in the authentication workflow.
PingOne supports a progressive profiling action that prompts users to provide additional data at sign on. This action type does not authenticate users. It is used only to obtain additional profile data.
-
-
Sign on with username and password
-
Forgot password
-
Register user
-
Sign on with identity provider
-
-
-
Push authentication
-
|
For more information about flow states and their associated sign-on actions, refer to Flows in PingOne Platform Auth APIs. |