PingOne DaVinci Administration (P1DV-400) Coming Soon

This course builds upon the Getting Started With PingOne DaVinci training to provide advanced techniques for designing, managing, and configuring production-ready identity orchestration solutions. Learners will master advanced Customer Identity and Access Management (CIAM) journeys, implementing registration, login, multi-factor authentication (MFA), and account recovery using PingOne platform services. The course covers advanced authentication patterns, including passwordless FIDO2 passkeys, social login, self-service profile and device management, and QR code-based sign-in scenarios. Participants will gain hands-on experience integrating PingOne Protect into DaVinci flows to define risk policies, configure predictors, and implement frictionless, conditional authentication based on detected threat levels. Through practical exercises, you will connect these orchestrated flows to a production-ready web application, using PingOne as the authorization server to implement secure OAuth 2.0(OAuth2) and OpenID Connect (OIDC) redirect-based authentication with comprehensive session management.


Prerequisites

The following are the prerequisites for successfully completing this course:

  • Completion of the Getting Started With PingOne DaVinci course
  • Basic understanding of JavaScript, HTML, CSS, and the PingOne Platform
  • PingOne DaVinci learning path
Show details


Course Contents

Chapter 1: Building CIAM Registration and Login Journeys

Design and implement production-ready CIAM registration, login, MFA, and account recovery journeys using DaVinci and PingOne platform services.

Lesson 1: Building a Registration Flow

Create a complete user registration journey that captures credentials, verifies email addresses through one-time password (OTP), establishes secure sessions, and tracks user behavior including flow completions and abandonments:

  • Review PingOne and DaVinci orchestration
  • Review registration patterns
  • Capture username and password
  • Verify email and create user in PingOne
  • Analyze registration analytics
  • Track flow completions and abandonments

Lesson 2: Building a Login Flow

Design comprehensive login journeys supporting password-based authentication, single sign-on (SSO) via DaVinci flows, and proper handling of abandonment scenarios:

  • Review login patterns
  • Log in with Password Journey
  • Handle account status in login flows
  • Design login unhappy paths

Lesson 3: Implementing Password Reset and MFA

Strengthen authentication journeys by implementing MFA and secure account recovery mechanisms:

  • Review MFA in login and recovery journeys
  • Add a TOTP device as MFA during registration
  • Set up MFA for login
  • Handle MFA failures and lockout policies
  • Track incorrect MFA attempts
  • Review password reset and account recovery patterns
  • Configure Forgot Password and Account Recovery
  • Add Forgot Password flow to the Login flow


Chapter 2: Building Advanced DaVinci Journeys

Design and implement advanced CIAM journeys using DaVinci, including passwordless authentication with FIDO2 passkeys, social login with external identity providers, self-service profile and device management, and QR code–based sign-in for physical store scenarios.

Lesson 1: Implementing Passwordless Authentication With Passkeys

Implement passwordless authentication with FIDO2 passkeys in registration and login journeys, including device nicknames and support for existing password-based flows:

  • Explain passwordless authentication and prepare PingOne for passkeys
  • Enable passkeys in the MFA policy
  • Add passkey registration to the user journey
  • Build a passkey registration journey
  • Improve passkey management and sign-in experience
  • Add device nicknames for passkey devices
  • Build a passkey authentication journey

Lesson 2: Integrating Social Login With External Providers

Integrate Google as an external identity provider (IdP) to support social registration and social login, allowing users to authenticate with an existing Google account:

  • Explain social login and prepare the external provider
  • Create a Google Developer account
  • Add an external IdP
  • Add social registration to the user journey
  • Configure social registration
  • Add social login to the user journey
  • Configure social login

Lesson 3: Managing Customer Profiles and Devices

Build a self-service profile experience that protects access to profile tasks, manages registered authentication devices, and supports secure password changes:

  • Secure profile access and profile navigation
  • Configure device limits
  • Add authentication to the profile flow
  • Create a profile landing page
  • Manage registered authentication devices
  • Display registered devices
  • Add a TOTP device branch
  • Add passkey device branch
  • Remove TOTP devices
  • Remove passkey devices
  • Support self-service password changes
  • Change the password branch

Lesson 4: Enabling Physical Store Sign-In With QR Codes

Implement QR code sign-in for physical store scenarios so customers can authenticate on a trusted mobile device while an agent-assisted session remains active on another device. This approach replaces knowledge-based authentication (KBA) with a stronger cross-device authentication pattern:

  • Explain QR code sign-in and challenge correlation
  • Build the in-band flow (agent’s computer)
  • Build the in-band and out-of-band authentication flows
  • Build the out-of-band flow (mobile authentication)
  • Validate the complete QR code journey
  • Test the complete QR code journey


Chapter 3: Enabling Risk-Based Authentication With PingOne Protect

Use PingOne Protect for threat protection and risk-based authentication by configuring risk predictors, defining risk policies, and integrating risk evaluation into DaVinci flows. Emphasize conditional authentication flows based on detected risk levels, requiring additional verification for suspicious login attempts while maintaining a frictionless experience for trusted users.

Lesson 1: Configuring PingOne Protect Predictors

Configure PingOne Protect risk predictors and policy thresholds so authentication and registration flows can detect and respond to potential security threats based on evaluated risk levels:

  • Explain risk-based authentication and PingOne Protect
  • Analyze key risk predictors
  • Configure key risk predictors
  • Apply risk policy thresholds
  • Configure risk policy thresholds

Lesson 2: Implementing Risk-Based Authentication With DaVinci Flows

Integrate PingOne Protect risk evaluation into DaVinci registration and login flows by collecting device signals, invoking threat detection subflows, applying risk-based branching, updating risk evaluation results, and sending new-device notifications:

  • Explain threat detection and risk evaluation in DaVinci flows
  • Review the Threat Detection subflow
  • Add risk-based evaluation to registration and login flows
  • Add risk evaluation to the registration flow
  • Implement risk-based registration branching and update the risk evaluation result
  • Add risk evaluation to the login flow
  • Implement risk-based login branching and update the risk evaluation result
  • Extend risk-based responses with notifications
  • Configure the New Device email notification


Chapter 4: Integrating DaVinci Flows With a Web Application

Connect the DaVinci flows built in previous chapters to a production-ready web application using PingOne

as the authorization server, implementing OAuth2/OIDC redirect-based authentication with session management.

Lesson 1: Converting Flows Into PingOne Flows and Setting Up Sessions

Convert DaVinci flows from standalone testing mode into production-ready PingOne flows, configure DaVinci applications and flow policies, and add session detection to prevent redundant reauthentication:

  • Explain integration methods and PingOne redirect flows
  • Convert flows into PingOne flows
  • Explain DaVinci applications and flow policies
  • Create flow policies
  • Establish session-based login
  • Set up session-based login

Lesson 2: Integrating a Web Application With DaVinci Flows

Configure a PingOne OIDC application, connect it to DaVinci flow policies, and integrate a web application with PingOne so redirect-based authentication and session-based login work end to end:

  • Explain OIDC application integration
  • Create an application in PingOne
  • Configure and validate web application integration
  • Set up the TelcoConnect application