The 1Kosmos connector for PingOne DaVinci allows organizations to incorporate 1Kosmos passwordless biometric authentication into DaVinci identity orchestration flows.
Integration type
Auth/IDP
Overview
The connector performs an OIDC redirect from DaVinci to 1Kosmos for device-based biometric authentication, then redirects back to DaVinci to complete the authentication flow. This allows security teams to embed step-up authentication, identity verification, or passwordless login as a node within any DaVinci flow without custom development.
What we solve
Security teams need to add step-up authentication and verified identity checks into complex user journeys without rebuilding applications or writing custom code for each flow. This PingOne DaVinci connector lets teams drop 1Kosmos passwordless biometrics and verification into DaVinci orchestration as a reusable node, enabling consistent assurance for login and high-risk actions across journeys.
This integration uses the OIDC Authorization Code grant type with RS256 token signing.
Prerequisites
Active 1Kosmos tenant: Community administrator access to the AdminX portal is required. Contact 1kosmos.com/contact if your tenant is not yet provisioned.
PingOne DaVinci account: Administrator access to the DaVinci Connections and Flows interface.
1Kosmos OIDC application created: The integration requires a dedicated OIDC application in AdminX configured with DaVinci's redirect URL. This is created during setup.
Configuration values
Values to collect from DaVinci before configuring 1Kosmos:
|
|
Values to collect from 1Kosmos after creating the OIDC application:
|
|
|
|
|
|
|
|
|
|
|
|
Integration steps
Step 1: Create the 1Kosmos connector in DaVinci In DaVinci, navigate to the Connections page and click New Connection. Search for "1kosmos" and click the + icon to add the connector. Enter a name such as "1Kosmos OIDC" and click Create. Open the connector's actions menu and select Edit. Copy the Redirect URL; you will need this in the next step.
Step 2: Create the OIDC application in AdminX In the 1Kosmos AdminX portal, navigate to Applications → Add Application → OIDC → Add Integration. Enter a name such as "DaVinci OIDC" and configure the following settings:
|
|
|
|
|
|
|
|
Click Create. After the application is created, copy the Client ID and Client Secret from the connection details screen.
Step 3: Collect metadata endpoints from 1Kosmos In AdminX, navigate to Settings → Authorization Server and click the Metadata URI link. Copy the following values from the JSON metadata response:
Authorization Endpoint
Token Endpoint
User Info Endpoint
Issuer
Pasting the full metadata response into a JSON parser makes it easier to locate each field.
Step 4: Complete the connector configuration in DaVinci Return to DaVinci and open the 1Kosmos connector for editing. Paste the Client ID and Client Secret copied from AdminX. Then paste the Authorization Endpoint, Issuer, Token Endpoint, and User Info Endpoint copied from the 1Kosmos metadata response. In the Scope field, add openid, email, and profile. Toggle Send state with request to enabled. Click Apply to save.
Step 5: Add the connector to a flow In DaVinci, create or open a flow. Add an HTTP connector node configured as an HTML Form with an email field (property name: email, display name: Email). Connect the 1Kosmos connector node to the flow. In the 1Kosmos node configuration, select Redirect to 1Kosmos, add a query parameter with key login_hint, and set its value to the email output variable from the HTML Form node. Click Apply.
Step 6: Test the flow Click the play button in DaVinci to trigger the flow. Enter a test user email address in the HTML Form. The connector will redirect to the 1Kosmos login portal. Authenticate with 1Kosmos credentials to confirm the redirect and return flow is working. In production, the flow returns the user to the target application after successful authentication.
Integration notes
The login_hint parameter passed from the HTML Form pre-populates the user identifier in the 1Kosmos login portal, reducing friction during authentication. Scopes should include at minimum openid and email to return the identity claims required by most downstream DaVinci flow nodes.
For flows requiring identity verification rather than just authentication, contact your 1Kosmos representative to discuss configuring an IAL2 verification step within the flow.
