PingOne DaVinci Connector
For SpyCloud Workforce Threat Protection
🔒 Workforce Identity Threat Protection for PingOne DaVinci
Leverage SpyCloud's recaptured darknet exposure data — from breaches, combolists, malware-infected devices, and successful phishing attacks — within PingOne DaVinci to check for exposed credentials during identity events and block the use of compromised credentials in near-real-time.
Benefits
- Continuously monitor compromised credentials used by your employees within PingOne DaVinci
- Block use of compromised credentials at account creation, login, or when resetting credentials
- Embed in onboarding or IT password reset flows to enforce password hygiene
- Enforce stronger authentication (MFA) by integrating with PingOne MFA
Prerequisites
- An active SpyCloud Workforce Threat Protection license with API access
- Access to the PingOne DaVinci console (console.pingone.com/davinci/)
- Your SpyCloud API Key
🚀 Quick Start
- Notify SpyCloud Support that your API key will be used for PingOne DaVinci so they can configure it correctly.
- Sign into the DaVinci console at console.pingone.com/davinci/.
- Navigate to Connections and select Add Connection.
- Search for SpyCloud Enterprise Protection and select it.
- Enter your SpyCloud API Key and save the connection configuration.
Once configured, you can use this connector in a flow. See below for example flows and use cases.
How It Works
During a password reset or password change event, the DaVinci flow passes the user's email address and newly selected password to SpyCloud via the SpyCloud connector. SpyCloud checks whether this credential pair appears within its exposure dataset and returns one of two results:
| Result | Meaning |
|---|---|
| Exposed | The email and password combination appears within SpyCloud's recaptured database |
| Not Exposed | No match found in SpyCloud's database |
Based on the result, your DaVinci flow can take the appropriate action:
- If exposed: Block the password reset and prompt the user to choose a different password.
- If not exposed: Allow the password reset to proceed and update the credential in PingOne.
Use Cases
| Workflow | What Happens |
|---|---|
| Password Reset / Change | Block employees from setting a compromised password that appears in SpyCloud's database |
| New Employee Onboarding | Enforce clean password hygiene from day one by checking credentials during account creation |
| Routine Exposure Checks | Automate periodic checks of employee credentials against SpyCloud's continuously updated breach dataset |
| Login / Auth Step-Up | Trigger MFA or escalate authentication policy if a credential exposure is detected at login |
🛠️ How It Works (Step by Step)
A typical password reset flow looks like this:
- Trigger — A password reset or password change event is initiated by the user.
- Collect credentials — The user's email address and newly selected password are captured.
- Query SpyCloud — The connector sends the email and password to SpyCloud to check if the credentials have been compromised.
- Evaluate result — SpyCloud returns
true(exposed) orfalse(not exposed). - Take action — Based on the result, enforce a new password selection, notify your security team, or allow the reset to proceed.
Additional Resources
- PingOne DaVinci Console
- SpyCloud on Ping Marketplace
- SpyCloud Workforce Threat Protection API documentation — available via your SpyCloud Customer Portal
Updated 2 days ago