PingOne DaVinci Connector
For SpyCloud Workforce Threat Protection
🔒 Workforce Identity Threat Protection for PingOne DaVinci
Employees reuse passwords. Credentials get stolen in third-party breaches, malware infections, and successful phishes that are completely outside your organization's control, and PingOne DaVinci has no way of knowing whether a credential being presented is already in criminal hands.
The SpyCloud DaVinci Connector closes that gap.
Deployed as a drag-and-drop connector in the DaVinci flow studio, it checks employee credentials against SpyCloud's continuously updated database of recaptured identity data from the criminal underground at any workforce identity event — login, account creation, password reset, or IT onboarding — and drives automated enforcement directly within your existing flows.
RequirementAn active SpyCloud Workforce Threat Protection license with API access is required to use this integration.
🚀 Benefits
- Stop workforce account takeover (ATO) — block known-exposed credentials at account creation, login, and password reset before attackers can use them
- Enforce password hygiene at the orchestration layer you already use — no new tools or custom development required
- Trigger step-up MFA based on confirmed real-world exposure — not behavioral assumptions (requires integration with PingID)
- Get ahead of the threat — SpyCloud recaptures identity data from the criminal underground weeks to months before it surfaces publicly
- Deploy in minutes — the connector installs natively in DaVinci with no development sprint
📋 Prerequisites
- An active SpyCloud Workforce Threat Protection license with API access
- Access to the PingOne DaVinci console (console.pingone.com/davinci/)
- Your SpyCloud API Key
🛠️ Quick Start
- Notify SpyCloud Support that your API key will be used for PingOne DaVinci so they can configure it correctly.
- Sign into the DaVinci console at console.pingone.com/davinci/.
- Navigate to Connectors and select Add Connector.
- Search for SpyCloud Workforce Threat Protection and select it.
- Enter your SpyCloud API Key and save the connection configuration.
Once configured, you can use this connector in a flow. See the Use Cases section below for example workflows.
🔎 How It Works
A typical password reset flow looks like this:
- Trigger — A password reset, password change, login, or account creation event is initiated.
- Collect credentials — The user's email address and newly selected password are captured by the DaVinci flow.
- Query SpyCloud — The connector passes the credential pair to SpyCloud, which checks whether it appears in its recaptured database of identity data from the criminal underground.
- Evaluate result — SpyCloud returns
ExposedorNot Exposed. - Take action — Based on the result, the flow enforces a new password selection, routes to step-up MFA, notifies your security team, or allows the event to proceed.
| Result | Meaning |
|---|---|
| Exposed | The email and password combination appears in SpyCloud's recaptured database |
| Not Exposed | No match found in SpyCloud's database |
TipThe connector can be placed at any point in a DaVinci flow — not just password reset. Use it at login and account creation to catch exposed credentials across all workforce identity events.
🎯 Use Cases
| Workflow | What Happens |
|---|---|
| Password Reset / Change | Block employees from setting a password that appears in SpyCloud's recaptured database |
| New Employee Onboarding | Enforce clean credential hygiene from day one by checking passwords during account creation |
| Login / Auth Step-Up | Trigger MFA or escalate authentication policy when a credential exposure is detected at login |
| Routine Exposure Checks | Automate periodic checks of employee credentials against SpyCloud's continuously updated datase |
▶️ Demo
🔗 Additional Resources
- SpyCloud Quick Start Guide
- SpyCloud DaVinci Connector on Ping Marketplace
- SpyCloud Workforce Threat Protection
Updated about 16 hours ago