top of page
Stronger Identity,
Happier Customers.

Ready to modernize your identity infrastructure?

Let's secure your growth together.

Using BDD for Building User Journeys in PingOne AIC/AIS

  • Writer: Paul McKeown
    Paul McKeown
  • Aug 5
  • 4 min read
ree

Introduction to Behaviour-Driven Development (BDD)

Behaviour-Driven Development (BDD) is a collaborative software development methodology that bridges the communication gap between business stakeholders and technical teams. It extends Test-Driven Development (TDD) by using natural language constructs to define system behaviour from a user's perspective.

BDD encourages developers, QA engineers, product managers, and even non-technical stakeholders to collaboratively specify requirements using structured scenarios (e.g., Given-When-Then) which describe expected application behaviour in various contexts. This practice enhances shared understanding and reduces misinterpretation of business requirements.

As a software engineer at heart, I firmly believe in the value of comprehensive, early testing throughout project delivery. This is something that Midships embodies in all our deliveries and our clients value this attention to quality.

PingOne AIC refers to Ping Identity’s cloud-native CIAM platform (Advanced Identity Cloud).Ping AIS refers to its on-premises or hybrid counterpart (Advanced Identity Software).Unless stated otherwise, “PingOne” will collectively refer to both.

Benefits of BDD

  1. Improved CommunicationBDD focuses on conversation. The use of plain language to describe scenarios fosters a common vocabulary between business and technical teams.

  2. Living DocumentationThe structured scenarios act as executable documentation that evolves with the system and always reflects current behaviour.

  3. Shift-Left TestingBy designing tests before development starts, teams gain early insights into edge cases, helping to design more robust user experiences.

  4. Better Test CoverageSince BDD scenarios focus on business behaviour, they inherently cover real-world use cases. This leads to more meaningful test coverage compared to isolated unit tests.

  5. Reduces DefectsEarly alignment and executable specifications reduce the chances of misinterpretations, ultimately minimizing bugs downstream.


Importance of Testing CIAM User Journeys

In CIAM (Customer Identity and Access Management) platforms like PingOne AIC and Ping AIS, user journeys often span multiple services and systems. These journeys involve sensitive operations such as authentication, identity verification, MFA flows, and authorization.

Testing these journeys is crucial because:

  • They are security-critical and directly impact customer experience.

  • Flows are often customised per application/client.

  • Failures in these journeys can lead to high friction or security vulnerabilities.

Examples include:

  • Passwordless logins with magic links.

  • Adaptive authentication based on device risk.

  • Complex multi-system onboarding flows.

Automated BDD-style testing ensures that these behaviours remain consistent and secure through code changes and configuration shifts.


Advantages of Testing Early

  1. Catch Issues Before They EscalateIdentifying broken user flows or misconfigured policies during development prevents high-risk defects from reaching production.

  2. Faster Feedback LoopsDevelopers get immediate feedback when BDD scenarios fail during local development or CI pipelines.  With Midships' Cube and their local AIC development approach, you can build your changes and run them locally for the fastest possible AIC/AIS feedback loop.

  3. Reduced Cost of FixesBugs found earlier are significantly cheaper to fix than those discovered in staging or production.

  4. Supports Agile and DevOpsBDD tests integrated into CI/CD allow confident, iterative delivery of new identity features or configuration updates.


Intro to Framework: Jest and Supertest within Node.js

To implement BDD testing for PingOne’s APIs and user journeys, a practical approach is to use the Node.js ecosystem. Here's how:

Jest

Jest is a JavaScript testing framework developed by Meta. It offers:

  • Zero-config setup

  • Descriptive test syntax

  • Snapshot testing

  • Built-in mocking and assertions

It aligns well with BDD when using describe, test, and expect in readable ways.

Example:

describe('User Registration Flow', () => { 
  test('should allow new user to register with valid details', async () => { 
    const response = await registrationStep1Initiate(); 
    response = await registrationStep2ProvideUserDetails(response, userDetails); 
    expect(response.status).toBe(200); 
    expect(response.body.tokenId).toBeDefined(); 
  }); 
});

Supertest

Supertest is a Node.js library that simplifies HTTP assertions. It integrates well with Jest to simulate API calls and validate HTTP responses.

It’s ideal for testing PingOne’s REST endpoints like:

  • /json/realms/alpha/authenticate?realm=alpha&authIndexType=service&authIndexValue=Login 

  • /oauth2/realms/root/realms/alpha/authorize

  • /oauth2/realms/root/realms/alpha/access_token

Example:

const request = require('supertest'); 
describe("Login Success Tests", () => { 
  it("should receive a tokenId after successfully providing credentials", async () => { 
    let response = await loginStep1Initiate(); 
    response = await loginStep2ProvideCredentials(response, credentials); 
    expect(response.status).toBe(200); 
    expect(response.body.tokenId).toBeDefined(); 
  }); 
});

Structuring BDD Tests

Organize your test suites to reflect key identity scenarios:

  • Authentication: MFA, magic link, biometric flows

  • Authorization: Access token scopes, consent

  • Risk Signals: Geo-velocity, device fingerprinting

  • Recovery: Forgot password, account unlock

  • Onboarding: New versus existing customers


Midships' Approach to CIAM Quality

At Midships, we believe that delivering CIAM solutions isn’t complete until each user journey is validated and resilient. Every PingOne AIC / Ping AIS integration we deliver comes backed by a comprehensive, maintainable test suite built using BDD principles. These tests don't just verify technical correctness - they ensure real-world reliability and clarity for future development.

Our testing strategy encompasses all business functionality, edge cases, threat surfaces, and configuration nuances specific to the client's identity landscape. Whether you're dealing with adaptive authentication, high-assurance login flows, or third-party federation, we embed automated, contextual tests that reflect your precise security and usability expectations.

Interested in seeing how we approach CIAM delivery and testing? Reach out to sales@midships.io - we’d be happy to walk you through our frameworks and tooling in action.


Conclusion

Implementing BDD for PingOne AIC / Ping AIS user journeys ensures that critical identity flows are correct, secure, and continuously verified. By combining BDD principles with Node.js tools like Jest and Supertest, teams can establish a reliable test harness that catches issues early, promotes collaboration, and supports rapid, confident iteration of user-centric CIAM experiences.


Writer’s Overview

Paul McKeown – Chief Technology Officer, Midships

Paul is a seasoned engineering leader with 19 years in IAM, DevOps, and continuous delivery, with a specialty in ForgeRock and secure banking platforms. He’s delivered CIAM on Kubernetes for major banks in New Zealand and Australia.

Short bio: Paul blends engineering rigor with coaching excellence, driving Midships' technical strategy and delivery risk reduction practices across markets.

Comments

bottom of page