An authentication flow can prompt users to consent to (or reject) an agreement. The agreement to which users must consent is configured in the sign-on policy. The flow determines whether consent is required based on the agreement configuration and the user’s consent history. If the user does not have any recorded consents that satisfy any of the agreement languages, then the flow requires user consent.

The POST /{environmentId}/flows/{flowId} operation uses the application/vnd.pingidentity.user.consent+json custom media type in the request header to specify that a consent action is required.