Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Configuring SSO and LDAP

Updated on February 19, 2021

Deployment Manager supports LDAP and Single Sign-On (SSO) authentication, and assigns users roles based on the configuration settings in the active directory and SSO.

When a role other than SuperAdmin is specified for an operator, an application must be provided. Applications needed for the operator must be mapped to the accessibleApplications property when configuring LDAP and SSO. This property extends application accesses for each operator without SuperAdmin privileges. To assign the attribute to an operator, you must create the accessibleApplications property and provide the unauthenticated user access to the property.
  1. Create a new ruleset and create the property accessibleApplications. Set the class as Data-Admin-Operator-ID.
  2. Create a new application and add the ruleset above in the application stack.
  3. Create a new Access Group and provide access to the new application that you create in step 2.
  4. Add the Access Group to the Access Group Name field in the Browser Requestor Type screen.
    Configure the LDAP or SSO authentication service to map attributes to the accessibleApplications property, as shown in the following figures:

    LDAP mapping

    SSO mapping

  5. To map applications externally, set dynamic system setting PegaDevopsShared • deploymentmanager/security/external_apps_mapping/enabled to True. If this is set to False, applications updated for operators in Deployment Manager will take precedence, and applications mentioned in the LDAP/SSO directory will not be applicable.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us