Close popover

Table of Contents

Configuring the client registration for Pega Infinity Mobile Client authentication against an external OIDC server

Version:

Configure client registration to increase the security of your application, by enabling authentication against an external OpenID Connect (OIDC) identity provider (IdP) for Pega Infinity Mobile Client.

Register your application with an external OIDC IdP, for example, Google, and then obtain the parameters that you must then enter in Pega Platform. For the list of parameters to gather, see Custom parameters for direct authentication against an external OIDC server.
Ensure that the OIDC IdP derives the Audience claim from the Client ID value. For more information, see the documentation for the selected OIDC IdP.
  1. In the header of Dev Studio, click Create Security OAuth 2.0 Client Registration .

  2. On the Create OAuth 2.0 Client Registration screen, enter the name and a short description of the client, and then click Create and open.

  3. In the Client credentials section, select Confidential.

  4. Click View & download, and then download the text file with client registration parameters by clicking Download credentials.

  5. In the Supported grant types section, clear any selected options, and then select the JWT bearer check box.

  6. In the Identity mapping box, specify the identity mapping:

    • To use an existing identity mapping data instance, in the list of entries, select a JSON Web Token identity mapping instance, and then go to step 12.
    • To create a new identity mapping data instance, click the Open icon.
  7. On the Create Identity Mapping screen, enter the name and a short description of the identity mapping instance, and then click Create and open.

  8. In the Token processing profile field, specify the profile for validating the token:

    • To use an existing token processing profile, in the list of instances, select an existing JSON Web Token token processing profile, and then go to step 11.
    • To create a new token processing profile, click the Open icon.
  9. On the token processing profile configuration screen, in the Claims validation section, define the validation parameters:

    1. In the Issuer (iss) field, enter the address of an external OIDC authentication server.

    2. In the Audience (aud) field, enter the Client ID value that you obtain from the OIDC authentication server.

  10. On the token processing profile configuration screen, save the token processing profile by clicking Save.

  11. On the identity mapping profile configuration screen, save the identity mapping by clicking Save.

  12. On the client registration configuration screen, save the client registration by clicking Save.

  • Configuring direct authentication against an external OIDC server for Pega Infinity Mobile Client

    Increase the security of your application by configuring Pega Infinity Mobile Client to authenticate mobile users directly against an external OpenID Connect (OIDC) identity provider through the OIDC authorization code authentication flow.

  • Selecting an authentication service

    Build safe mobile apps by selecting an authentication source that matches your security requirements. For example, you can use the default account authentication to effectively build secure apps that users can access with Pega Platform credentials.

  • OAuth 2.0 client registrations

    The OAuth 2.0 protocol allows mobile native applications and external applications such as Facebook and Google to communicate securely with Pega Platform over HTTPS. You define OAuth 2.0 client registration data instances to allow external applications to access Pega Platform REST services by using access tokens.

  • Identity mapping

    The Identity Mapping rule form allows you to specify how to identify an operator from a SAML 2.0 Assertion, JSON Web Token, or custom source.

  • Token profile data instance

    Create a JSON Web Token (JWT) profile data instance to confirm a user's identity between two different processes. JSON Web Token (JWT) is an open standard that defines a compact and self-contained method to securely exchange information between different parties as a JSON object. For example, the token can contain information about a user that can be used by another party to validate the identity of the user.

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.