Skip to main content

Table of Contents

Configuring Pega Robot Runtime for RDA mode to support OAuth SAML 2.0

Complete the following steps so that OAuth SAML 2.0 is supported in Pega Robotic Automation Runtime and RDAs can retrieve their package assignments using SSO authentication.

  1. In Pega Robotic Automation Security Token Service, export the public certificate in .pfx format.

    For more information, see the Pega Robotic Automation Security Token Service User Guide on Community.
  2. Configure Pega Platform:

    1. Configure the DefaultAuthenticationTypeForRuntimeOnlyUser Dynamic System Setting to have a value of SSO.

      This setting ensures that new Pega Robotic Automation Runtime user accounts that you create in Pega Robot Manager are preconfigured for SSO authentication.
    2. Configure the RoboticsSSO service package to use single sign-on.

      For detailed information, see the Configuring authentication for new users.
    3. Create OAuth 2.0 Client registration, identity mapping, and keystore rules.

      For more information, see the Configuring OAuth 2.0 with SAML bearer assertion for single sign-on.
    4. Ensure that the user that you want to provision has a Pega Platform operator ID.

      The UPN can be obtained from Active Directory. The operator ID should only include the first part of the fully qualified domain name. For example, if the user UPN is, the operator ID should be username@sub.
  3. Configure the CommonConfig.xml file:

    1. In the Servers section, find the Server element with the name RobotManager.

      For example, <Server name="RobotManager" enabled="true" baseURL="" RPA="false" workgroup="My Group" robotName="{MachineName}" authenticationType="Basic"/>.
    2. Set the enabled attribute to true.

    3. Set the baseURL attribute to the Pega Platform URL on which Pega Robot Manager and ensure that it ends with prweb.

      For example,
    4. Set the RPA attribute to false.

    5. In the Servers section, find the Server element with the name IdP or ADFS.

    6. Set the enabled attribute to true.

    7. Set baseURL attribute to the STS authentication endpoint.

    8. If there are elements for both servers, delete the ADFS element, because it is deprecated.

  4. Configure the RuntimeConfig.xml file by setting the Robotics/PackageServer/baseUrl attribute to use the Pega Robotic Automation Package Server URL for package deployment.

  5. Start Pega Robotic Automation Runtime to automatically log in to it.

  • Pega Robot Manager authentication mechanisms

    Pega Robot Manager supports Basic authentication, OAuth 2.0 with SAML bearer, and Kerberos to authenticate client requests from Pega Robotic Automation Studio and Pega Robotic Automation Runtime.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us