Skip to main content

Table of Contents

Enabling Pega Platform to support Kerberos single sign-on


Only available versions of this content are shown in the dropdown

On a running Active Directory (AD) server, you can enable Pega Platform, running on an Apache Tomcat server, to use Kerberos authentication.

Perform the following steps to enable single sign-on (SSO) by using Kerberos:

  1. Configuring Active Directory to use Kerberos

    After you create users and systems inside an AD domain, define the Pega Platform server and configure service principal names (SPNs) for users. Kerberos uses SPNs, which uniquely identify service instances, to associate a service with a service logon account.

  2. Configuring Tomcat to enable client systems to connect to Pega Platform

    Configure Tomcat with SPNEGO libraries so that client systems can connect to Pega Platform.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us