Configuring an OpenID Connect SSO authentication service
After you create an OpenID Connect SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map claims from the OpenID Connect provider to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities and operator provisioning.
Create an OpenID Connect authentication service, or open an existing service from the navigation panel in Dev Studio by clickingand choosing an OpenID Connect authentication service from the instance list.
In the Authentication service alias field, specify an alias to represent a unique value for this service. This value becomes the final part of the URL path for users to access Pega Platform.
- Login URL is a read-only field that displays the URL that accesses Pega Platform and uses this service for user authentication.
- Authentication flow is a read-only field that identifies the OAuth standard flow type for this authentication service.
In the Provider logo field, specify an image to display on the login screen that identifies this provider.
Configure the optional parameters of the service.
- Mapping operator information for an OpenID Connect SSO authentication service
- Specifying preauthentication and postauthentication activities for an OpenID Connect SSO authentication service
- Requiring reauthentication for new and expired sessions for an OpenID Connect SSO authentication service
- Configuring operator provisioning for an OpenID Connect SSO authentication service
- Enforcing policies from the Security Policies landing page