Close popover

Table of Contents

Configuring operator provisioning for a basic authentication service

Version:

When an operator who is authenticated by using a data page and who is not defined in the Pega Platform database logs in for the first time, Pega Platform can automatically create the operator record. To do this, you configure operator provisioning for the authentication service. This configuration eliminates the manual step of adding the operator record.

If the operator record is already defined in Pega Platform, you can update it by creating a postauthentication activity.
  1. Open the service from the navigation panel in Dev Studio by clicking Records SysAdmin Authentication Service and choosing a service from the instance list, and then click the Basic credentials tab.

  2. In the Operator identification section, select Enable operator provisioning using model operator.

  3. To construct an operator by copying a specific model, click By name and enter a value for Model operator.

    This is the operator ID for the operator record to be copied. If the value contains a period ("."), enclose the value in double quotation marks, for example, "abc.def".

  4. To identify the model operator by using an expression, click By name, and next to the Model operator field, click the Build an expression icon and create an expression that returns the operator ID to be copied.

  5. To identify the model operator by using organizational information, click By organization hierarchy and enter values for Org (organization), Div (division), and Unit. You can also provide an expression for each of these fields.

    The Model User value in the Unit instance provides the model operator for constructing the new operator.

  6. To create the operator by using a data transform, click By data transform and enter the data transform name.

    The applies to class of the data transform must be Data-Admin-Operator-ID. For an example data transform, see pyDefaultForNonPegaOperator. If the data transform copies property values from a model operator, you must first create an operator instance in the database for the model operator. Otherwise, you do not need to create a model operator.

  7. At a minimum, you must provide values for the properties listed below before the postauthentication activity (if any) is run. You can populate them from the model operator or the data transform, or you can explicitly map to them by using the Mapping tab. Do not change them in the postauthentication activity.

    Property name Description
    OperatorID.pyAccessGroup Operator's default access group
    OperatorID.pyAccessGroupsAdditional List of all of the operator's access groups, including the default access group
    OperatorID.pyOrganization Organization
    OperatorID.pyOrgDivision Division
    OperatorID.pyOrgUnit Unit
    The value for the newly created operator ID (OperatorID.pyUserIdentifier) is the value from the main tab in the Map operator id from section.
  8. Click Save.

  • Authentication services

    To override or extend the default authentication process, create and configure an authentication service.

  • More about authentication services

    This page describes additional topics relevant to authentication services that are not directly referenced on the rule form.

  • Configuring a basic authentication service

    After you create a basic authentication service, configure it so that Pega Platform uses the specified security policies for authenticating users. You can also configure optional features such as preauthentication and postauthentication activities.

  • Keystores

    A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.

  • Expression Builder
Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.