Controlling access to and from external applications
You can configure Pega Platform to access external systems to retrieve data and perform application processing. Similarly, you can allow external systems to access services in Pega Platform. By communicating with external systems, you can make use of functionality that has already been configured, and avoid the need to duplicate the same functions in multiple applications.
The following topics describe the authentication features of Pega Platform. For information about the topology of relationships with external systems, see Integrating your application with external resources.
- Creating an authentication profile
Create an authentication profile to move messages securely to and from your application with a variety of connector and server rules.
- Setting up an OAuth 2.0 client registration
Configure an OAuth 2.0 client registration data instance to allow an external application or mobile native application to access Pega Platform REST services over HTTPS.
- Creating and configuring an OAuth 2.0 provider
To enable your application to securely access an external application over HTTPS, create an OAuth 2.0 provider data instance.
- Creating an identity mapping data instance
If you use OAuth 2.0 Client Registration instances that authenticate users through a SAML 2.0 Assertion, JSON Web Token, or custom source, you need to specify how the Pega server identifies an operator and how to map the user identity information for use in the Pega application.
- Integrating your application with external resources
- Mitigating common security vulnerabilities
In addition to the policies on the Security Policies landing page, Pega Platform offers additional security restrictions that control cross-site request forgery (CSRF), content security policies (CSP), cross-origin resource sharing (CORS), and others. Use these features to ensure that your system is as secure as possible.