Enforcing policies from the Security Policies landing page
You can configure your SAML SSO authentication service to enforce security policies that are defined on the Security Policies landing page.
Open the service from the navigation pane in Dev Studio by clicking Security policies tab.and choosing a service from the instance list, and then click the
Click the Add item icon to specify a security policy.
In the Policy type list, select the policy to enforce.
- If you select Multi-factor authentication, you must map properties such as email address or phone number from the email or SMS receiver account by using the Mapping tab.
- If you select User consent, the section pyPostAuthConsentScreen is displayed to the user after authentication. You can customize this section.
- If you select CAPTCHA, the settings on the Security Policies landing page take effect as described below.
- If you set the value of Enable presentation of CAPTCHA upon initial login to Enabled, the CAPTCHA is displayed for every login.
- If you set the value of Enable presentation of CAPTCHA upon initial login to Disabled, the CAPTCHA is displayed according to the probability that you set in the Probability that CAPTCHA will be presented upon authentication failure (%) field.
- Authentication services
To override or extend the default authentication process, create and configure an authentication service.
- Authentication services and security policies
To improve security in authentication services that support security policies, you select which policies to enable by using the Security policies tab of the authentication service. You define the details of each policy, such as the minimum password length and the duration of a one-time password, on the Security Policies landing page.
- Configuring a SAML SSO authentication service
After you create a SAML SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map attributes from the identity repository to properties in Pega Platform, and also configure optional features such as preauthentication and postauthentication activities and operator provisioning.
- Defining security policies
To define security policies for user authentication and session management, use the Security Policies tab.