Close popover

Table of Contents

Managing security policies


Enable security policies for user authentication and session management to improve application security. You can control the strength of user IDs and passwords, manage session time-outs and the disabling of operator IDs, control the auditing of login events, and implement CAPTCHA and multifactor authentication.

To manage security policies, you must have the pzViewAuthPoliciesLP privilege, which is included in the PegaRULES:SecurityAdministrator role.

The password, lockout, audit, and operator ID disablement security policies are supported in offline-enabled applications. Multifactor authentication policies are applied only when two-factor authentication is used in custom authentication policies and in application case flows. The operator disablement policy is not enforced unless the Disable Dormant Operators agent is enabled.

  1. In Dev Studio, click Configure Org & Security Authentication Security Policies .

  2. Configure the following policies:

    • Password policies
    • CAPTCHA policies
    • Lockout policies
    • Audit policy
    • Multi-factor authentication policies (using one-time password)
    • Operator disablement policy

    For more information about security policies settings, see Security policies settings

  3. Click Submit.

  • Defining security policies

    To define security policies for user authentication and session management, use the Security Policies tab.

  • Configure system settings from Dev Studio

    To configure your system, use the Dev Studio Configure System Settings menu.

  • Pega-RulesEngine agents

    The agents support periodic maintenance of the system cache, event processing, the Property Optimization tool, and report statistics. In a multinode cluster, you can enable these agents on multiple nodes.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.