Close popover

Table of Contents

Mapping operator information for a SAML SSO authentication service

Version:

To enable the login process to authenticate the requestor, specify the attribute returned in the identity provider's SAML assertion that corresponds to the Pega Platform operator ID. You can also map other attributes from the SAML assertion to selected properties and pages that are used by your preauthentication and postauthentication activities or by other Pega Platform features such as access control policies.

  1. Open the service from the navigation panel in Dev Studio by clicking Records SysAdmin Authentication Service and choosing a service from the instance list. On the SAML 2.0 tab, navigate to the Operator identification section.

  2. In the Map operator id from section, select one of the following.

    • Name identifier in the subject
    • Attribute, then specify the attribute surrounded by braces, for example, {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress}

  3. Optional:

    To map additional attributes, click the Mapping tab.

  4. Optional:

    Map the attributes from your login process to properties and pages that are used by your preauthentication and postauthentication activities or elsewhere in Pega Platform.

    1. You can use the following properties and pages in the Map from field. You can also reference custom properties and pages that are used in a login flow, and you can use the Expression Builder.

      Page name Description
      pxRequestor The requestor page
    2. You can use the following properties and pages in the Map to field. You can also reference custom properties and pages that are used in a login flow.

      Page name Description
      OperatorID Properties of the operator ID
      D_pyOperatorAttributes Requestor-scoped data page for caching operator attributes
      D_pyOperatorDeviceInformation Requestor-scoped data page for caching operator device information
  5. You can also use the following properties and pages in the Map from field for a SAML authentication service.

    Page name Description
    D_SAMLAssertionDataPage The SAML assertion.
  6. Click Save.

  • Authentication services

    To override or extend the default authentication process, create and configure an authentication service.

  • More about authentication services

    This page describes additional topics relevant to authentication services that are not directly referenced on the rule form.

  • Configuring a SAML SSO authentication service

    After you create a SAML SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map attributes from the identity repository to properties in Pega Platform, and also configure optional features such as preauthentication and postauthentication activities and operator provisioning.

  • Expression Builder
Suggest Edit

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.