Close popover

Table of Contents

Security assets and the environment


Beyond authentication, authorization, and auditing, Pega Platform offers many other security features that you can configure, such as encryption, HTTP response headers, and Web Service Security profiles. Use these features to ensure that your system is as secure as possible.

  • Encrypting data

    To make your data more secure, you can select the type of encryption to use in your application to encrypt and decrypt passwords, properties, and BLOBs.

  • Keystores

    A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.

  • Encrypting system data by using a custom key management service

    You can encrypt system data by using an encryption key that is sourced from a custom key management service that is accessed from a data page. You source a key in this way when you use a key management service that is not one of the supported keystore platforms.

  • Changing the default keystore caching settings

    You can change the values of the KeyStoreCacheExpireTime and KeyStoreCacheSize settings to control how often the keystore cache is refreshed and to restrict cache size. The lower the values, the less memory is used, but processing power is reduced.

  • Importing an X.509 certificate

    You can import X.509 certificates that are defined in keystore instances of type JKS or PKCS12. They become active without your having to restart the server.

  • Securing your application for mashup communication

    If you use the mashup feature to embed Pega Platform content in an external application, define the external URLs that are allowed to access Pega Platform so that the host page can communicate with the mashup gadget page.

  • Securing an Activity

    You can better protect your application by limiting how an Activity can be executed and who may execute it by configuring Activity-specific access control.

  • Authentication

    Authentication in Pega Platform ensures that only users and systems whose identity has been verified can access your applications. Authentication in Pega Platform includes user logins, platform requests to external services, and external service requests to the platform. You can also authenticate by using an external identity provider.

  • Authorization

    Authorization in Pega Platform ensures that after users log in, they have access to only the platform features and data that they need for their work. Pega Platform offers three types of authorization: role-based access control, attribute-based access control, and client-based access control. You can use these authorization features together to provide the strictest level of control.

  • Auditing

    Pega Platform tracks many types of security events such as failed logins and password changes. You can optionally track many other types of security events, as well as changes to rules and data. By tracking these changes, you can understand how your system is functioning and be alerted of any potential problems.

  • Preparing your application for secure deployment

    Use the Application Security Checklist to prepare your application for deployment. By completing the tasks on this checklist, you can safeguard sensitive data and improve the security of your application.

  • Security guidelines for test environments

    As a best practice, configure the application server in your test environment to mirror a production environment configuration.

  • Security

    Pega Platform protects against a wide variety of security risks. Use the platform features related to authentication, authorization, and auditing to protect and monitor the use of your application. Pega Platform protects you against adverse security events, whether they be inadvertent or malicious.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.