LinkedIn
Copied!

Table of Contents

Authentication services and security policies

Version:

Only available versions of this content are shown in the dropdown

To improve security in authentication services that support security policies, you select which policies to enable by using the Security policies tab of the authentication service. You define the details of each policy, such as the minimum password length and the duration of a one-time password, on the Security Policies landing page.

All authentication services use the PRAuth servlet. However, for backward compatibility with earlier versions of Pega Platform, it is possible to authenticate by using PRServlet instead of PRAuth (in other words, the login URL includes /prweb/PRServlet). When PRServlet is used, security policies are enabled by using various controls on the Security Policies landing page.

For more information on URL patterns and servlet names, see Application URL patterns for various authentication service types.

For authentication services, enablement of security policies occurs as described below:

  • You enable specific policies from the Security policies tab for each authentication service, except for some that are always on, as noted below.
  • The Enable frequently required policies check box on the Security Policies landing page has no effect.
  • The Enable CAPTCHA Reverse Turing test module setting on the Security Policies landing page has no effect.
  • The Audit policy on the Security Policies landing page is always in effect, as are the security alerts that are configured on the Security Event Configuration landing page.
  • The Operator disablement policy on the Security Policies landing page is always in effect.
  • The User consent policy is enabled and disabled by using the Security policies tab of the authentication service, but it does not appear on the Security Policies landing page.
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.