LinkedIn
Copied!

Table of Contents

Creating an authentication service

Version:

Only available versions of this content are shown in the dropdown

To override or extend the default authentication process, create an authentication service. By creating an authentication service, you implement more specialized authentication requirements than the default, for example, to use pre-authentication and post-authentication activities.

To create an authentication service, you must have the pzCanCreateAuthService privilege, which is included in the PegaRULES:SecurityAdministrator role.

By default, your system includes a basic authentication service named Platform Authentication. You can save this service with a new name and change it, and you can create any type of authentication service, including the basic type of authentication service.

  1. In the header of Dev Studio, click Configure Org & Security Authentication Create Authentication Service .

  2. In the Authentication Type list, click the authentication service type.

    • Basic credentials – Authentication using a user ID and password, which can be stored in the Pega Platform database or an external source that is accessed by using a data page
    • SAML 2.0 – SAML 2.0 web SSO-based authentication
    • Custom – LDAP authentication or custom authentication protocol
    • Kerberos – Kerberos user credentials
    • OpenID Connect – OpenID Connect SSO-based authentication
    • Anonymous – Unauthenticated access that uses a model operator
    • Token credentials – Useful for offline mobile applications
  3. Enter a name and short description.

  4. Click Create and open.

  5. Configure your authentication service.

  • Creating a Google authentication service

    Create a Google SSO authentication service so that users can authenticate using Google as the identity provider.

  • Configuring login authentication with basic credentials

    After you create a basic authentication service, configure it so that Pega Platform uses the specified security policies for authenticating users. You can also configure optional features such as preauthentication and postauthentication activities.

  • Configuring SSO login authentication with a SAML identity provider

    After you create a SAML SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map attributes from the identity repository to properties in Pega Platform, and also configure optional features such as preauthentication and postauthentication activities and operator provisioning.

  • Configuring SSO login authentication with an OpenID Connect identity provider

    After you create an OpenID Connect SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map claims from the OpenID Connect provider to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities and operator provisioning.

  • Configuring login authentication for an anonymous operator

    After you create an anonymous authentication service, configure it so that Pega Platform can support guest users. You can map attributes from the model operator to properties in Pega Platform, and also configure preauthentication and postauthentication activities.

  • Configuring login authentication using LDAP and Active Directory
  • Configuring custom or Kerberos login authentication

    After you create a custom or Kerberos authentication service, configure it so that Pega Platform can connect to the repository and find the operator credentials. You can map attributes from the repository to properties in Pega Platform, and can also configure optional features such as authentication and time-out activities.

  • Testing login authentication services

    You can test and debug an authentication service in a development or staging environment by setting the appropriate log level.

  • Configuring login policies such as multi-factor authentication, CAPTCHA, and attestation

    You can make user authentication more secure by defining login policies for password requirements, multi-factor authentication, lockout policies, and other similar restrictions.

  • Attestation

    Depending on the security requirements for your application, you may need to use attestation to do business.

  • Configuring a token credentials authentication service

    After you create a token credentials authentication service, configure it so that Pega Platform uses the specified token provider for authenticating users. Select this type of service for offline mobile applications. You can map claims from the token to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities.


100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.