Skip to main content

Table of Contents

Configuring login authentication with basic credentials


Only available versions of this content are shown in the dropdown

After you create a basic authentication service, configure it so that Pega Platform uses the specified security policies for authenticating users. You can also configure optional features such as preauthentication and postauthentication activities.

You must complete the following task before you can configure a basic authentication service: Creating an authentication service.

The default means of authentication for Pega Platform is a basic authentication service that is named Platform Authentication. All basic authentication services include support for mobile OAuth 2.0 authentication with proof key for code exchange (PKCE).

  1. Create a basic authentication service, or open an existing service from the navigation panel in Dev Studio by clicking Records > SysAdmin > Authentication Service and selecting a basic credentials authentication service from the instance list.

  2. In the Authentication service alias field, specify an alias to represent a unique value for this service. This value becomes the final part of the URL path for users to access Pega Platform.

    Login URL is a read-only field that displays the URL that accesses Pega Platform and uses this service for user authentication.
  3. Optional:

    In the Provider logo field, specify an image to display on the login screen that identifies this provider.

  4. Optional:

    To authenticate new sessions against an external data source instead of the Pega Platform database, select the Verify credentials using external identity store check box and enter a name for Data page for credentials verification. For example, to verify the identities of external customers, follow these steps:

    1. Create a requestor-scope read-only data page, with object type equal to Data-Admin-Operator-ID. Save the data page to the unauthenticated ruleset.

    2. Create a data transform with an applies to class equal to Data-Admin-Operator-ID and having input parameters for user name and password. Validate the user name and password against the external data source. In the data transform, when the input parameters are valid, set .pyApproveStatus to true. Save the data transform to the unauthenticated ruleset.

    3. On the data page, set the data source equal to the data transform that you just created.

    4. On the authentication service, set Data page for credentials verification equal to the name of the data page you just created.

    5. At run time, if the operator authenticates against a data page and the operator does not exist in the Pega Platform database, the operator must be provisioned (or added to the Pega Platform database). For information about operator provisioning, see Configuring operator provisioning for a basic authentication service.

  5. In the Map Operator Id field, provide an expression for deriving the operator ID from the user name that is entered at the time of authentication. To use the Expression Builder, click the Build an expression icon.

    For example, a user could log in with an email address such as, but the operator ID is User123. Use the Expression Builder to use all of the characters before the "@" sign.
  6. Optional:

    Configure the optional parameters of the service.

  7. Activate your basic authentication service.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us