Skip to main content

Table of Contents

Configuring a token credentials authentication service


Only available versions of this content are shown in the dropdown

After you create a token credentials authentication service, configure it so that Pega Platform uses the specified token provider for authenticating users. Select this type of service for offline mobile applications. You can map claims from the token to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities.

You must complete the following task before you can configure a token credentials authentication service: Creating an authentication service

Note the following best practices when you configure and deploy a token credentials authentication service.

  • Derive the operator ID directly from the token that is acquired from the identity provider. Avoid using excessively complex logic for deriving the operator ID.
  • To lessen the possibility of phishing attacks, do not update sensitive operator information such as mobile phone number or email address in the preauthentication and postauthentication activities.
  • Do not initiate operator provisioning in the postauthentication activity.
  • Deploy the authentication service over a secure channel (HTTPS enabled).

To configure a token credentials authentication service, do the following steps.

  1. Create a token credentials authentication service, or open an existing service from the navigation panel in Dev Studio by clicking Records SysAdmin Authentication Service and choosing a token credentials authentication service from the instance list.

  2. In the Authentication service alias field, specify an alias to represent a unique value for this service. This value becomes the final part of the URL path for users to access Pega Platform.

    • Login URL is a read-only field that displays the URL that accesses Pega Platform and uses this service for user authentication.
  3. Optional:

    In the Provider logo field, specify an image that represents the identity provider.

  4. Select the token provider.

    • Pega Platform – The authentication token is issued by the Pega Platform OAuth 2.0 authorization layer.
    • External identity provider – When you select External identity provider, the Identity mapping field is displayed, where you enter the key to an identity mapping instance. Some identity mappings are linked to an appropriate token profile; for example, for a JSON Web Token (JWT), the identity mapping instance is linked to the processing token profile.
  5. Optional:

    Configure the optional parameters of the service.

  6. Activate your token credentials authentication service.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us