Creating an authentication service
To override or extend the default authentication process, create an authentication service. By creating an authentication service, you implement more specialized authentication requirements than the default, for example, to use pre-authentication and post-authentication activities.
By default, your system includes a basic authentication service named Platform Authentication. You can save this service with a new name and change it, and you can create any type of authentication service, including the basic type of authentication service.
In the header of Dev Studio, click.
In the Authentication Type list, click the authentication service type.
- Basic credentials – Authentication using a user ID and password, which can be stored in the Pega Platform database or an external source that is accessed by using a data page
- SAML 2.0 – SAML 2.0 web SSO-based authentication
- Custom – LDAP authentication or custom authentication protocol
- Kerberos – Kerberos user credentials
- OpenID Connect – OpenID Connect SSO-based authentication
- Anonymous – Unauthenticated access that uses a model operator
- Token credentials – Useful for offline mobile applications
Enter a name and short description.
Click Create and open.
Configure your authentication service.
- Configuring login authentication with basic credentials
- Configuring SSO login authentication with a SAML identity provider
- Configuring SSO login authentication with an OpenID Connect identity provider
- Configuring login authentication for an anonymous operator
- Configuring custom or Kerberos login authentication
- Testing login authentication services
- Configuring login policies such as multi-factor authentication, CAPTCHA, and attestation
- Configuring a token credentials authentication service