Skip to main content

Table of Contents

Creating an OIDC SSO authentication service in App Studio


Only available versions of this content are shown in the dropdown

Create an Open ID Connect (OIDC) single-sign on (SSO) authentication service so that users can authenticate using an OIDC identity provider.

To create an authentication service, you must have the pzCanCreateAuthService privilege, which is included in the PegaRULES:SecurityAdministrator role.

Before you create an OIDC authentication service, you must register with the identity provider and obtain a client ID and a client secret. You do this outside of Pega Platform.

  1. In the navigation pane of App Studio, click Users Single sign-on (SSO) .

  2. Click New, and then click OpenID Connect.

  3. Enter a Name for the service.

    The value that you enter is used to populate the Login URL field. Users access this URL to log in to your application.
  4. Click Import metadata to import metadata from your identity provider.

    • To select a URL where the metadata is stored, select via URL, enter a URL, and click Submit.
    • To select a file where the metadata is stored, select via file, enter a file name, and click Submit.
  5. In the Client ID and Client secret fields, enter the values that were assigned by your identity provider.

  6. In the Map operator ID from claim field, enter the attribute name from the claim that is mapped to the Pega Platform operator ID. Enclose the attribute name in curly braces, for example, {name}.

  7. Optional:

    To automatically create an operator when the operator who is logging in does not already exist in the Pega database, do the following steps.

    1. Select the Create operators for new users check box.

    2. In the Access role list, click the access role for the new user.

  8. Copy the redirect URL that is displayed under Configure your IdP.

    To complete SSO configuration, you must register Pega Platform as a client (relying party) with your identity provider, using the redirect URI that you copy.
  9. Click Submit.

  10. Optional:

    To configure advanced functionality, on the Single sign-on (SSO) landing page, where the new service is listed, click the More icon and then click Open in Dev Studio.

    The authentication service opens in Dev Studio. For more information, refer to the help in Dev Studio.
  11. To enable the authentication service, on the Single sign-on (SSO) landing page, where the new service is listed, turn on the switch.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us