Web single sign-on (SSO) with SAML 2.0
The Pega 7 Platform provides support for web single sign-on (SSO) with SAML 2.0. This industry-proven protocol allows enterprises to simplify user authentication while maintaining strong security of their web applications. The Pegasystems SAML 2.0 implementation fully conforms with the web single sign-on (SSO) and single logout (SLO) profiles. In addition, the Pega 7 Platform has proven interoperability with leading identity providers.
For more information, including the steps for configuring the Pega 7 Platform as a SAML 2.0 Service Provider, see the articles under the Related content section and the Pega 7 Platform help.
Benefits of SAML 2.0 full conformance
The Pega 7 Platform supports all the necessary bindings to meet SAML 2.0 full conformance for web SSO and single logout features. You can choose any identity provider (IdP) in the organization that supports SAML 2.0. If you use a custom solution for single sign-on support, you can use this new feature while continuing to use the IdP, as long as the IdP is SAML 2.0-compliant.
Various IdPs in the market support different bindings for single sign-on and single logout. You can choose different bindings for different applications as part of a single circle of trust with one IdP.
For example, you can choose POST binding for application1 and artifact binding for application2, which might require additional security in the communication between the service provider (SP) and IdP. In a similar manner, the SOAP binding for single logout provides direct communication between the IdP and SP that is more reliable and secure, as compared to redirect binding. You can choose the binding that best suits the needs of your applications and use cases.
For more information, see SAML 2.0 conformance.
Pega 7 Platform interoperability with IdPs
The Pega 7 Platform is interoperable with the following IdPs for single sign-on and single logout profiles:
- Active Directory Federation Services (Microsoft)
- Computer Associates (CA) Single Sign-On and CA Single Sign-On SaaS (formerly CA SiteMinder)
- ForgeRock OpenAM
- PingOne (Ping Identity)
- IBM Tivoli Federated Identity Manager
- WSO2 Identity Server
For detailed information about setting up SAML single sign-on and single logout, see Configuring the Pega 7 Platform as a service provider (SP).