Flexible security features for users, groups, and your entire ecosystem.

Get Started

Because business processes rely on sensitive data about customers, finances, and past events, you must ensure that only authorized users have access to your applications. In addition, in your secure system, users must be able to perform only the functions for which they are authorized.

WATCH: Pega 8.1 Update: What's New in Security

Security basics   |   Security checklist |   Platform Release Notes

Security article index

Dig Deeper

Browse the information below to discover how security features can be set different levels of access for different users.

Manage authentication

A common example of authentication is a user logging in to your application by providing a valid user ID and password to begin a session. However, requests for a resource or service also require authentication to verify that the request is from a known and trusted entity, for example, when connectors call out from the Pega 7 Platform to external systems. You can use various protocols to authenticate requestors, and you can store credentials in a Pega 7 Platform database or in external stores.

Authentication in Pega Platform

Set up authorization

In most cases, you want to restrict authenticated users and requestors from accessing all parts of an application. You can implement authorization features that ensure that users and requestors can access only the user interfaces and data that they are authorized to access.

The Pega 7 Platform provides a complementary set of access control features: Role-based access control and attribute-based access control. Role-based access control is based on user privileges, while attribute-based access control compares user information to case data on a row-by-row or column-by-column basis.

Authorization models in Pega Platform
Access Manager

Configure auditing

You can use the Pega 7 Platform to configure the level of auditing for security events that are triggered by requestors. You can configure auditing for most security events, including most actions performed by a user, a developer, or other requestors who accesses the application, accesses or changes data, changes security policies, or changes rules and landing pages that are related to security.

Auditing in Pega Platform
Rule and data change auditing

Training and Support


Build and validate your skills

Find the training that works for you and invest in your success.


Get the help you need

Search support articles, community posts, and open support requests.

Video Library

Watch the latest videos

Browse our growing video library and maximize your Pega investment.