After you create a basic authentication service, configure it so that Pega Platform uses the specified security policies for authenticating users. You can
also configure optional features such as preauthentication and postauthentication
activities.
The default means of authentication for Pega Platform is a basic authentication service that is named Platform
Authentication. All basic authentication services include support for mobile OAuth
2.0 authentication with proof key for code exchange (PKCE).
-
Create a basic authentication service, or open an existing service from the navigation
panel in Dev Studio by clicking and selecting a basic credentials authentication service from the instance
list.
-
In the Authentication service alias field, specify an
alias to represent a unique value for this service. This value becomes the final
part of the URL path for users to access Pega Platform.
Login URL is a read-only field that displays the URL that
accesses Pega Platform and uses this service for user
authentication.
- Optional:
In the Provider logo field, specify an image to display
on the login screen that identifies this provider.
- Optional:
To authenticate new sessions against an external data source instead of the Pega Platform database, select the Verify credentials using
external identity store check box and enter a name for Data page
for credentials verification. For example, to verify the identities of
external customers, follow these steps:
-
Create a requestor-scope read-only data page, with object type equal to
Data-Admin-Operator-ID. Save the data page to the unauthenticated
ruleset.
-
Create a data transform with an applies to class equal to
Data-Admin-Operator-ID and having input parameters for user name
and password. Validate the user name and password against the external data source. In
the data transform, when the input parameters are valid, set
.pyApproveStatus to true. Save the data transform to the
unauthenticated ruleset.
-
On the data page, set the data source equal to the data transform that you just
created.
-
On the authentication service, set Data page for credentials
verification equal to the name of the data page you just created.
-
At run time, if the operator authenticates against a data page and the operator
does not exist in the Pega database, the operator must be provisioned (added to the
Pega database). For information about operator provisioning, see Configuring operator provisioning for a basic authentication service.
-
In the Map Operator Id field, provide an expression for deriving
the operator ID from the user name that is entered at the time of authentication. To use
the Expression Builder, click the Build an expression icon.
For example, a user could log in with an email address such as
[email protected], but the operator ID is
User123. Use the Expression Builder to use all of the characters
before the "@" sign.
- Optional:
Configure the optional parameters of the service.
-
Activate your basic authentication service.