Creating an authentication service

To override or extend the default authentication process, create an authentication service. By creating an authentication service, you implement more specialized authentication requirements than the default, for example, to use preauthentication and postauthentication activities.

Before you begin: To create an authentication service, you must have the pzCanCreateAuthService privilege, which is included in the PegaRULES:SecurityAdministrator role.
By default, your system includes a basic authentication service named Platform Authentication. You can save this service with a new name and change it, and you can create any type of authentication service, including the basic type of authentication service.
  1. In the header of Dev Studio, click Configure > Org & Security > Authentication > Create Authentication Service.
  2. In the Authentication Type list, click the authentication service type.
    • Basic credentials – Authentication using a user ID and password, which can be stored in the Pega Platform database or an external source that is accessed by using a data page
    • SAML 2.0 – SAML 2.0 web SSO-based authentication
    • Custom – LDAP authentication or custom authentication protocol
    • Kerberos – Kerberos user credentials
    • OpenID Connect – OpenID Connect SSO-based authentication
    • Anonymous – Unauthenticated access that uses a model operator
    • Token credentials – Useful for offline mobile applications
  3. Enter a name and short description.
  4. Click Create and open.
  5. Configure your authentication service.