Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Setting up the orchestrator

Updated on July 14, 2022

The orchestrator is a standalone Pega environment that allows modeling and execution of continuous integration and continuous delivery (CI/CD) pipelines.

Before you begin: Install the PegaDevOpsFoundation and PegaDeploymentManager applications.
Perform the following steps to set up and configure the orchestrator.
Note: Pega Cloud DevOps environments already include both PegaDevOpsFoundation and PegaDeploymentManager.
  1. Log in to the orchestrator environment as an administrator and enable the DMReleaseAdmin operator ID and specify its password.
    1. Log in to the orchestration server as an administrator.
    2. In the header of Dev Studio click RecordsOrganizationOperator ID, and then click DMReleaseAdmin.
    3. On the Edit Operator ID rule form, click the Security tab.
    4. Clear the Disable Operator check box.
    5. Click Save.
    6. Click Update password.
    7. In the Change Operator ID Password dialog box, enter a password, reenter it to confirm it, and then click Submit.
    This authentication profile connects to candidate environments and executes tasks. Note the password for future use when setting up candidates.
  2. Modify the DMAppAdmin authentication profile to use the new password. The orchestration server uses this authentication profile to communicate with candidate systems so that it can run tasks in the pipeline.
    1. Log in to the orchestration server with the DMAppAdmin user name and the password that you specified.
    2. From the Dev Studio header, click RecordsSecurityAuthentication Profile.
    3. Click DMAppAdmin.
    4. On the Edit Authentication Profile rule form, click Set password.
    5. In the Password dialog box, enter the password, and then click Submit.
    6. Save the rule form.

Generate client secret on the orchestrator

The client secret is a dynamic hexadecimal string that establishes communication between Deployment Manager services. You should not share this information publicly.

To generate the client secret from within Deployment Manager:
  1. Navigate to Settings General settings Generate client secret.
  2. Click on Generate client secret.
  3. Download the client secret by clicking Download client secret.
  4. Note: It is important to download the client secret as you must update this information in the authentication profile of candidate environments. Once you navigate away from this page or after you update the authentication profiles on the orchestrator, you must regenerate the client secret.
  5. Click Update authentication profiles to automatically populate the Client secret, Access token endpoint, and Revoke token endpoint on the orchestrator system. If the Update authentication profile button does not work, you must perform the following manual steps on the orchestrator:
    1. Navigate to Operator Switch to Dev Studio.
    2. Open DeploymentManagerClient client registration by selecting Records Security OAuth 2.0 Client Registration, and click Regenerate client secret to regenerate the client secret.
    3. Click the View and download button to view the client secret and download the client secret information.
    4. Save the DeploymentManagerClient rule.
    5. Update the Client secret, Access token endpoint, and Revoke token endpoint with the information for the DMStudioUser and DMAgentUser authentication profiles.
    For additional configuration options, see the following optional steps:
    • Create additional operators by giving them the PegaDeploymentManager:Administrators access group. For more information about user roles and privileges, see .
    • To receive email notifications for deployments, configure email accounts on the orchestration server. For more information, see Configuring email accounts on the orchestration server.
    • Configure Jenkins so that it can communicate with the orchestration server. For more information, see Configuring Jenkins in 5.5.x.
    • Configure a separate authentication profile for each environment if you do not wish to use a single authentication profile.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us