Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Setting up candidate environments

Updated on February 4, 2021

Candidate environments are any Pega environment that a Deployment Manager Pipeline manages. Most pipelines consist of Dev, QA, Staging, and Production environments.

Before you begin: Install the PegaDevOpsFoundation application on each candidate environment.
See below for setting up a candidate environment.
Note: If you did not enable SSL on the candidate environment, then you must deselect the "Require TLS/SSL for REST services in this package" for both the cicd and api service packages. Pega does not recommend this configuration.
  1. On each candidate system, enable the DMAppAdmin operator ID.
    If you want to create your own operator IDs, ensure that they point to the PegaDevOpsFoundation application.
    1. Log in to each candidate system as an administrator.
    2. From the Dev Studio header, click RecordsOrganizationOperator ID, and then click DMAppAdmin.
    3. On the Edit Operator ID rule form, click the Security tab.
    4. Clear the Disable Operator check box.
    5. Click Save.
    6. Click Update password.
    7. In the Change Operator ID Password dialog box, enter a password, reenter it to confirm it, and then click Submit.
    8. Log out of each candidate system.
  2. For development environments, update the OrchestratorURL Dynamic System Setting in the PegaDevopsShared ruleset to point to the orchestrator. Use this setting for Dev Studio and App Studio integration. The URL should end in /prweb (though this is customizable).
  3. Create and configure a keystore named DMKeyStore.
  4. If your target environment is SSL-enabled with private certificates, configure the Deployment Manager connectors so that they can receive and process information by setting the keystore:
    1. Click Switch to Dev Studio Record explorer to create and configure a keystore. For more information, see Creating a keystore for application data encryption
    2. Configure the PegaDeploymentManagerIntegrationsTrustStore dynamic system setting to reference the keystore ID by clicking RecordsSysAdminDynamic System Settings.

    For more information about dynamic system settings, see Creating a dynamic system setting.

  5. If the candidate system is between Pega Platform 8.1 and Pega Platform 8.5.1, the candidate must have 4.8.4 Pega DevOps Foundation. If candidates are managed by an orchestrator on version 5 or later, you must create the PegaDevopsShared configuration and set the value to True. If not set, the candidate will fall back to using the older 4.x APIs for interactions with Deployment Manager and the pipelines will not be functional if using a 5.x orchestrator. Having the configuration created and set to true will ensure the candidates would leverage the 5.x API service.
    • Owning ruleset: PegaDevopsShared
    • Purpose: deploymentmanager/orchestrator/managed_by_5x/enabled
    • Value: True

Setting client secret on the candidate environment

Deployment Manager cannot automatically populate the client secret to candidate environments as we do not recommend that you share this information across systems.

To manually update the client secret information (from Step 2 above) on your candidate environment:
  1. In Dev Studio, from the Records Explorer, navigate to Security Authentication Profile to receive a list of profile names on the candidate environment.
  2. Select the DMReleaseAdmin_OAuth2 authentication profile.
  3. Update client secret on the authentication profile, and follow the steps below as applicable:
    1. If your candidate system is on Pega Platform 8.3 or above, on the OAuth 2.0 tab under the Client configuration section, enter the client secret in the Client secret field.
    2. If your candidate system is on Pega Platform 8.2 or below, update the client secret in the DMReleaseAdmin_OAuth2 authentication profile. Update Access token endpoint and Revoke token endpoint in DMCustom O Auth 2.0 Provider.
  4. Under the Endpoint configuration section, enter the Access token endpoint and Revoke token endpoint.
  5. Click Save.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us