Designing and configuring single sign-on login for system Operators
By configuring single sign-on access to your Pega Marketing application, your users can sign in using their existing company username and password. This option is available for regular operators (that is, marketing analysts, managers, and so on), as well as for operators linked to automatic system processes.
This article describes the process for configuring access for your system processes.
| Task ID | Task-040202 |
|---|---|
| Primary role | Senior System Architect |
| Secondary role | Lead System Architect |
| Tertiary role | N/A |
Understanding single sign-on
With single sign-on, you configure Pega to authenticate with your company’s existing authentication infrastructure. This means that your service infrastructure can use existing accounts to access the Pega system
You configure Access Groups in Pega to grant roles and privileges to types of account.
Depending on your company’s authentication infrastructure, you use model operator records to design the access that each kind of account gets granted when they first sign in. This has the effect of creating a Pega Operator record for the system which has authenticated, by copying a template Operator and personalising it based on the information (claims) that the authentication service has provided about that account.
You choose an authentication service that matches the identity provider that your existing IT infrastructure provides. Examples of services are SAML, OpenID, Kerberos, and LDAP.
The approach you take to single sign-on is usually decided between the Lead System Architect, the Lead Business Architect, and your IT team. It is usually then implemented by a Senior System Architect as part of implementing a security-related user story.
Configuring single sign-on
The process to configure single sign-on for your system accounts is the same as configuring it for your human users, and is covered in article 1004005.
Outcome
Once the authentication services are configured, all of the system accounts which should be able to access Pega will be able to do so using their existing credentials, and they will have access to the parts of the application that they should, and will not have access to those parts that they should not.
Frequently asked questions about your single sign-on configuration
Previous topic Designing and configure single sign-on login for Pega Marketing Operators Next topic Design and implement application settings