Security methods overview

Pega Platform security mechanisms include a selected authentication method and an optional app lock. Authentication methods ensure that users validate their identity upon sign-in, for example, by providing credentials to their account. An app lock secures the app by displaying a lock screen when signed-in users reopen the app. Users then unlock the app with one of the available unlocking mechanisms, for example, with a fingerprint scanner. With an enabled app lock, users enter account credentials only upon first sign-in and then continue to access the app with a selected unlocking mechanism.

Enabling the app lock is also recommended for offline-enabled apps because unlocking mechanisms work in offline mode while authentication methods require a connection to the server network.

Available authentication methods

Pega Mobile Client offers the following authentication methods for mobile apps:

Pega Platform account authentication

Users sign in to the app with the credentials to their Pega Platform account.

This method supports multi-factor authentication (MFA), which means that you can configure the app to request additional identity factors, such as a unique six-digit PIN that users receive in an SMS message. To enable MFA, edit the out-of-the-box Platform Authentication service. For more information, see Multi-factor authentication with a one-time password.

Single sign-on (SSO) authentication

Users sign in to the app with an external authentication service such as Google or Amazon Web Services. You can either prompt users to select an authentication service from a list of all enabled services or select one authentication service for all users to access the app.

Pega Mobile Client supports the following types of authentication services:

• OpenID Connect
• Security Assertion Markup Language (SAML) 2.0

For more information about creating custom authentication services, see Creating an authentication service.

Access without authentication

Users access the app without authentication. The app generates an operator for each user that accesses the app.

Automatic app lock settings

To increase security and improve the user experience, you can configure the app to display a lock screen every time that signed-in users reopen the app. You can also choose to display the lock screen after users are inactive for a specified period of time or after sessions last longer than a specified period of time.

Available unlocking mechanisms

After you turn on the automatic app lock, select one of the available unlocking mechanisms so that users can quickly and conveniently unlock the app. Pega Platform offers the following mechanisms for unlocking your apps:

Native biometrics and device locks

Users unlock the app with the unlocking mechanism native to the mobile device, such as a fingerprint scanner, PIN, or pattern.

Native biometrics lock and app PIN

Users unlock the app with the biometrics unlocking mechanism native to the mobile device and a custom app PIN. Users configure the PIN after the first successful sign-in and can reset the PIN by repeating the authentication process.

You can specify the number of characters for the app PIN.

App PIN

Users unlock the app with a custom app PIN. Users configure the PIN after the first successful sign-in and can reset the PIN by repeating the authentication process.

You can specify the number of characters for the app PIN.