Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Configuring the client registration for Pega Mobile Client authentication against an external OIDC server

Updated on April 27, 2022

Configure client registration to increase the security of your application, by enabling authentication against an external OpenID Connect (OIDC) identity provider (IdP) for Pega Mobile Client.

Before you begin: Register your application with an external OIDC IdP, for example, Google, and then obtain the parameters that you must then enter in Pega Platform. For the list of parameters to gather, see Custom parameters for direct authentication against an external OIDC server.
Note: Ensure that the OIDC IdP derives the Audience claim from the Client ID value. For more information, see the documentation for the selected OIDC IdP.
  1. In the header of Dev Studio, click Create SecurityOAuth 2.0 Client Registration.
  2. On the Create OAuth 2.0 Client Registration screen, enter the name and a short description of the client, and then click Create and open.
  3. In the Client credentials section, select Confidential.
  4. Click View & download, and then download the text file with client registration parameters by clicking Download credentials.
  5. In the Supported grant types section, clear any selected options, and then select the JWT bearer checkbox.
  6. In the Identity mapping box, specify the identity mapping:
    • To use an existing identity mapping data instance, in the list of entries, select a JSON Web Token identity mapping instance, and then go to step 12.
    • To create a new identity mapping data instance, click the Open icon.
  7. On the Create Identity Mapping screen, enter the name and a short description of the identity mapping instance, and then click Create and open.
  8. In the Token processing profile field, specify the profile for validating the token:
    • To use an existing token processing profile, in the list of instances, select an existing JSON Web Token token processing profile, and then go to step 11.
    • To create a new token processing profile, click the Open icon.
  9. On the token processing profile configuration screen, in the Claims validation section, define the validation parameters:
    1. In the Issuer (iss) field, enter the address of an external OIDC authentication server.
    2. In the Audience (aud) field, enter the Client ID value that you obtain from the OIDC authentication server.
  10. On the token processing profile configuration screen, save the token processing profile by clicking Save.
  11. On the identity mapping profile configuration screen, save the identity mapping by clicking Save.
  12. On the client registration configuration screen, save the client registration by clicking Save.
What to do next: Enable the mobile authentication service. For more information, see Enabling the mobile authentication service for Pega Mobile Client authentication against an external OIDC server.
  • Previous topic Custom parameters for direct authentication against an external OIDC server
  • Next topic Enabling the mobile authentication service for Pega Mobile Client authentication against an external OIDC server

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us