Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Security mechanisms for mobile apps

Updated on April 27, 2022

You can take advantage of several security mechanisms when you build a Pega Mobile Client-based app. These mechanisms help you provide users with access to your mobile apps that matches your company's security requirements.

Security methods overview

Pega Platform security mechanisms include a selected authentication method and an optional app lock. Authentication methods ensure that users validate their identity upon sign-in, for example, by providing credentials to their account. An app lock secures the app by displaying a lock screen when signed-in users reopen the app. Users then unlock the app with one of the available unlocking mechanisms, for example, with a fingerprint scanner. With an enabled app lock, users enter account credentials only upon first sign-in and then continue to access the app with a selected unlocking mechanism.

Tip: Combining a selected authentication method with an app lock and a corresponding unlocking mechanism provides signed-in users with convenient and quick access to the app and ensures the optimal level of security.

Enabling the app lock is also recommended for offline-enabled apps because unlocking mechanisms work in offline mode while authentication methods require a connection to the server network.

Available authentication methods

Pega Mobile Client offers the following authentication methods for mobile apps:

Pega Platform account authentication
Users sign in to the app with the credentials to their Pega Platform account.

This method supports multi-factor authentication (MFA), which means that you can configure the app to request additional identity factors, such as a unique six-digit PIN that users receive in an SMS message. To enable MFA, edit the out-of-the-box Platform Authentication service. For more information, see Multi-factor authentication with a one-time password.

Single sign-on (SSO) authentication
Users sign in to the app with an external authentication service such as Google or Amazon Web Services. You can either prompt users to select an authentication service from a list of all enabled services or select one authentication service for all users to access the app.

Pega Mobile Client supports the following types of authentication services:

  • OpenID Connect
  • Security Assertion Markup Language (SAML) 2.0

For more information about creating custom authentication services, see Creating an authentication service.

Access without authentication
Users access the app without authentication. The app generates an operator for each user that accesses the app.

Automatic app lock settings

To increase security and improve the user experience, you can configure the app to display a lock screen every time that signed-in users reopen the app. You can also choose to display the lock screen after users are inactive for a specified period of time or after sessions last longer than a specified period of time.

Available unlocking mechanisms

After you turn on the automatic app lock, select one of the available unlocking mechanisms so that users can quickly and conveniently unlock the app. Pega Platform offers the following mechanisms for unlocking your apps:

Native biometrics and device locks
Users unlock the app with the unlocking mechanism native to the mobile device, such as a fingerprint scanner, PIN, or pattern.
Native biometrics lock and app PIN
Users unlock the app with the biometrics unlocking mechanism native to the mobile device and a custom app PIN. Users configure the PIN after the first successful sign-in and can reset the PIN by repeating the authentication process.

You can specify the number of characters for the app PIN.

App PIN
Users unlock the app with a custom app PIN. Users configure the PIN after the first successful sign-in and can reset the PIN by repeating the authentication process.

You can specify the number of characters for the app PIN.

  • Selecting an authentication service

    Build safe mobile apps by selecting an authentication source that matches your security requirements. For example, you can use the default account authentication to effectively build secure apps that users can access with Pega Platform credentials.

  • Increasing mobile app security with time-outs and native locks

    Increase the security of your mobile apps by configuring automatic app locks, and by adding convenient and secure mechanisms to unlock them. For example, you can configure your app to lock after a period of time and require users to unlock it by using a native fingerprint scanner.

  • Making mobile apps available to users

    To use a mobile app that you configure for a Pega Platform application in production, configure an operator role to provide users with access to your mobile app.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us