Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Optional: Defining the security model and organization structure

Updated on April 21, 2021

Define the authorization and authentication strategies for your application.

Pega Customer Service Implementation Guide Pega Customer Service Implementation Guide Pega Customer Service Implementation Guide Pega Customer Service Implementation Guide Pega Customer Service Implementation Guide Pega Customer Service Implementation Guide Pega Customer Service Implementation Guide Pega Customer Service Implementation Guide Pega Customer Service Implementation Guide
Authentication
Proves to the application that you are who you say you are.
Authorization
Determines the functions that you can perform in the application. This corresponds to an access group and role configuration.

Security planning involves defining authorization and authentication strategies for your application. It is a best practice to create new access groups and roles that are based on the default access groups and roles that come with the product.

Security planning also involves setting up the organization structure and operator attributes. The application provides security in the form of access settings and denial rules. Many integration rules also incorporate authentication.

For more information about the additional aspects of security, enroll in the Lead System Architect course on Pega Academy.

Authentication schemes

The Pega Platform offers the following authentication types:

PRBasic
Based on passwords in the Operator ID data instances and the login form. This is defined by the HTML @baseclass.Web-Login rule, which your application can override.
PRSecuredBasic
Similar to PRBasic, but passes credentials by using Secure Sockets Layer (SSL) with Basic HTTP authentication. The login form is defined by the HTML @baseclass.Web-Login-SecuredBasic rule, which your application can override.
PRCustom
Supports access to an external LDAP directory or a custom authentication scheme.
PRExtAssign
Supports external assignments (Directed Web Access).
J2EEContext
Specifies that the application server in which the Pega Platform is deployed uses JAAS to authenticate users.

Defining your authentication scheme

Your site can use a centralized, automated means of maintaining operator data instead of maintaining it manually in your application.

  1. Discuss the authentication schemes with your site's security and application server teams.
  2. Determine the appropriate authentication type.

    For more information on authentication scheme planning, see Authentication.

Authorization scheme

Pega Customer Service comes with a predefined set of access groups, roles, and privileges. You can use the application roles as a starting point, but you should create your own application-specific access groups and roles to avoid any future problems when updating.

Other rule types such as sections, flow actions, and activities use roles and privileges to allow access to these rules at run time.

Note: You can review the Pega Customer Service access groups and roles in App Studio.

Defining access roles and privileges

You can associate one or more roles to an access group. Roles are additive. The more roles that you add to an access group, the more authorization there is. Privileges can be associated with one or more roles.

  1. Determine which roles are needed for your application. You can use the Pega Customer Service roles as a starting point.
  2. Determine which privileges to associate with each role.
  3. Associate each role with an access group.
What to do next:

For more configuration information, see Learning about access groups and Configuring an access role.

Defining your access groups

  1. Identify additional access groups that are needed for your application.
  2. Identify portals associated with these access groups.

Configuring access groups

A new application includes out-of-the-box access groups and access roles that you can view in App Studio by clicking UsersRoles. To associate an access group with a role, follow these steps.

  1. Log into your application by using the administrator credentials.
  2. In the navigation pane of App Studio, click UsersRoles.
  3. Click Add role and enter the details.
    Result: This adds an access group to a particular role.
  4. Click Done. For more information, see Learning about access groups.
What to do next: Add an access group and associate it with a role as described in "Adding an access group" and "Adding an access role," next.

Adding an access group

You might need to add an access group to meet your business needs.

  1. In the navigation panel of App Studio, click UsersRoles to display a list of all access groups and access roles that are provided by the application.
  2. Select the access group that you want to modify and update the details. You can only change the portal details for the access group.
  3. Click Done. For more information, see Learning about access groups.

Adding an access role

You can update or add a new access role only from Dev Studio.

  1. Log in to Dev Studio by using an administrator account.
  2. In the navigation pane of Dev Studio, click RecordsSecurityAccess Role Name.
  3. To update a role, do the following actions:
    1. On the Access Role Name tab, in the Access Role column, click the Filter icon.
    2. In the Search Text field, enter a search term, and then click Apply.
    3. Click the role that you want to update.
    4. On the role name tab, update the role details, and then click Save.
  4. To add a new role, do the following actions:
    1. On the Access Role Name tab, click Create.
    2. On the New tab, enter a label for the rule configuration record, and configure other settings as needed.
    3. Click Create and open.
    4. Update the new role details, and then click Save.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us