Securing access to Pega Robot Manager
Configure authentication methods based on your security policies to ensure that users and robots can access Pega Robot Manager.
Pega Robot Manager provides a variety of predefined roles that you can assign to new users. These roles define a set of permissions for users to perform specific types of tasks.
For example, the Robot Manager administrator, Developer, and User admin roles can access the Pega Robot Manager portal directly through a browser window, to manage robots, other users, modify robot configuration files, view reports, adjust auto-balancing, schedule robots, and so on.
Another important user role in Pega Robot Manager is Runtime user. Typically, administrators grant the Runtime user role to robot operators that assist case workers (for example, call center agents), or perform unattended background activities. To operate properly, robot operators must access Pega Robot Manager indirectly through a service connection to retrieve automation packages and configuration file updates.
Depending on your security policy and implementation of your robotic solution (unattended or attended), you can authenticate various user roles through basic or single sign-on (SSO) methods.
Basic authentication
This is a simple authentication method in which users send their IDs and passwords to Pega Platform for validation against the credentials that are stored in the Pega database. This is the default method for authenticating both attended and unattended user access to Pega Robot Manager.
When adding users through Pega Robot Manager, an email address is the user identifier for basic authentication.
Single sign-on (SSO)
This method offers the best user experience by allowing users to securely authenticate with multiple applications (and websites) by logging in once, or with just one set of credentials. You can enable SSO for Pega Robot Manager users through OAuth SAML 2.0 or Kerberos.
When adding users through Pega Robot Manager, user principal name (UPN) is the user identifier for SSO.
Learn more about each authentication mechanism for Pega Robot Manager users by reading one of the following articles:
- Learning about the supported authentication mechanisms for Pega Robotic Automation components
Pega Robot Manager supports Basic authentication, OAuth 2.0 with SAML bearer, and Kerberos to authenticate client requests from Pega Robot Studio and Pega Robot Runtime.
- Understanding basic authentication for Pega Robot Manager users
Basic authentication works by prompting the user for a user name and password, which Pega Platform validates against the credentials that are stored in the Pega database. In this method, the authentication information is retrieved from the server with just one call, which makes that method faster than other, more complex authentication mechanisms.
- Understanding single sign-on authentication for Pega Robot Manager users
Use single sign-on (SSO) to access all your applications and switch between them without any additional actions.
- Specifying the default authentication method for new Pega Robot Manager users
Comply with your security requirements by selecting the authentication method that Pega Robot Manager assigns to a user role by default.
Previous topic Performing the Pega Robot Manager upgrade Next topic Learning about the supported authentication mechanisms for Pega Robotic Automation components