Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Using the Security Token Service

Updated on November 10, 2021
Pega Robot Studio v21 Preview

Use the Pega Robotic Automation Security Token Service (STS) as a minimal version of Microsoft Active Directory Federation Services (AD FS) for authenticating Pega Robot Studio and attended Pega Robot Runtime installations with Pega Robot Manager.

Using the Security Token Service lets you avoid the per-seat licensing cost of Microsoft's AD FS, while providing a secure token provider for authentication purposes using your Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) user store.

Note: For more information, see Configuring authentication for Pega Robot Manager.

The Security Token Service is a web service that can be hosted in Internet Information Services (IIS). The Security Token Service authenticates using the domain user credentials of the user's Windows session.

  • STS requirements

    The following are the requirements for using the Security Token Service. The example hardware and software configuration specified in this topic handles 1000 users.

  • STS Overview

    The following diagram shows how the Pega Robotic Automation Security Token Service (STS) works to provide secure tokens:

  • Issuing the token-signing certificate

    A token-signing certificate, issued by a certificate authority, provides a quick way to verify if your private key is compromised. Different certificate authorities have different processes for generating a certificate with a private key.

  • Installing the Security Token Service

    When you run the Security Token Service Setup wizard (PegaSTSServiceSetup.exe), several needed Windows features and software packages are automatically installed as dependencies.

  • Setting up the Security Token Service

    After you have installed the Security Token Service and rebooted your system, the next step is to configure the Security Token Service for your location. To do this, use the Security Token Service Configuration Console.

  • Configuring Robot Runtime and Robot Studio

    To configure Robot Runtime and Robot Studio to work with the Security Token Service, provide configuration information in the CommonConfig.xml file. This includes specifying the URL that the system uses for authentication.

  • Configuring the Security Token Service to work with Robot Manager

    To configure the Security Token Service for use with Robot Manager, you must perform several tasks in several applications, including the Security Token Service and Pega Platform. The following figure provides an overview of the tasks that you must complete after you set up Robot Manager:

  • Adding a relying party

    Use the Security Token Service to set up authentication with multiple relying parties.

  • Editing relying party information

    If you need to update the information set up for a relying party, perform the following steps:

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us