To set up Pega Access, configure the following options on the BeyondTrust server. These options control the following behaviors:

• Whether API keys can be directly retrieved from Password Safe if not stored on a client computer.
• Whether requests for credentials from the ASO Manager must use the current logged-in user in the request.
• Whether requests for credentials from the Credential Store must use the current logged-in user in the request.
• Whether requests for credentials require a user password.

The system retrieves the Pega Access configuration values when each session of the RPA Service, Robot Runtime, and the Pega Package Downloader starts.

1. On the BeyondTrust server, create an asset named PegaAccess.
2. Create an API key named PegaAccessKey. Create additional API keys as needed.
3. Create an application named PegaAccess.
4. Add a user group with access to retrieve the managed accounts for the PegaAccess asset.
5. Add a user to this user group named PegaAccessUser (password is optional, based on your security requirements).
6. Add managed accounts to the PegaAccess asset for each API key, with the API key name as the account name, the API key value as the password, and PegaAccess as the application name.
7. Using the CredMgrUI.exe utility, add a BeyondTrust API Group named PegaAccessKey with the API key value for PegaAccessKey.
8. Next, add a BeyondTrust Runas User named PegaAccessUser and add the user password.
9. Add an attribute type named Pega.
   1. To enable UseCurrentUserForASO, add an attribute named UseCurrentUserForASO under the Pega attribute type.
   2. To enable UseCurrentUserForCredStore, add an attribute named UseCurrentUserForCredStore under the Pega attribute type.
   3. To enable NoRunasUserPassword, add an attribute named NoRunasUserPassword under the Pega attribute type.