Use Microsoft Active Directory Federation Services (AD FS) with your Pega Robot Manager and Pega Robot Runtime implementations to implement a claims-based authorization model for providing security and implementing a federated identity. With these features, you can implement single sign-on access to systems and applications across organizational boundaries.
These instructions explain how to set up a relying party in AD FS. The following diagram provides an overview of the process. The activity you set up in this topic is highlighted by the red arrow.
To set up a relying party, you will need one of the following certificates.
- A CA-signed certificate for token-signing
- A certificate Pega Robotic Automation Support has manually approved (issued by devqa.openspan.com)
- Setting up the relying party
These instructions explain how to connect to the server that hosts AD FS version 2.0.
- Ensuring that the connection is trusted
For your configuration to function correctly, the IIS server's SSL root certificate must be trusted to establish secure communications between the server and the Pega Robot Runtime/Pega Robot Studio computer.