Multi-factor authentication in your automations
Work with multi-factor authentication (MFA) in your unattended automations to ensure secure communications and keep your data safe. MFA requires users to produce at least two pieces of identifying information to gain access.
Typically, entering a combination of a user ID and password is the first form of authentication, and you can automate this authentication step with an automation. This means that your automation can use single sign-on for a seamless logon experience and then connect with third-party credential providers, such as BeyondTrust or CyberArk.
To further ensure security, additional forms of authentication often require human intervention. For example, a second form of authentication could involve any of the following authentication checks:
- Performing a retina scan with a smart phone
- Submitting a code sent in a text message to a smart phone or to an email address
If the authentication form requires human input to provide the additional information, create an attended automation. The attended automation can then pass control back to the robot.
To determine how to work with MFA in your automation, first review the options that your MFA vendor makes available. For example, determine whether you can provide MFA using a REST API, or if you can access an application from the desktop for secrets or tokens.
- If an API is available, use the REST API component that is included with Pega Robot Studio.
- If a separate application is available, add an adapter and automate that application to retrieve the secret or token.
- If you can use additional security questions, you can provide the authentication by creating an automation that looks up the answers from your password vault.
Previous topic Replacing the Pega RDA certificate with a self-provisioned certificate Next topic Setting up a relying party in AD FS