Published Release Notes

New property pxCommitDateTime

A new property, pxCommitDateTime, records the time when a record or updated rule was committed to the database. This property also allows for incremental extracts when running BIX.

New property pxSaveDateTime

A new property, pxSaveDateTime, records the date and the time that an instance was saved with business changes to the database. This property is always used when an instance is saved, whether you are creating an instance or updating an existing instance. This property is not updated when an instance is moved from one system to another, and it is not updated during certain system management operations that do not change the content of the instance, such as column exposure.

Ability to include all properties in search results

You can now include all properties in a class in search results so that they can be used in report filtering. When the Enable search results for all properties option is selected on the Custom Search Properties rule form, all top level and embedded page scalar properties for the class are indexed and returned in search results, and all embedded page list, page group, value list, and value group properties for the class are indexed but not returned in search results. Selecting this option might affect performance.

In addition, by default, properties defined in the Data-Tag-RelevantRecord instance for a class are indexed and returned in search results and do not need to be explicitly configured.

You must reindex search after selecting or clearing Enable search results for all properties and after changing the properties that are defined in the Data-Tag-RelevantRecord instance.

For more information, see Specifying custom search properties.

SAML single sign-on is easier to configure

Implementing SAML single sign-on (SSO) login authentication in your application is now less complex. You can now configure most requirements that used custom activities or Java code in previous releases from the Authentication services form.

For more information, see Creating an authentication service.

Configure role dependencies to grant access rights

You can configure role dependencies in a role to grant access rights, which are inherited from the role. Role dependencies are relationships between roles that mirror an organization hierarchy or a more complex relationship among groups of operators, roles, or functional areas. Use role dependencies to simplify role configuration, minimize the number of roles needed by an access group, and minimize the number of privileges that you have to manually define for roles in your application.

For more information, see Access Role rules, Access Role form – Using the Role tab.

Improved operator security

To improve security, Pega® Platform now requires the following:

• During deployment, you must configure a password for [email protected].
• The administrator must enable new out-of-the-box operators.
• The administrator and new Pega-supplied operators must change their passwords after the first login.

These requirements replace the optional secured mode in earlier versions of Pega Platform.

Multifactor authentication now supports SMS

Multifactor authentication now supports short message service (SMS) as well as email. Amazon Simple Notification Service (SNS) is supported as a provider.

For more information, see Security policies settings.

Operator provisioning is supported by SAML and OpenID Connect authentication services

When you use SAML and OpenID authentication services, operators can be automatically provisioned without the need to write custom activities. Users can now be authenticated and provisioned from authentication providers that adhere to the OpenID Connect specification, such as Auth0, NetIQ, and Google.

For more information, see Configuring operator provisioning for a SAML SSO authentication service and Configuring operator provisioning for an OpenID Connect authentication service.

Support for OpenID Connect authentication

Pega^® Platform now supports authentication services that use OpenID Connect, an emerging standard for government and enterprise cloud environments. This standard facilitates interoperability among identity management solutions and authentication through authentication providers that adhere to the OpenID Connect specification, including Auth0, NetIQ, and social media sites such as Google.

For more information, see Configuring an OpenID Connect authentication service.

New access control policy for encrypting properties

With attribute-based attribute control, you can now encrypt property values in the database, clipboard, logs, and search indexes for any property type. If no policy obfuscates an encrypted property, its value is visible in UI controls and reports.

For more information, see Creating an access control policy.