Published Release Notes

Data pages can source information from a robotic process automation

When you use robotic process automation (RPA), you can now configure data pages to source information from robotic automations so that you can connect your Pega® Platform application to legacy applications in your enterprise. By using automations to retrieve data and save it to a data page, you can use data virtualization to encapsulate your Pega Platform data model from the physical interface of a legacy system against which the automation is running.

For more information, see Obtaining information from robotic automations.

New privilege required to access the Search landing page

After upgrading to Pega^® Platform 7.4, users who do not have the pxAccessSearchLP privilege cannot access the Search landing page. The pxAccessSearchLP privilege is automatically assigned to the SysAdm4 role. If you have other roles that require access to the Search landing page, you must add the pxAccessSearchLP privilege to those roles.

For more information about assigning privileges to roles, see User privilege authorization. (Link to: basics/v6portal/landingpages/accessmanager/customizeprivilegestab.htm)

Support for OAuth 2.0 authorization code grant type

Pega Platform™ now supports the OAuth 2.0 authorization code grant type, which allows Pega Platform to act as an OAuth 2.0 access token provider for native applications on mobile and other devices. By using the authorization code grant type for mobile clients, you no longer need to implement a variety of standards for various authentication providers. The authorization code grant type also supports the Proof Key for Code Exchange standard (PKCE) for securing public clients.

For more information, see Creating and configuring an OAuth 2.0 client registration.

Use client-based access control to support EU GDPR requirements

You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.

For more information, see Client-based access control.

Data pages can source information from a robotic desktop automation

You can now configure data pages to source information from robotic desktop automations (RDA). Using an RDA to source a data page allows you to connect your Pega Platform™ application to any application that is accessible from an end-user's desktop. By using automations to retrieve data and load it into a data page, you can use data virtualization to separate your Pega Platform data model from the physical interface of a legacy system against which the automation is running.

For more information, see Obtaining information from robotic automations.

Java injection vulnerability check

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time.  You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.

For more information, see Configuring the Java injection check.

Usability improvements to Admin Studio

Admin Studio offers a variety of usability enhancements, including:

• New access groups to differentiate between full and read-only access to Admin Studio
• A Java class lookup utility
• A requestor list for the logged-on operator
• The ability to display system node type in the logs

Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.

For more information, see Managing requestors.

Support for the JSON Web Token Bearer grant type for accessing external APIs

You can now access external APIs by using the new OAuth 2.0 JSON Web Token (JWT) Bearer grant type, in an OAuth 2.0 authentication profile. To use the JWT Bearer grant type as a client assertion, source the JWT from an active SSO session, a token profile, or a property reference. You can use JWTs that you obtain during an OpenID Connect SSO in connectors, to achieve user impersonation flows, such as the On-Behalf-Of (OBO) flow. The OAuth 2.0 type authentication profile now also supports authentication of client applications by using Private Key JWTs.

Instances of the OAuth 2.0 provider are now deprecated. As a best practice, use the new, unified authentication profile configuration instead.

For more information, see Configuring an OAuth 2.0 authentication profile.

Upgrade impact

After an upgrade to Pega Platform 8.4 and later, Authentication Profiles can take advantage of the new JWT based OAuth 2.0 grant type and client authentication features. To take advantage of this and other new security features, you must update any existing Authentication Profiles formats must to use those in Pega Platform 8.4 and later.

What steps are required to update the application to be compatible with this change?

Since these features are available only for profiles created in Pega Platform 8.4 and later, clients must open and then save existing 'Authentication Profile' instances to ensure that the configuration is compatible with the latest authentication formats.

Sign and encrypt signatures and content with additional algorithms

You can now authenticate using JSON Web Token (JWT) token profiles to symmetrically and asymmetrically encrypt both signatures and content. All algorithms in the Nimbus JWT library are supported, including nested tokens. Custom key identifier headers (kid) are also supported. Use token profiles to securely propagate identities and transfer data between systems.

For more information, see Creating a processing JSON Web token profile.

For more information, see Creating a generation JSON Web token profile.

Data encryption support for system data

You can now control system-level data security by using data encryption in Pega Platform™. Encryption of system-level data improves the overall security of your system.

For more information, see Configuring the platform cipher and Configuring a keystore for a master key from a custom source.