Published Release Notes

Support for OAuth 2.0 authorization code grant type

Pega Platform™ now supports the OAuth 2.0 authorization code grant type, which allows Pega Platform to act as an OAuth 2.0 access token provider for native applications on mobile and other devices. By using the authorization code grant type for mobile clients, you no longer need to implement a variety of standards for various authentication providers. The authorization code grant type also supports the Proof Key for Code Exchange standard (PKCE) for securing public clients.

For more information, see Creating and configuring an OAuth 2.0 client registration.

Use client-based access control to support EU GDPR requirements

You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.

For more information, see Client-based access control.

Data encryption support for system data

You can now control system-level data security by using data encryption in Pega Platform™. Encryption of system-level data improves the overall security of your system.

For more information, see Configuring the platform cipher and Configuring a keystore for a master key from a custom source.

Upgrading to the secure threading mechanism for email bots

In Pega Platform™ version 8.6, Pega Email Bot™ includes a more secure threading mechanism to help track emails from customers and other stakeholders in separate threads for an email triage case.

Upgrade impact

If you upgrade from Pega Platform version 8.5 or earlier, in which you configured an Email channel, perform the following steps to ensure that your system uses the new secure threading mechanism:

• Update the service email rule that the system uses to send an email reply as the initial acknowledgment.
• Update the email reply template in the data transform rule that the system uses when a customer service representative (CSR) sends the reply.

For more information about creating an initial acknowledgment email and email reply template, see Creating outbound email templates. For more information about the secure threading mechanism, see Use a secure threading mechanism in emails.

What steps are required to update the application to be compatible with this change?

For the initial acknowledgment email used by your email bot, update the service method for your email listener rule. On the Response tab for this service email rule, expand the Message contents section. In the Message data section, you specify the rule that defines the structure of the content of the email body. In Pega Platform version 8.6, you use for this purpose the pyEmailAcknowledgement correspondence rule that takes into account the selected built-in template. This template includes the security code tag that the system uses for the secure threading mechanism. If your application uses a different rule in the Message data section, update this definition to match one of the built-in correspondence template rules, for example, EmailAckTemplate_Clear.

The pySetEmailBotReplyTemplate data transform rule sets the name of the email correspondence rule that the system uses as the email reply template. If you do not want to use the default approach using the Classic, Cobalt, or Clear outbound email template themes, override this data transform rule to set the email correspondence rule name for the Param.ReplyTemplate target in the Source column field.

For more information about how to update the service email rule and the data transform rule to ensure that your system uses the secure threading mechanism, see Upgrading to the threading mechanism available in the 8.6 version.