New access control policy for encrypting properties
Valid from Pega Version 7.4
With attribute-based attribute control, you can now encrypt property values in the database, clipboard, logs, and search indexes for any property type. If no policy obfuscates an encrypted property, its value is visible in UI controls and reports.
For more information, see Creating an access control policy.
New privilege required to access the Search landing page
Valid from Pega Version 7.4
After upgrading to Pega® Platform 7.4, users who do not have the pxAccessSearchLP privilege cannot access the Search landing page. The pxAccessSearchLP privilege is automatically assigned to the SysAdm4 role. If you have other roles that require access to the Search landing page, you must add the pxAccessSearchLP privilege to those roles.
For more information about assigning privileges to roles, see User privilege authorization. (Link to: basics/v6portal/landingpages/accessmanager/customizeprivilegestab.htm)
Support for OAuth 2.0 authorization code grant type
Valid from Pega Version 8.1
Pega Platform™ now supports the OAuth 2.0 authorization code grant type, which allows Pega Platform to act as an OAuth 2.0 access token provider for native applications on mobile and other devices. By using the authorization code grant type for mobile clients, you no longer need to implement a variety of standards for various authentication providers. The authorization code grant type also supports the Proof Key for Code Exchange standard (PKCE) for securing public clients.
For more information, see Creating and configuring an OAuth 2.0 client registration.
Use client-based access control to support EU GDPR requirements
Valid from Pega Version 8.1
You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.
For more information, see Client-based access control.
Support for the decisioning-enabled NLP text analyzer in IVAs and Email Bots
Valid from Pega Version 8.3
You can now use the new intelligent natural language processing (iNLP) text analyzer in Pega Intelligent Virtual Assistants™ (IVAs) and Pega Email Bots™. This advanced text analyzer is decisioning-enabled and empowers IVA or Email Bot for all conversational channels to provide smarter responses. The decisioning capability in the system integrates text analytics with strategies, prepositions, and interaction history, to provide the context for making better next-best-action decisions.
For more information, see Use the decisioning-enabled NLP text analyzer in IVAs and Email Bots, Defining advanced Facebook text analyzer configuration and Facebook channel behavior.
Upgrade impact
Existing channels remain with the current configuration, and their current functionality does not change. Channels created after the upgrade automatically use the new text analyzer.
What steps are required to update the application to be compatible with this change?
The new text analyzer is enabled or disabled using a new interactive API (iAPI) selection, which is selected by default for new channels. You can disable the iAPI for new channels if you want to maintain current functionality. You can also enable it for existing channels if you want to move existing channels to the new functionality.
Java injection vulnerability check
Valid from Pega Version 8.3
Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time. You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.
For more information, see Configuring the Java injection check.
Usability improvements to Admin Studio
Valid from Pega Version 8.3
Admin Studio offers a variety of usability enhancements, including:
- New access groups to differentiate between full and read-only access to Admin Studio
- A Java class lookup utility
- A requestor list for the logged-on operator
- The ability to display system node type in the logs
Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.
For more information, see Managing requestors.
Support for multiple work queues in the Email Manager portal
Valid from Pega Version 8.3
Pega Email Bot™ now provides multiple work queues in the Email Manager portal. With this functionality, operators, such as customer service representatives, can now triage cases more efficiently by selecting different work queues. Operators have access to work queues only for the current Pega Platform™ application.
For more information, see Email Manager portal.
Support for the JSON Web Token Bearer grant type for accessing external APIs
Valid from Pega Version 8.4
You can now access external APIs by using the new OAuth 2.0 JSON Web Token (JWT) Bearer grant type, in an OAuth 2.0 authentication profile. To use the JWT Bearer grant type as a client assertion, source the JWT from an active SSO session, a token profile, or a property reference. You can use JWTs that you obtain during an OpenID Connect SSO in connectors, to achieve user impersonation flows, such as the On-Behalf-Of (OBO) flow. The OAuth 2.0 type authentication profile now also supports authentication of client applications by using Private Key JWTs.
Instances of the OAuth 2.0 provider are now deprecated. As a best practice, use the new, unified authentication profile configuration instead.
For more information, see Configuring an OAuth 2.0 authentication profile.
Upgrade impact
After an upgrade to Pega Platform 8.4 and later, Authentication Profiles can take advantage of the new JWT based OAuth 2.0 grant type and client authentication features. To take advantage of this and other new security features, you must update any existing Authentication Profiles formats must to use those in Pega Platform 8.4 and later.
What steps are required to update the application to be compatible with this change?
Since these features are available only for profiles created in Pega Platform 8.4 and later, clients must open and then save existing 'Authentication Profile' instances to ensure that the configuration is compatible with the latest authentication formats.
Sign and encrypt signatures and content with additional algorithms
Valid from Pega Version 8.4
You can now authenticate using JSON Web Token (JWT) token profiles to symmetrically and asymmetrically encrypt both signatures and content. All algorithms in the Nimbus JWT library are supported, including nested tokens. Custom key identifier headers (kid) are also supported. Use token profiles to securely propagate identities and transfer data between systems.
For more information, see Creating a processing JSON Web token profile.
For more information, see Creating a generation JSON Web token profile.