Published Release Notes

Use Kerberos credentials in a Pega application to authenticate and access external systems

Authentication services now support Kerberos as an authentication type. When you connect from the Pega 7 Platform to external systems and services that require Kerberos authentication, the Pega 7 Platform stores the user Kerberos credentials and makes them available in Pega 7 Platform connectors.

For more information, see Using Kerberos credentials in a Pega application to authenticate and access external systems.

SAML 2.0 single sign-on authentication in multitenant environments

Multitenant application environments can now use SAML 2.0 for single sign-on (SSO) and single logout (SLO). Application users can access any authorized SSO multitenant applications without logging in to each application individually. SAML simplifies the login and logout process for users, mitigates security risks, and reduces the implementation costs that are associated with identity management.

For more information about configuring SAML 2.0 for single sign-on, see Web single sign-on (SSO) with SAML 2.0.

New PegaRULES:PegaAPISysAdmin​ role

The role PegaRULES:PegaAPISysAdmin​ has been added to the Pega 7 Platform. This required role gives system administrators access to the Pega API REST User Services and is not required for other services.

For more information, see Securing the Pega API.

Issue with the Sandbox directive on the Content Security Policy rule form has been fixed

An issue that related to the Sandbox directive not being applied, even after a value in the Content Security Policy rule form was selected, has been fixed. As a result, restrictions that are applied based on the settings in the Sandbox directive are now more closely aligned with the World Wide Web Consortium (W3C) specification than in previous releases. You should test your Content Security Policy to ensure that this change does not cause unexpected behavior in your application, such as making the security policy too restrictive.

Support for OAuth 2.0 authorization code grant type

Pega Platform™ now supports the OAuth 2.0 authorization code grant type, which allows Pega Platform to act as an OAuth 2.0 access token provider for native applications on mobile and other devices. By using the authorization code grant type for mobile clients, you no longer need to implement a variety of standards for various authentication providers. The authorization code grant type also supports the Proof Key for Code Exchange standard (PKCE) for securing public clients.

For more information, see Creating and configuring an OAuth 2.0 client registration.

Use client-based access control to support EU GDPR requirements

You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.

For more information, see Client-based access control.

Java injection vulnerability check

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time.  You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.

For more information, see Configuring the Java injection check.

Usability improvements to Admin Studio

Admin Studio offers a variety of usability enhancements, including:

• New access groups to differentiate between full and read-only access to Admin Studio
• A Java class lookup utility
• A requestor list for the logged-on operator
• The ability to display system node type in the logs

Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.

For more information, see Managing requestors.

Business logic-based routing to process cases more efficiently

Process cases more efficiently by defining business logic-based routing options to route tasks to customer service representatives (CSRs) who have a specified availability or skillset. For example, you can ensure that a task is routed to a CSR with a high level of a German language if it is your business need. You can also create custom lists of operators and work queues to filter CSRs who can receive an assignment.

For more information, see Choosing an assignee at run time in Dev Studio, Choosing an assignee at run time in App Studio, Configuring business logic-based routing APIs.

Task board enhancements for improved tracking of tasks

App Studio and end-user portals, such as Case Manager, now provide an enhanced task board which helps you improve collaboration on task resolution. For example, you can create a checklist within a task, and then update the checklist to inform other users about the progress of the task. Attach content to a task to ensure that all users have the information that they need, and to make tasks more meaningful. Now you can also categorize tasks, and then filter them by category, to quickly access relevant information.

For more information, see Monitoring and tracking tasks in Dev Studio, Monitoring and tracking tasks in App Studio.