Conditional filter logic supported in access control policy conditions
Valid from Pega Version 7.2.2
In the Access Control Policy Condition rule form, you can now add conditional logic that allows you to apply different access control policy conditions based on different situations, such as different types of users. The policy condition filters that are enforced are based on the results of Access When rules. Conditional filters can be configured to allow certain highly privileged users to bypass access control security in certain situations. This is accomplished by entering an Access When but leaving the conditional logic field blank. When such a filter is applied to a read access policy it also should be applied to the corresponding discover policy.
For more information, see Creating an access control policy condition.
Use Kerberos credentials in a Pega application to authenticate and access external systems
Valid from Pega Version 7.2.2
Authentication services now support Kerberos as an authentication type. When you connect from the Pega 7 Platform to external systems and services that require Kerberos authentication, the Pega 7 Platform stores the user Kerberos credentials and makes them available in Pega 7 Platform connectors.
For more information, see Using Kerberos credentials in a Pega application to authenticate and access external systems.
Pega File Listener process changes
Valid from Pega Version 7.2.2
Beginning with Pega 7.2.2, File Listener processes files in a different way:
- File movement in directories – Previously, files were processed from the Work directory. In Pega 7.2.2, files are processed from the source location. Files move to the Work directory only if the initial processing fails and Recovery is disabled.
- New file processing – Previously, File Listener would process all files in the source location, even if the files were added during the processing. In Pega 7.2.2, files added to the source location during processing are read the next time the File Listener starts.
For more information, see File Listener data instances.
Automatically process cases with Box
Valid from Pega Version 7.2.2
You can now use Box to store attachments during automated case processing without requiring user input at run time for authentication or authorization with Box. The authentication profile must be OAuth 2.0 with a grant type of authorization code. You can view which apps are connected, connect apps, and disconnect apps on the Connected apps landing page.
For more information, see Connected apps landing page.
Single sign-on (SSO) support for Box
Valid from Pega Version 7.2.2
You can now use SSO integration with Box so that users who have already been authenticated are not asked to reauthenticate when accessing Box from their Pega application. The Pega application and the Box application must use the same identity provider federation. This capability provides an integrated user experience and supports automated case processing of attachments.
For more information, see Authentication Profile data instances - Completing the OAuth 2.0 tab.
Send and receive queued messages securely with IBM MQ servers
Valid from Pega Version 7.2.2
You can now configure applications developed on the Pega 7 Platform for secure message queuing with IBM MQ servers by using the MQ server rule form. You secure the connection by specifying the cipher suites with encryption standards that meet your requirements and the SSL/TLS X.509 certificates that you use for authentication.
For more information, see Configure secure message queuing with IBM MQ servers.
SAML 2.0 single sign-on authentication in multitenant environments
Valid from Pega Version 7.2.2
Multitenant application environments can now use SAML 2.0 for single sign-on (SSO) and single logout (SLO). Application users can access any authorized SSO multitenant applications without logging in to each application individually. SAML simplifies the login and logout process for users, mitigates security risks, and reduces the implementation costs that are associated with identity management.
For more information about configuring SAML 2.0 for single sign-on, see Web single sign-on (SSO) with SAML 2.0.
New PegaRULES:PegaAPISysAdmin role
Valid from Pega Version 7.2.2
The role PegaRULES:PegaAPISysAdmin has been added to the Pega 7 Platform. This required role gives system administrators access to the Pega API REST User Services and is not required for other services.
For more information, see Securing the Pega API.
Issue with the Sandbox directive on the Content Security Policy rule form has been fixed
Valid from Pega Version 7.2.2
An issue that related to the Sandbox directive not being applied, even after a value in the Content Security Policy rule form was selected, has been fixed. As a result, restrictions that are applied based on the settings in the Sandbox directive are now more closely aligned with the World Wide Web Consortium (W3C) specification than in previous releases. You should test your Content Security Policy to ensure that this change does not cause unexpected behavior in your application, such as making the security policy too restrictive.
Functionality of the pyInvokeRESTConnector rule and the pxDeferenceEndpoint rule moved to core engine
Valid from Pega Version 7.2.2
The functionality of the pyInvokeRESTConnector rule and the pxDeferenceEndpoint rule has been moved into the core engine code of the Pega 7 Platform. This change provides more consistent behavior, reduces maintenance, and reduces the risk of regression issues. As a result, you can no longer customize these rules, and upgrading the Pega 7 Platform requires special considerations if you previously customized these rules.
For more information, see Upgrading with customized pyInvokeRESTConnector and pxDeferenceEndpoint rules.