Customizations to the prlogging.xml file must be manually ported after upgrade
Valid from Pega Version 7.3
As a result of the upgrade from the Apache Log4j 1 logging service to the Apache Log4j 2 logging service, the name of the logging configuration file has changed from prlogging.xml to prlog4j2.xml and the format of the file has changed considerably. If you customized your prlogging.xml file, port the customizations to the new prlog4j2.xml file. If you do not port the changes, the Pega® Platform uses the default prlog4j2.xml file and disregards your customized prlogging.xml file.
For more information about customizing your log files, see the Apache Log4j 2 documentation.
Socket server has changed for remote logging
Valid from Pega Version 7.3
As a result of the upgrade from the Apache Log4j 1 logging service to the Apache Log4j 2 logging service, the socket server that is used for remote logging has changed from the Log4j remote logging package with the LogFactor5 log analysis tool to TcpSocketServer. If you use remote logging, update your socket server to TcpSocketServer. For more information, see Installing and using remote logging.
Monitor standard and custom security events
Valid from Pega Version 7.3
From the new Security Event Configuration landing page, you can select the standard and custom security events that you want the Pega 7 Platform to log automatically for every user session. The security events are grouped into the following types:
- Authentication
- Data access
- Security administration
- Custom
The API logCustomEvent() is provided so that you can create custom security events that are specific to your applications and that can be monitored by the Pega 7 Platform. For more information, see Security Event Configuration.
SAML configuration supports global resource settings
Valid from Pega Version 7.3
In the SAML Authentication Service form, you can now use global resource settings, which allow greater flexibility for values that change compared to using fixed text values. Apply global resource settings, which are dynamic values, in the Identity Provider (IdP) information section and the Service Provider (SP) settings section of the form.
For more information, see Authentication Service form - Completing the SAML 2.0 tab.
Restrict visibility of scalar property values for certain users
Valid from Pega Version 7.3
You can use the Access Control Policy rule to mask individual scalar property values from specified users. You can restrict visibility for the following property types:
- DateTime
- Integer
- Text
For more information, see Masking property visibility for users.
Disable inactive operators
Valid from Pega Version 7.3
As a system administrator, you can control access to an application by disabling Operator IDs. To disable an Operator ID, you can use one of the following options in Designer Studio:
- Call the Service REST: user.
- Change settings on the Operator Access tab on the System Settings landing page or on the Security tab on the Operator ID form.
- Define the number of inactive days in the security policies before an Operator ID is automatically disabled.
For more information, see System Settings - Operator Access tab, Enabling Security Policies, Security tab on the Operator ID form.
Security landing pages and features require privileges
Valid from Pega Version 7.3
Security-related landing pages and features are no longer visible and accessible to every user. To view and configure the following security features, you must have the appropriate privileges:
- Attribute-based access control (ABAC) policies require the pzCanManageSecurityPolicies privilege.
- The Authentication Services landing page requires the pzCanCreateAuthService privilege.
Authenticate users in processes with a JSON Web Token
Valid from Pega Version 7.3
You can generate and process a JSON Web Token (JWT) in Pega® Platform to secure communications in Pega Platform applications. JWTs are intended to securely transmit small amounts of information between two parties. Because the JWT is signed, the integrity of the information is assured. The contents of the JWT can be used to authenticate a user or to exchange information.
For more information, see Token Profile data instance.
Custom domain names in Pega Cloud
Valid from Pega Version Pega Cloud
For your applications hosted on Pega® Cloud, you can use a custom domain name that conforms to your enterprise standards. By using a custom domain name, users of your Pega Cloud-hosted applications see domain names that are familiar to them.
For more information, see Requesting a custom domain name for applications hosted on Pega Cloud.
This functionality is available as of QII 2017.
Automatically process cases with SharePoint
Valid from Pega Version 7.3
You can now use Microsoft SharePoint Online to store and source case and Pulse attachments and to store and source attachments during automated case processing. Users only have to provide authentication and authorization details the first time they access SharePoint Online or when the trust has expired. The authentication profile must be OAuth 2.0 with a grant type of authorization code. The SharePoint Online component can be downloaded from Pega Exchange. For more information, see Downloading and configuring pluggable content management components.