Published Release Notes

Support for encrypted traffic in a cluster

The Pega 7 Platform includes the Ignite platform, which supports encryption for intra-cluster communications. You can now configure encryption for intra-cluster traffic for compliance with regulatory or organizational security requirements.

For more information, see Enabling encrypted traffic between nodes.

Improved capability to attach content in offline-enabled applications

The feature for attaching content in applications while in offline mode has been enhanced. A list of attached content is displayed in the application while in offline mode. You can view or delete attachments if the application has not yet been synchronized with the server. You also can change the maximum size of a file that you can attach while working in offline mode. This option gives you the flexibility to select the right size of attachment for a specific application for performance, memory limitation, or security reasons.

For more information, see Attach content support in offline mode.

Monitor standard and custom security events

From the new Security Event Configuration landing page, you can select the standard and custom security events that you want the Pega 7 Platform to log automatically for every user session. The security events are grouped into the following types:

• Authentication
• Data access
• Security administration
• Custom

The API logCustomEvent() is provided so that you can create custom security events that are specific to your applications and that can be monitored by the Pega 7 Platform. For more information, see Security Event Configuration.

SAML configuration supports global resource settings

In the SAML Authentication Service form, you can now use global resource settings, which allow greater flexibility for values that change compared to using fixed text values. Apply global resource settings, which are dynamic values, in the Identity Provider (IdP) information section and the Service Provider (SP) settings section of the form.

For more information, see Authentication Service form - Completing the SAML 2.0 tab.

Fingerprint authentication in Pega Mobile Client

The authentication feature in Pega Mobile Client has been extended to support user credentials that are secured by a fingerprint reader. The FingerprintAuthenticator object and its methods replace the TouchID API. A compatibility layer has been created to support custom mobile apps that use the deprecated API. This functionality is available on iOS and selected Android devices.

For more information, see Authentication API.

Restrict visibility of scalar property values for certain users

You can use the Access Control Policy rule to mask individual scalar property values from specified users. You can restrict visibility for the following property types:

• DateTime
• Integer
• Text

For more information, see Masking property visibility for users.

Enhancement to the error and warning handling JavaScript API

During offline post processing of a flow in an application, you can now use the ClientCache JavaScript API to handle informational and warning messages in addition to error messages. Several ClientCache API JavaScript functions have been updated for this purpose. Informational, warning, and error messages are displayed when you submit a form, but only error messages prevent you from advancing the case.

For more information, refer to Error and warning handling API in offline mode.

New customization options for paused custom mobile apps on Android

You can now customize the presentation of a paused custom mobile app for Android. You can upload a custom status bar icon and customize the title and message that are displayed in the device's notification area. Also, you can use a new optional parameter of the startKeepAlive method of the Pega Mobile Client's Container API as an alternative way of setting the notification title.

For more information, see Customizing the paused Android app notification.

Disable inactive operators

As a system administrator, you can control access to an application by disabling Operator IDs. To disable an Operator ID, you can use one of the following options in Designer Studio:

• Call the Service REST: user.
• Change settings on the Operator Access tab on the System Settings landing page or on the Security tab on the Operator ID form.
• Define the number of inactive days in the security policies before an Operator ID is automatically disabled.

For more information, see System Settings - Operator Access tab, Enabling Security Policies, Security tab on the Operator ID form.

Security landing pages and features require privileges

Security-related landing pages and features are no longer visible and accessible to every user. To view and configure the following security features, you must have the appropriate privileges:

• Attribute-based access control (ABAC) policies require the pzCanManageSecurityPolicies privilege.
• The Authentication Services landing page requires the pzCanCreateAuthService privilege.