New hashing algorithm for Password property types
Valid from Pega Version 7.2.2
To provide extra protection against brute-force attacks, a new hashing algorithm has been added to the Pega 7 Platform. Bcrypt is used as a default hashing algorithm for Password property types. The bcrypt key setup algorithm takes a long time to process. This means that potential attackers would have to spend a substantial amount of time testing every possible key.
For more information, see Using the bcrypt hashing algorithm for Password property types.
More efficient load management strategies for large data pages
Valid from Pega Version 7.2.2
The processing of large data pages on the Pega 7 Platform server during the packaging of offline apps is now faster and much more memory-efficient, especially in environments with many concurrent users. Server communication with the data source is now also optimized by reducing the number of data transfers to only what is needed. In addition, all types of refresh strategies are supported for large data pages.
For more information, see Tutorial: How to use large data pages to store large reference data in offline mobile apps.
Discovery features for access control policies
Valid from Pega Version 7.2.2
Access control policies now support discovery features that allow end users to view limited, customizable information about class instances that fail Read policies but satisfy Discover policies. Two types of Discovery gadgets are provided, and when discovery features are enabled, a Discovery gadget is included in the Report Viewer and in search results. Developers can customize these gadgets and include them in other parts of an application user interface.
For more information, see Discovery features for access control policies.
Update and delete actions available in access control policies
Valid from Pega Version 7.2.2
Access control policies support update and delete actions on objects. These actions control which specific instances of a class can be created, updated, or deleted by an end user in a case.
For more information, see Creating an access control policy.
New Mobile Apps form for defining and building mobile apps
Valid from Pega Version 7.2.2
You now create and build mobile apps from the Mobile Apps form instead of from the Mobile tab of the Application rule form. The new console is a control center for mobile apps where you can gather applications, services, components, and settings in one place to fully customize your apps in the Pega 7 Platform. You can create and build one instance of a custom mobile app and define multiple native mobile apps that can use the Pega Mobile SDK. To push notifications to an Android or to an iOS device, you must define an SDK mobile app in the Pega 7 Platform with a certificate set that has push notifications enabled.
For more information, see Configuring a custom mobile app and Configuring push notifications for an SDK app.
Caching of common rules in offline mobile apps
Valid from Pega Version 7.2.2
To help start offline-enabled mobile apps more quickly from the time when the server was started, you can now cache common Pega 7 Platform rules, including node scope data pages. Optionally, you can also either cache all node scope data pages, with the exception of the selected ones, or cache only the node scope data pages that are explicitly specified. You set up the offline caching options for your custom mobile app in the Advanced tab of the Access Group rule form.
For more information, see the Offline Configuration section in Access Group form - Completing the Advanced tab.
Terminate sessions for operators from outside the Pega 7 Platform
Valid from Pega Version 7.2.2
The newly added Users REST API allows an authorized administrator to terminate sessions for one or more operator IDs from outside the Pega® 7 Platform. A typical use case for this API is to terminate a user’s session when the user's security credentials, which are stored externally, are known to have changed.
Access the Pega API by clicking .
Conditional filter logic supported in access control policy conditions
Valid from Pega Version 7.2.2
In the Access Control Policy Condition rule form, you can now add conditional logic that allows you to apply different access control policy conditions based on different situations, such as different types of users. The policy condition filters that are enforced are based on the results of Access When rules. Conditional filters can be configured to allow certain highly privileged users to bypass access control security in certain situations. This is accomplished by entering an Access When but leaving the conditional logic field blank. When such a filter is applied to a read access policy it also should be applied to the corresponding discover policy.
For more information, see Creating an access control policy condition.
Testing push notifications service connection and configuration
Valid from Pega Version 7.2.2
From the Push Notifications console, you can now quickly test the configuration of and connection to the push notifications services for both the Android and iOS platforms. Testing push notifications helps to eliminate issues that might occur when you are using a firewall or a secure connection (SSL) between the Pega 7 Platform and your mobile app. If any configuration, connection, or service test errors are generated, you can download and examine the contents of a log file to determine the cause of the error.
For more information, see Testing push notifications.
Data transform support in offline-enabled applications
Valid from Pega Version 7.2.2
You can now use data transforms in offline-enabled applications to reduce the need to write your own custom JavaScript functions. Data transforms are automatically packaged for offline use when they are configured on flow connectors, as preprocessing or postprocessing data transforms on a flow action, or on refresh actions or data transform actions on controls in a section. You also can run a data transform in offline mode by using a Run Script action or a custom JavaScript function, provided you add the data transform definition to the rule of offline-supported data transforms.
For more information, see Data transform support in offline mode.