Support for OAuth 2.0 authorization code grant type
Valid from Pega Version 8.1
Pega Platform™ now supports the OAuth 2.0 authorization code grant type, which allows Pega Platform to act as an OAuth 2.0 access token provider for native applications on mobile and other devices. By using the authorization code grant type for mobile clients, you no longer need to implement a variety of standards for various authentication providers. The authorization code grant type also supports the Proof Key for Code Exchange standard (PKCE) for securing public clients.
For more information, see Creating and configuring an OAuth 2.0 client registration.
Use client-based access control to support EU GDPR requirements
Valid from Pega Version 8.1
You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.
For more information, see Client-based access control.
Data encryption support for system data
Valid from Pega Version 8.1
You can now control system-level data security by using data encryption in Pega Platform™. Encryption of system-level data improves the overall security of your system.
For more information, see Configuring the platform cipher and Configuring a keystore for a master key from a custom source.