Creating an authentication service
To override or extend the default authentication process, create an authentication service. By creating an authentication service, you implement more specialized authentication requirements than the default, for example, to use pre-authentication and post-authentication activities.
- In the header of Dev Studio, click .
- In the Authentication Type list, click the authentication
service type.
- Basic credentials – Authentication using a user ID and password, which can be stored in the Pega Platform database or an external source that is accessed by using a data page
- SAML 2.0 – SAML 2.0 web SSO-based authentication
- Custom – LDAP authentication or custom authentication protocol
- Kerberos – Kerberos user credentials
- OpenID Connect – OpenID Connect SSO-based authentication
- Anonymous – Unauthenticated access that uses a model operator
- Token credentials – Useful for offline mobile applications
- Enter a name and short description.
- Click Create and open.
- Configure your authentication service.
- Configuring a basic authentication service
After you create a basic authentication service, configure it so that Pega Platform uses the specified security policies for authenticating users. You can also configure optional features such as preauthentication and postauthentication activities.
- Configuring a SAML SSO authentication service
After you create a SAML SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map attributes from the identity repository to properties in Pega Platform, and also configure optional features such as preauthentication and postauthentication activities and operator provisioning.
- Configuring an OpenID Connect SSO authentication service
After you create an OpenID Connect SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map claims from the OpenID Connect provider to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities and operator provisioning.
- Configuring an anonymous authentication service
After you create an anonymous authentication service, configure it so that Pega Platform can support guest users. You can map attributes from the model operator to properties in Pega Platform, and also configure preauthentication and postauthentication activities.
- Configuring a custom or Kerberos authentication service
After you create a custom or Kerberos authentication service, configure it so that Pega Platform can connect to the repository and find the operator credentials. You can map attributes from the repository to properties in Pega Platform, and can also configure optional features such as authentication and time-out activities.
- Testing an authentication service
You can test and debug an authentication service in a development or staging environment by setting the appropriate log level.
- Configuring login and disablement policies
You can make user authentication more secure by defining policies for password requirements, multifactor authentication, lockout policies, and other similar restrictions.
- Configuring a token credentials authentication service
After you create a token credentials authentication service, configure it so that Pega Platform uses the specified token provider for authenticating users. Select this type of service for offline mobile applications. You can map claims from the token to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities.
Previous topic Authentication services Next topic Configuring a basic authentication service