Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Mapping operator information for a SAML SSO authentication service

Updated on July 1, 2021

To enable the login process to authenticate the requestor, specify the attribute returned in the identity provider's SAML assertion that corresponds to the Pega Platform operator ID. You can also map other attributes from the SAML assertion to selected properties and pages that are used by your preauthentication and postauthentication activities or by other Pega Platform features such as access control policies.

  1. Open the service from the navigation panel in Dev Studio by clicking RecordsSysAdminAuthentication Service and choosing a service from the instance list. On the SAML 2.0 tab, navigate to the Operator identification section.
  2. In the Map operator id from section, select one of the following.
    • Name identifier in the subject
    • Attribute, then specify the attribute surrounded by braces, for example, {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress}
  3. Optional: To map additional attributes, click the Mapping tab.
  4. Optional: Map the attributes from your login process to properties and pages that are used by your preauthentication and postauthentication activities or elsewhere in Pega Platform.
    1. You can use the following properties and pages in the Map from field. You can also reference custom properties and pages that are used in a login flow, and you can use the Expression Builder.
      Page nameDescription
      pxRequestorThe requestor page
    2. You can use the following properties and pages in the Map to field. You can also reference custom properties and pages that are used in a login flow.
      Page nameDescription
      OperatorIDProperties of the operator ID
      D_pyOperatorAttributesRequestor-scoped data page for caching operator attributes
      D_pyOperatorDeviceInformationRequestor-scoped data page for caching operator device information
  5. You can also use the following properties and pages in the Map from field for a SAML authentication service.
    Page nameDescription
    D_SAMLAssertionDataPageThe SAML assertion.
  6. Click Save.
What to do next: Specifying preauthentication and postauthentication activities for a SAML SSO authentication service
  • Previous topic Configuring the identity provider for a SAML SSO authentication service
  • Next topic Specifying preauthentication and postauthentication activities for a SAML SSO authentication service

Related articles

Authentication servicesMore about authentication servicesConfiguring a SAML SSO authentication serviceExpression Builder

Tags

Pega Platform 8.4 Security

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us