Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Security

Updated on July 1, 2021

Pega Platform protects against a wide variety of security risks. Use the platform features related to authentication, authorization, and auditing to protect and monitor the use of your application. Pega Platform protects you against adverse security events, whether they be inadvertent or malicious.

  • Security Checklist

    The Security Checklist provides Pega's leading practices for securely deploying applications. To assist you in tracking the completion of the tasks in the Security Checklist, Pega Platform shows the overall completion on the Dev Studio Home page, and built-in ways to track the status of each task.

  • Authentication

    Authentication in Pega Platform ensures that only users and systems whose identity has been verified can access your applications. Authentication in Pega Platform includes user logins, platform requests to external services, and external service requests to the platform. You can also authenticate by using an external identity provider.

  • Authorization

    Authorization in Pega Platform ensures that after users log in, they have access to only the platform features and data that they need for their work. Pega Platform offers three types of authorization: role-based access control, attribute-based access control, and client-based access control. You can use these authorization features together to provide the strictest level of control.

  • Auditing

    Pega Platform tracks many types of security events such as failed logins and password changes. You can optionally track many other types of security events, as well as changes to rules and data. By tracking these changes, you can understand how your system is functioning and be alerted of any potential problems.

  • Security assets and the environment

    Beyond authentication, authorization, and auditing, Pega Platform offers many other security features that you can configure, such as encryption, HTTP response headers, and Web Service Security profiles. Use these features to ensure that your system is as secure as possible.

  • Creating a token profile

    Use a JSON Web Token (JWT) to exchange information securely between two different parties. For example, a JWT can carry information about a user that can be used by another party to authenticate the identity of the user.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us