Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Configuring SSO login authentication with an OpenID Connect identity provider

Updated on June 30, 2021

After you create an OpenID Connect SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map claims from the OpenID Connect provider to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities and operator provisioning.

Before you begin: You must complete the following task before you can configure an OpenID Connect authentication service: Creating an authentication service
Note: If you access Pega Platformusing a reverse proxy server, you must ensure that the reverse proxy is configured before configuring an OIDC SSO authentication service. For more information, see Deployment behind a reverse proxy.
  1. Create an OpenID Connect authentication service, or open an existing service from the navigation panel in Dev Studio by clicking RecordsSysAdminAuthentication Service and choosing an OpenID Connect authentication service from the instance list.
  2. In the Authentication service alias field, specify an alias to represent a unique value for this service. This value becomes the final part of the URL path for users to access Pega Platform.
    • Login URL is a read-only field that displays the URL that accesses Pega Platform and uses this service for user authentication.
    • Authentication flow is a read-only field that identifies the OAuth standard flow type for this authentication service.
  3. Optional: In the Provider logo field, specify an image to display on the login screen that identifies this provider.
  4. Configure the identity provider.
  5. Optional: Configure the optional parameters of the service.
  6. Activate your OpenID Connect authentication service.
  • Previous topic Updating an expired Service Provider certificate in a SAML Authentication Service
  • Next topic Configuring the identity provider for an OpenID Connect SSO authentication service

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us