Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Identifying the operator for custom authentication services

Updated on June 30, 2021

Specify the operator mapping so that a custom authentication service can find the requestor record in your repository and bring values back to Pega Platform.

  1. Open the service from the navigation panel in Dev Studio by clicking RecordsSysAdminAuthentication Service and choosing a service from the instance list, and then navigate to the Service tab.
  2. In the Search filter field, enter an expression to use to find and validate the user's distinguished name (DN). Enter the following format: ( cn=%V ), where cn is the user and %V is the user ID entered by the person logging in. scans the characters in user ID and password input, and deletes any characters (such as asterisk, equals sign, or vertical stroke) that are not allowed by the LDAP specification before calling the LDAP server. These characters are removed without notifying the user or rejecting the request. No log messages or error messages appear.
    Leave the User name attribute field blank. This field provides backward compatibility with a LDAP integration feature provided in Version 4.
    To ensure maximum security, during sign-on, Pega Platform scans the characters in userID and password input and deletes any characters (such as asterisk, equals sign, or vertical stroke) that are not allowed by the LDAP specification before calling the LDAP server. These characters are removed without notifying the user or rejecting the request. No log messages or error messages appear.
  3. Optional: In the Mapping tab, map the naming attributes in the directory sever that correspond to the operator ID properties to locate a model user.
    Complete this step only if the custom authentication service identifies a directory server.
    1. Click the Add item icon, and add three attribute mapping rows.
    2. In each row, in the Property Name field, enter one of the following properties: .pyOrganization, .pyOrgDivision, and .pyOrgUnit.
    3. In the Attribute Name field, enter the user attribute in the directory that relates to the entered operator property, for example, o, ou, and sn.
  4. On the Custom tab, in the Source of operator credentials list, select where the operator credentials are stored.
    • Use credentials stored in PegaRULES – Only the users whose operator ID records do not have Use external authentication selected are allowed access through this service.
    • Use externally stored credentials – Only the users whose operator ID records have Use external authentication selected are allowed access through this service.
  5. Click Save.
  • Previous topic Configuring login using a custom authentication service
  • Next topic Configuring login using a Kerberos authentication service

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us