Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Security tab of the Application Definition

Updated on June 30, 2021

Use this tab to define security settings in your application, map authentication services, and enable content, mashups, and digital messaging security.

Application Definition

To view the Application Definition, in the header ofDev Studio, click your application name, and then click Definition.

Security Tab

The Application Definition contains seven tabs, including the Security tab. To view the Security tab, in the header of Dev Studio, click your application name, and then click Definition Security.

The Security tab contains the following sections: Application security, Authentication, Content security, Mashup security and Digital Messaging security.

Application security

Application security has one setting: the Require password to update application check box, which should be selected when creating an application. The Require password to update application check box should remain selected.

Select the Require password to update application check box if you want to change or update the password that users must enter when updating the application, and then click Update password to set the password.

For more information, see Setting your application password.

The following figure shows the Application security section:

The application security section of the Security tab of the Application definition
The application security section of the Security tab of the Application definition

Authentication

Authentication services are new to Pega Platform. Users with the pzAdvancedSecurityUser privilege can map authentication services to an application. By default, the PegaRULES:SecurityAdministrator includes the pzAdvancedSecurityUser privilege.

By mapping an authentication service, a security administrator can define the authentication service mechanism that users use to log in to an application. Administrators can also create a default login mechanism and interactive screen the user selects an authentication service to login.

The Authentication section changes depending on whether you have already mapped authentication services.

The following figure shows the Authentication section for a system that does not have any mapped authentication services:

The authentication services section of the Security tab of the Application definition
The authentication services section of the Security tab of the Application definition

The following figure shows the Authentication section for a system that already has mapped authentication services:

A populated authentication services section of the Security tab of the Application definition
A populated authentication services section of the Security tab of the Application definition

For more information, see Mapping authentication services in Dev Studio.

You can also map authentication services in App Studio, without using the Application Definition. For more information, see Mapping authentication services in App Studio.

Content security

The content security policy (CSP) is a set of directives that inform the user's browser of locations from which an application is allowed to load resources, such as fonts, images, and style sheets.

Use the Policy name field to select the content security policy. You can configure this content security policy directly from this page by clicking the configure icon after you select the policy.

Use the Mode setting to specify what the browser does when a policy is violated:

ModeSystem behavior
Reject and ReportEnforce the policy and report the violation.
Note: The content source must be in the correct list.
Report OnlyReport the violation, but do not enforce the policy.

The following figure shows the Content security section:

The content security section of the Security tab of the Application definition
The content security section of the Security tab of the Application definition

For more information, see:

Mashup security

Mashup security is used to define the external URLs that are allowed to access Pega Platform so that the host page can communicate with the mashup gadget, if you use the mashup feature to embed Pega Platform content in an external application. This feature functions, in part, as an allow list.

The following figure shows the Mashup security section:

The mashup security section of the Security tab of the Application definition
The mashup security section of the Security tab of the Application definition

For more information, see Securing your application for mashup communication.

Digital Messaging security

This security feature is used to set up messaging platforms for Pega Intelligent Virtual Assistant (IVA) for Digital Messaging. To start using Digital Messaging, you must configure and define the security settings for the channel and the system. Examples of messaging platforms that are useable by the IVA include Apple Business Chat, Facebook Messenger, MMS/SMS (Twilio), Twitter, and WhatsApp Messenger.

The following figure shows the Digital Messaging security section:

The Digital messaging security section of the Security tab of the Application definition
The Digital messaging security section of the Security tab of the Application definition

For more information, see Configuring channel security.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us