Authentication services
To override or extend the default authentication process, create, and configure an authentication service.
You can configure your application to authenticate users by using single sign-on (SSO) and external identity providers. Create an authentication service to configure Pega Platform with one of the following authentication methods:
For example, an unauthenticated user can add items to
a shopping cart, and enter credentials when they check out.Authentication type Protocol SAML 2.0 An external identity provider that supports the SAML 2.0 protocol, such as
Microsoft Active Directory. OpenID Connect An external identity provider that supports the OpenID Connect (OIDC)
protocol. Basic Credentials A user ID and password that are stored in the Pega Platform database or in another internal or external data source. Token Credentials A token that is validated by an external identity provider or by the OAuth
2.0 authorization layer in Pega Platform (often used in offline
mobile applications). Anonymous Supports activity by guest users, who are prompted to authenticate themselves
partway through a session. Custom If none of the above authentication types meet your requirements or meets
your use case, you can write your own logic to challenge users for credentials and
to validate the credentials. For example, using a Lightweight Directory Access
Protocol (LDAP)-compliant directory server. Kerberos A network authentication protocol that is based on tickets that can be
securely presented by a client or a service on the client's behalf to a server for
access to services.
Default configuration
By default, your system includes a basic authentication service named Platform Authentication. You can save this service with a new name and change it, and you can create any type of authentication service, including the basic type.
The default servlet, PRAuth, provides a unified authentication gateway so that you do not need to edit prweb.xml or restart the server for new authentication services.
For more information on URL patterns and servlet names, see Application URL patterns for various authentication service types.
Multi-tenancy
When using multi-tenancy, shared users will not be present, so you must complete the following actions:
- In the navigation pane of Dev Studio, click .
- Select the Authentication service that you want to add multi-tenancy.
- Select the Authentication service record, of the selected Authentication service.
- Under the Operator identification tab, change the Model operator to the tenant username.
- Create an operator identical to the tenant username in the model operator.
- For more information, see Creating an operator ID.
Previous topic Authentication Next topic Mapping authentication services in Dev Studio