Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Configuring an application to use an anonymous authentication service

Updated on March 15, 2022

Enhance your application's user experience by enabling anonymous users to connect to the application without entering any login credentials, and prompting them for authentication partway through a session. You can build this type of application by using an anonymous authentication service and the reauthentication gadget.

For example, at most online shopping portals, you can shop without identifying yourself. When you check out, however, you receive a prompt for credentials.
  • Create the anonymous authentication service of the Anonymous authentication type.
    For more information, see Creating an authentication service.
  • Create one or more non-anonymous authentication services of any authentication type except Anonymous.
    For more information, see Creating an authentication service.
    Result: At run time, when an authentication prompt is displayed, the user selects an authentication service.
  • Create an application.
    Create the application in a ruleset that is accessible to guest users. Users initially connect as guests by using the Login URL that is shown on the authentication service form. For more information, see Authentication services and rule availability.
  • Configure the application to trigger the authentication mechanism at the step where you want to prompt the user for credentials, by starting the local flow action pyReAuthGadget.
    This flow action displays the section pxReAuthGadget, where the user authenticates. The target of the pyReAuthGadget flow action can be a modal dialog box or an overlay. The Replace Current target, which is displayed in the list of options, is not supported.
    For example: A shopping application can have a button that invokes pyReAuthGadget when a user checks out.
    You can use the when rule pzIsAnonymousUser at any time to check whether the user has reauthenticated. A return value of false indicates that the user has provided valid credentials and has been authenticated. Use this when rule to conditionally display a button or link to pyReAuthGadget.
    Result: At run time, pxReAuthGadget displays the names of the enabled authentication services so that the user can select a service and provide their credentials. You can optionally modify the user interface by customizing the gadget.

    After the user authenticates, the gadget invokes the activity pyMigrateDataForReAuthenticated, while Pega Platform passes the old guest operator ID and the newly authenticated operator ID as input parameters to this activity.

    Note: You can extend this activity to copy data, such as the shopping cart contents, from the original user to the newly authenticated user. For example, a shopping application stores shopping cart information for all active users in the cart table, keyed by operator ID. When the user authenticates, your customized version of pyMigrateDataForReAuthenticated copies the relevant cart data from the old user to the new user and saves the cart.

  • Previous topic Activating your anonymous authentication service
  • Next topic Configuring custom or Kerberos login authentication

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us