Configuring login authentication with basic credentials
After you create a basic authentication service, configure it so that Pega Platform uses the specified security policies for authenticating users. You can also configure optional features such as preauthentication and postauthentication activities.
The default means of authentication for Pega Platform is a basic authentication service that is named Platform
Authentication. All basic authentication services include support for mobile
OAuth 2.0 authentication with proof key for code exchange (PKCE).
- Create a basic authentication service, or open an existing service from the navigation panel in Dev Studio by clicking and selecting a basic credentials authentication service from the instance list.
- In the Authentication service alias field, specify an
alias to represent a unique value for this service. This value becomes the final
part of the URL path for users to access Pega Platform. Login URL is a read-only field that displays the URL that accesses Pega Platform and uses this service for user authentication.
- Optional: In the Provider logo field, specify an image to display on the login screen that identifies this provider.
- Optional: To authenticate new sessions against an external data source instead of the Pega Platform database, select the Verify credentials using
external identity store check box and enter a name for Data page
for credentials verification. For example, to verify the identities of
external customers, follow these steps:
- Create a requestor-scope read-only data page, with object type equal to Data-Admin-Operator-ID. Save the data page to the unauthenticated ruleset.
- Create a data transform with an applies to class equal to Data-Admin-Operator-ID and having input parameters for user name and password. Validate the user name and password against the external data source. In the data transform, when the input parameters are valid, set .pyApproveStatus to true. Save the data transform to the unauthenticated ruleset.
- On the data page, set the data source equal to the data transform that you just created.
- On the authentication service, set Data page for credentials verification equal to the name of the data page you just created.
- At run time, if the operator authenticates against a data page and the operator does not exist in the Pega Platform database, the operator must be provisioned (or added to the Pega Platform database). For information about operator provisioning, see Configuring operator provisioning for a basic authentication service.
- In the Map Operator Id field, provide an expression for deriving
the operator ID from the user name that is entered at the time of authentication. To use
the Expression Builder, click the Build an expression icon.For example, a user could log in with an email address such as [email protected], but the operator ID is User123. Use the Expression Builder to use all of the characters before the "@" sign.
- Optional: Configure the optional parameters of the service.
- Activate your basic authentication service.
- Customizing authentication screens in your Pega application
To customize the login screen of your authentication service, edit the source HTML in the pyDisplayAuthScreenSelector.
Previous topic Creating an authentication service Next topic Mapping operator information for a basic authentication service