Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Configuring login authentication with basic credentials

Updated on March 15, 2022

After you create a basic authentication service, configure it so that Pega Platform uses the specified security policies for authenticating users. You can also configure optional features such as preauthentication and postauthentication activities.

Before you begin: You must complete the following task before you can configure a basic authentication service: Creating an authentication service.
The default means of authentication for Pega Platform is a basic authentication service that is named Platform Authentication. All basic authentication services include support for mobile OAuth 2.0 authentication with proof key for code exchange (PKCE).
  1. Create a basic authentication service, or open an existing service from the navigation panel in Dev Studio by clicking Records > SysAdmin > Authentication Service and selecting a basic credentials authentication service from the instance list.
  2. In the Authentication service alias field, specify an alias to represent a unique value for this service. This value becomes the final part of the URL path for users to access Pega Platform.
    Login URL is a read-only field that displays the URL that accesses Pega Platform and uses this service for user authentication.
  3. Optional: In the Provider logo field, specify an image to display on the login screen that identifies this provider.
  4. Optional: To authenticate new sessions against an external data source instead of the Pega Platform database, select the Verify credentials using external identity store check box and enter a name for Data page for credentials verification. For example, to verify the identities of external customers, follow these steps:
    1. Create a requestor-scope read-only data page, with object type equal to Data-Admin-Operator-ID. Save the data page to the unauthenticated ruleset.
    2. Create a data transform with an applies to class equal to Data-Admin-Operator-ID and having input parameters for user name and password. Validate the user name and password against the external data source. In the data transform, when the input parameters are valid, set .pyApproveStatus to true. Save the data transform to the unauthenticated ruleset.
    3. On the data page, set the data source equal to the data transform that you just created.
    4. On the authentication service, set Data page for credentials verification equal to the name of the data page you just created.
    5. At run time, if the operator authenticates against a data page and the operator does not exist in the Pega Platform database, the operator must be provisioned (or added to the Pega Platform database). For information about operator provisioning, see Configuring operator provisioning for a basic authentication service.
  5. In the Map Operator Id field, provide an expression for deriving the operator ID from the user name that is entered at the time of authentication. To use the Expression Builder, click the Build an expression icon.
    For example, a user could log in with an email address such as [email protected], but the operator ID is User123. Use the Expression Builder to use all of the characters before the "@" sign.
  6. Optional: Configure the optional parameters of the service.
  7. Activate your basic authentication service.
  • Previous topic Creating an authentication service
  • Next topic Mapping operator information for a basic authentication service

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us