Configuring SSO login authentication with a SAML identity provider
After you create a SAML SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map attributes from the identity repository to properties in Pega Platform, and also configure optional features such as preauthentication and postauthentication activities and operator provisioning.
- Create a SAML SSO authentication service, or open an existing service from the navigation panel in Dev Studio by clicking and selecting a SAML SSO authentication service from the instance list.
- In the Authentication service alias field, specify an
alias to represent a unique value for this service. This value becomes the final
part of the URL path for users to access Pega Platform. Login URL is a read-only field that displays the URL that accesses Pega Platform and uses this service for user authentication.
- Optional: In the Provider logo field, specify an image to display on the login screen that identifies this provider.
- Configure the identity provider.
- Map the operator ID.
- Optional: Configure the optional parameters of the service.
- Activate your SAML SSO authentication service.
- Updating an expired identity provider certificate in a SAML Authentication Service
If you are using a SAML Authentication service and your Identity Provider (IdP) certificate has expired, you need to reimport the Identity Provider metadata. This is the easiest way to update an expired IdP certificate.
- Updating an expired Service Provider certificate in a SAML Authentication Service
If you are using a SAML Authentication service and your Service provider certificate has expired, then you need to create a new keystore, select that keystore under Service Provider details, and re-export the service provider metadata to the identity provider.
Previous topic Activating your basic authentication service Next topic Configuring the identity provider for a SAML SSO authentication service