Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Creating a SAML SSO authentication service in App Studio

Updated on March 15, 2022

Create a Security Assertion Markup Language (SAML) single-sign on (SSO) authentication service so that users can authenticate using a SAML identity provider.

Before you begin: To create an authentication service, you must have the pzCanCreateAuthService privilege, which is included in the PegaRULES:SecurityAdministrator role.

Before you create a SAML authentication service, you must register with the identity provider. You do this outside of Pega Platform.

  1. In the navigation pane of App Studio, click UsersSingle sign-on (SSO).
  2. Click New, and then click SAML 2.0.
  3. Enter a Name for the service.
    Result: The value that you enter is used to populate the Login URL field. Users access this URL to log in to your application.
  4. Click Import metadata to import metadata from your identity provider.
    • To select a URL where the metadata is stored, select via URL, enter a URL, and click Submit.
    • To select a file where the metadata is stored, select via file, enter a file name, and click Submit.
  5. Select how to map the user identifier from the SAML assertion to the Pega operator ID.
    • To map from the standard name identifier attribute, select NameID.
    • To map from any other SAML attribute, select Attribute and enter an attribute name. Enclose the attribute name in curly braces, for example, {uid}.
  6. Optional: To automatically create an operator when the operator who is logging in does not already exist in the Pega database, do the following steps.
    1. Select the Create operators for new users check box.
    2. In the Access role list, click the access role for the new user.
  7. To display the newly created metadata in a new browser window, click the URL that is displayed under Configure your IdP.
    To complete the SSO configuration, you must configure Pega Platform as a service provider within your identity provider. To do this, you will need to provide this URL or some of its content.
  8. Click Submit.
  9. Optional: To configure advanced functionality, on the Single sign-on (SSO) landing page, where the new service is listed, click the More icon and then click Open in Dev Studio.
    Result: The authentication service opens in Dev Studio. For more information, refer to the help in Dev Studio.
  10. To enable the authentication service, on the Single sign-on (SSO) landing page, where the new service is listed, turn on the switch.
  • Previous topic Creating a Google authentication service
  • Next topic Creating an OIDC SSO authentication service in App Studio

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us