Customizing the login screen

The standard login form includes:

The Pega Platform product name
The version level of the product
A footer containing Pegasystems copyright and trademark information

In your setting, an image or text that identifies your organization or the application might be more appropriate.

In addition, you can change the text or layout of the login form, or change the authentication processing that is performed upon login.

Access group and application ruleset for guests

Pega Platform presents the login form to guest requestors — users who have accessed Pega Platform but are not yet authenticated. The ruleset lists of guest users are limited to those rulesets and versions listed in an access group that is accessible to the BROWSER requestor type.

Create a new access group for unauthenticated users, for example, Unauthenticated.
Create an application ruleset to hold the additional rules to be available to guest users. (For security reasons, don't use an existing ruleset that contains other parts of your application.) For example, you can call the new ruleset version MyCorpSplash:01-01-01.
Open the new access group instance. Insert MyCorpSplash:01-01-01 into the production rulesets array.
Save the access group form.
Add the new access group to the BROWSER requestor type. Ensure that the radio button next to this access group is selected.

After you complete and test any login changes for your application, promptly secure the ruleset version with a password. This prevents the accidental addition of rules that might inappropriately become available to unauthenticated guest users.

CAUTION:

You might need to repeat steps 3 through 5 after your system is upgraded or refreshed, because the upgrade process may overwrite Data-Admin-Requestor instances.

Login form text and layout

The HTML rule @baseclass.Web-Login defines the HTML code that presents the login form. You can override this rule to change the layout, wording, fonts, and colors used in the form. This procedure requires two workstations.

Open the standard HTML rule named @baseclass.Web-Login.
Use the Save As toolbar button to make a copy of this standard rule in your new ruleset, version 01-01-01. Do not change the rule name.
Alter the content of the HTML tab as desired to present the desired text, colors, and layout. Don't alter the directives, the <FORM> element, or the <INPUT> elements. Don't change the activity name referenced in the Submit button.
Save the HTML form.
Perform Steps 6 and 7 from a different workstation, in case the new login form is incorrect and prevents anyone from signing-on. Remain logged in on the first workstation.
At the second workstation, clear the browser cache (for Internet Explorer, use Tools > Internet Options > General > Temporary Internet Files > Delete).
At the second workstation, enter the sign on URL to see and test the new form.
At the first workstation, revise the HTML rule again until you are satisfied with the new layout and appearance, always testing on the second workstation.

Authentication processing

You can use preauthentication and postauthentication activities to perform additional processing before and after the user has authenticated. For more information, see Specifying preauthentication and postauthentication activities for a basic authentication service and Authentication services and rule availability.

Forgot password form

The HTML rule @baseclass.pyForgotPassword defines the appearance of the forgot password screen, which you can customize. At run time, the user must have an email address or phone number defined, and the system must have an email account or SMS account defined. A one-time verification code is sent to the user's email or phone, and once the user submits the verification code to the login form, the user can change their password.

Logout form

The HTML rule @baseclass.Web-Session-Return defines the appearance of the logout form, which you can override. The ruleset containing your logout form must be available to guest requestors.