Enable security policies for user authentication and session management to improve
application security. You can control the strength of user IDs and passwords, manage session
time-outs and the disabling of operator IDs, control the auditing of login events, and implement
CAPTCHA and multifactor
authentication.
Before you begin: To manage security policies, you must have the
pzViewAuthPoliciesLP privilege, which is included in the
PegaRULES:SecurityAdministrator role.
The password, lockout, audit, and operator ID disablement
security policies are supported in offline-enabled applications. Multifactor authentication
policies are applied only when two-factor authentication is used in custom authentication
policies and in application case flows. The operator disablement policy is not enforced unless
the Disable Dormant Operators agent is enabled.
-
In Dev Studio, click .
-
Configure the following policies:
- Password policies
- CAPTCHA policies
- Lockout policies
- Audit policy
- Multi-factor authentication policies (using one-time
password)
- Operator disablement policy
-
Click Submit.