Configuring direct authentication against an external OIDC server for Pega Infinity Mobile Client

Increase the security of your application by configuring Pega Infinity Mobile Client to authenticate mobile users directly against an external OpenID Connect (OIDC) identity provider through the OIDC authorization code authentication flow.

In this scenario, users authenticate once against an external identity provider that complies with the OIDC standard. Subsequent access to Pega Platform requires a token that comes from the OAuth 2.0 authorization layer.
Note: If you configure Pega Infinity Mobile Client to authenticate directly against an external OIDC identity provider, Pega Platform ignores any settings that you configure on the mobile channel configuration page, in the Select authentication service field.
Note: Pega Platform does not automatically create IDs for operators when they attempt to log in. Create all potential operator IDs in advance. For more information, see Creating operator IDs.
Before you begin: Prepare for the configuration of the direct user authentication against an external OIDC server by learning about accessing Pega Platform from external applications. For more information, see Controlling access to and from external applications.
  1. Configure the client registration service.
    For more information, see Configuring the client registration for Pega Infinity Mobile Client authentication against an external OIDC server.
  2. Enable the mobile authentication service.
    For more information, see Enabling the mobile authentication service for Pega Infinity Mobile Client authentication against an external OIDC server.
  3. Prepare and upload the app.properties file.
    For more information, see Defining custom authentication parameters for mobile apps.
Result: You can generate the mobile app executable files. For more information, see Generating installation packages.