Authentication services and rule availability

Authentication services are data instances that are available to all requestors. Authentication services can use rules such as preauthentication activities, data pages, and data transforms that need to be available to the requestor at various times during the authentication process. You make these rules available by defining them in the appropriate rulesets.

Preauthentication

Rules that are used before authentication must be accessible to the pega Browser requestor type, which is used for the unauthenticated user session. By default, this requestor type is assigned to the PRPC:Unauthenticated access group.

Depending on your configuration, rules that can be used prior to authentication include the preauthentication activity, the data transform for operator provisioning, and the data page for credentials verification. (Despite their name, data pages are rule instances, not data instances.)

Similarly, any functionality to be accessed by requestors who have connected by using an anonymous authentication service and who have not yet authenticated themselves must be made accessible.

Update the pega Browser requestor type's default access group to equal an access group that includes the rulesets for any rules that are used prior to authentication.

Postauthentication

Rules that are used after authentication must be accessible to the user who has just been authenticated. These rules must exist in a ruleset that is accessible to the user's default access group.

Depending on your configuration, rules that can be used after authentication include the postauthentication activity.