Enabling OAuth for data collectors
For additional security of your Pega Robot Runtime 19.1.63 or later, enable endpoint authorization through OAuth tokens to secure Robot Runtime routes or the API endpoints with which interacts. With this feature, the Robot Runtime endpoints are securely authorized by using a client ID and client secret combination for each data collector (user with Robot Runtime installed).
Take note of the following details:
- Workforce Intelligence uses client credentials rather than user credentials.
- You can turn the authorization method on or off after setting up client credentials.
- By default, Workforce Intelligence does not collect data for any data collectors that are assigned to the Unknown Team. Users that you added to the Unknown Team before Workforce Intelligence 8.5 automatically inherit the no data collection configuration unless they are assigned to a custom configuration.
- Any custom configurations that you assign override the no data collection configuration for imported users and any new users that you manually create in the application.
- The Allow list is still available.
- Request Robot Runtime credentials from the Workforce Intelligence Service Delivery Team.For instructions on how to make this request, see Requesting a Workforce Intelligence client ID and client secret.
- In the
CommonConfig.xml
file, in the Intelligence Server section, add a wfiOauthEnabled boolean field, and then set the value to true, as shown in the following example:<Server name="Intelligence" baseURL="https://acme.wfi.pega.com" enabled="true" proxyAddress="" wfiOauthEnabled="true"/>
- On local Robot Runtime workstations, store the credentials
that you received from the Workforce Intelligence Service
Delivery Team by using System Center Configuration Manager (SCCM) or a similar
console.The executable file expects a command-line argument called
receiveStandardInput
, which is a flag that tells the program to expect data from standard input. The following examples show valid methods for transferring the credentials to thePega.WFICredentialsLoader.exe
file by using standard input.To store the credentials without referencing a file, use the following format:echo {"wfiClientId": "runtime-client", "wfiClientSecret": "runtime-secret"} | Pega.WFICredentialsLoader.exe receiveStandardInput
- If you receive an error message, correct the error, and then repeat step 3.The following table lists the errors that you might encounter:
OAuth error messages and resolutions
Error message Cause Unable to save WFI OAuth credentials. ClientId and clientSecret params not found. The receiveStandardInput
command-line argument was not found or the ID and secret JSON keys are incorrectly typed.Unable to save WFI OAuth credentials. Both WFI OAuth clientId and clientSecret params required. The client ID or client secret is missing.
Unable to save WFI OAuth credentials. Intelligence server not enabled. The Intelligence server in the CommonConfig.xml
file is not enabled. The following example shows how to enable this server:<Server name="Intelligence" baseURL="https://acme.wfi.pega.com" enabled="true" proxyAddress="" wfiOauthEnabled="true"/>
Previous topic Importing data collectors for initial implementation Next topic Mapping applications and websites