Skip to main content

Authenticating Pega Robot Manager users through Kerberos

Suggest edit Updated on October 7, 2021

Comply with your security policy by configuring Pega Robot Manager operators to use Kerberos to authenticate across multiple applications with a single set of credentials.

Kerberos is an open authentication standard that uses a ticketing system, which provides faster authentication and enables authentication delegation. By using Kerberos, you can dynamically provision operators as they log in to Pega Platform.

To ensure that the communication happens explicitly over HTTP, you can configure Pega Platform to support Kerberos with third-party SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) libraries, or you can use any other Kerberos validation method to authenticate the traffic to Robot Manager. The following figure provides a Kerberos/SPNEGO authentication mechanism for Robot Manager users:

Authenticating Pega Robot Manager users by using Kerberos with SPNEGO
You can configure Kerberos with SPNEGO libraries to enable the
                            client-server negotiation mechanism when authenticating Pega Robot
                            Manager users.
Note:
  • Robot Manager does not provide the SPNEGO libraries. You must download the libraries separately. For more information, see SPNEGO documentation.
  • You can only authenticate attended robots by using Kerberos.

What to do next: Follow these steps to configure single sign-on authentication through Kerberos for Robot Manager users:
  1. Configuring Pega Robot Manager to use Kerberos authentication

    Configure the RoboticsSSO service packages in Pega Robot Manager to support Kerberos for robot authentication.

  2. Selecting the Kerberos method for authenticating Pega Robot Manager users

    Determine the Kerberos method for authenticating traffic to Pega Robot Manager by configuring the EnableDefaultKerberosAuthenticationForRobotManger dynamic system setting.

  3. Updating the robotics configuration files for single sign-on authentication through Kerberos

    Update the common configuration settings to authenticate attended robots and package publish requests in Pega Robot Manager through Kerberos.

  • Previous topic Updating the robotics configuration files for SSO authentication through OAuth with SAML bearer
  • Next topic Configuring Pega Robot Manager to use Kerberos authentication
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us