Skip to main content

Authenticating Pega Robot Manager users through OAuth 2.0 with SAML bearer

Suggest edit Updated on October 7, 2021

Comply with your security policy by configuring Pega Robot Manager operators to use OAuth 2.0 with SAML bearer to authenticate across multiple applications with a single set of credentials.

Note: OAuth 2.0 with SAML bearer assertion for single sign-on is not supported for unattended robots.
OAuth uses token-based authorization to grant operators access to their Robot Manager without sharing their credentials. A token is a unique identifier that the authorization server issues. The OAuth client uses that token to associate the request with the operator. The following diagram shows the architecture of how tokens are passed and verified when using OAuth:
OAuth 2.0 with SAML bearer architecture
The architecture diagram shows the token verification process when using
                        OAuth 2.0 with SAML bearer.

The configuration process for OAuth 2.0 with SAML bearer includes obtaining the token-signing certificate, setting up the security authorization information in Pega Platform, and updating the configuration files as required.

What to do next: Follow these steps to configure single sign-on authentication through OAuth 2.0 with SAML for Robot Manager users:
  1. Obtaining the token signing certificate for authenticating Pega Robot Manager users

    Obtain the token-signing certificate that contains cryptographic private and public keys that digitally sign a security token when authenticating Robot Manager users through OAuth 2.0 with SAML bearer.

  2. Configuring Pega Robot Manager to support OAuth 2.0 with SAML bearer

    Allow Pega Robot Manager users to authenticate through OAuth 2.0 with SAML bearer by importing the token-signing certificate from the Security Token Service (STS) and configuring the client registration details in Robot Manager.

  3. Adding a relying party

    Configure the Security Token Service as the entity that controls access to Pega Robot Manager.

  4. Updating the robotics configuration files for SSO authentication through OAuth with SAML bearer

    Update the common configuration settings to authenticate attended robot operators and package publish requests in Pega Robot Manager through OAuth with SAML bearer.

  • Previous topic Understanding single sign-on authentication for Pega Robot Manager users
  • Next topic Obtaining the token signing certificate for authenticating Pega Robot Manager users
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us