Skip to main content

Multi-factor authentication in your automations

Suggest edit Updated on March 30, 2022

Work with multi-factor authentication (MFA) in your unattended automations to ensure secure communications and keep your data safe. MFA requires users to produce at least two pieces of identifying information to gain access.

Typically, entering a combination of a user ID and password is the first form of authentication, and you can automate this authentication step with an automation. This means that your automation can use single sign-on for a seamless logon experience and then connect with third-party credential providers, such as BeyondTrust or CyberArk.

Note: Your automation can handle exceptionally long (hundreds of characters) and complex passwords that would would be hard for most human users to remember.

To further ensure security, additional forms of authentication often require human intervention. For example, a second form of authentication could involve any of the following authentication checks:

  • Performing a retina scan with a smart phone
  • Submitting a code sent in a text message to a smart phone or to an email address

If the authentication form requires human input to provide the additional information, create an attended automation. The attended automation can then pass control back to the robot.

To determine how to work with MFA in your automation, first review the options that your MFA vendor makes available. For example, determine whether you can provide MFA using a REST API, or if you can access an application from the desktop for secrets or tokens.

  • If an API is available, use the REST API component that is included with Pega Robot Studio.
  • If a separate application is available, add an adapter and automate that application to retrieve the secret or token.
  • If you can use additional security questions, you can provide the authentication by creating an automation that looks up the answers from your password vault.
Note: Multi-factor authentication is a governmental requirement in some locales. Check your local regulations for more information.

 

  • Previous topic Replacing the Pega RDA certificate with a self-provisioned certificate
  • Next topic Setting up a relying party in AD FS
Did you find this content helpful? YesNo

100% found this useful

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us