Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Authentication services and security policies

Updated on July 1, 2021

To improve security in authentication services that support security policies, you select which policies to enable by using the Security policies tab of the authentication service. You define the details of each policy, such as the minimum password length and the duration of a one-time password, on the Security Policies landing page.

All authentication services use the PRAuth servlet. However, for backward compatibility with earlier versions of Pega Platform, it is possible to authenticate by using PRServlet instead of PRAuth (in other words, the login URL includes /prweb/PRServlet). When PRServlet is used, security policies are enabled by using various controls on the Security Policies landing page.

For more information on URL patterns and servlet names, see Application URL patterns for various authentication service types.

For authentication services, enablement of security policies occurs as described below:

  • You enable specific policies from the Security policies tab for each authentication service, except for some that are always on, as noted below.
  • The Enable frequently required policies check box on the Security Policies landing page has no effect.
  • The Enable CAPTCHA Reverse Turing test module setting on the Security Policies landing page has no effect.
  • The Audit policy on the Security Policies landing page is always in effect, as are the security alerts that are configured on the Security Event Configuration landing page.
  • The Operator disablement policy on the Security Policies landing page is always in effect.
  • The User consent policy is enabled and disabled by using the Security policies tab of the authentication service, but it does not appear on the Security Policies landing page.
  • Previous topic Authentication services and rule availability
  • Next topic Application URL patterns for various authentication service types

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us