Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Creating an authentication service

Updated on July 1, 2021

To override or extend the default authentication process, create an authentication service. By creating an authentication service, you implement more specialized authentication requirements than the default, for example, to use pre-authentication and post-authentication activities.

Before you begin: To create an authentication service, you must have the pzCanCreateAuthService privilege, which is included in the PegaRULES:SecurityAdministrator role.
By default, your system includes a basic authentication service named Platform Authentication. You can save this service with a new name and change it, and you can create any type of authentication service, including the basic type of authentication service.
  1. In the header of Dev Studio, click ConfigureOrg & SecurityAuthenticationCreate Authentication Service.
  2. In the Authentication Type list, click the authentication service type.
    • Basic credentials – Authentication using a user ID and password, which can be stored in the Pega Platform database or an external source that is accessed by using a data page
    • SAML 2.0 – SAML 2.0 web SSO-based authentication
    • Custom – LDAP authentication or custom authentication protocol
    • Kerberos – Kerberos user credentials
    • OpenID Connect – OpenID Connect SSO-based authentication
    • Anonymous – Unauthenticated access that uses a model operator
    • Token credentials – Useful for offline mobile applications
  3. Enter a name and short description.
  4. Click Create and open.
  5. Configure your authentication service.
  • Configuring a basic authentication service

    After you create a basic authentication service, configure it so that Pega Platform uses the specified security policies for authenticating users. You can also configure optional features such as preauthentication and postauthentication activities.

  • Configuring a SAML SSO authentication service

    After you create a SAML SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map attributes from the identity repository to properties in Pega Platform, and also configure optional features such as preauthentication and postauthentication activities and operator provisioning.

  • Configuring an OpenID Connect SSO authentication service

    After you create an OpenID Connect SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map claims from the OpenID Connect provider to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities and operator provisioning.

  • Configuring an anonymous authentication service

    After you create an anonymous authentication service, configure it so that Pega Platform can support guest users. You can map attributes from the model operator to properties in Pega Platform, and also configure preauthentication and postauthentication activities.

  • Configuring a custom or Kerberos authentication service

    After you create a custom or Kerberos authentication service, configure it so that Pega Platform can connect to the repository and find the operator credentials. You can map attributes from the repository to properties in Pega Platform, and can also configure optional features such as authentication and time-out activities.

  • Testing an authentication service

    You can test and debug an authentication service in a development or staging environment by setting the appropriate log level.

  • Configuring login and disablement policies

    You can make user authentication more secure by defining policies for password requirements, multifactor authentication, lockout policies, and other similar restrictions.

  • Configuring a token credentials authentication service

    After you create a token credentials authentication service, configure it so that Pega Platform uses the specified token provider for authenticating users. Select this type of service for offline mobile applications. You can map claims from the token to properties in Pega Platform, and configure optional features such as preauthentication and postauthentication activities.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us