To enable the login process to authenticate the requestor, specify the attribute
returned in the identity provider's SAML assertion that corresponds to the Pega Platform operator ID. You can also map other attributes from the SAML assertion
to selected properties and pages that are used by your preauthentication and postauthentication
activities or by other Pega Platform features such as access control policies.
-
Open the authentication service and on the SAML 2.0 tab,
navigate to the Operator identification section.
-
In the
Map operator id from
section, select one of the
following.
-
Name identifier in the subject
-
Attribute, then specify the attribute surrounded by braces, for
example,
{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress}
- Optional:
Map the attributes from your login process to properties and pages that are
used by your preauthentication and postauthentication activities or elsewhere in
Pega Platform.
-
You can use the following properties and pages in the Map
from field. You can also reference custom properties and
pages that are used in a login flow, and you can use the Expression
Builder.
Page or property name |
Description |
pxRequestor
|
The requestor page. |
-
You can use the following properties and pages in the Map
to field. You can also reference custom properties and
pages that are used in a login flow.
Page or property name |
Description |
OperatorID
|
The Operator ID. |
D_pyOperatorAttributes
|
Requestor-scoped data page for caching operator
attributes. |
D_pyOperatorDeviceInformation
|
Requestor-scoped data page for caching operator device
information. |
-
You can also use the following properties and pages in the Map
from field for a SAML authentication service.
Page or property name |
Description |
D_SAMLAssertionDataPage
|
The SAML assertion. |
-
Click
Save.