Skip to main content
Verify the version tags to ensure you are consuming the intended content or, complete the latest version.

Authentication design considerations

Authentication in Pega Platform™ ensures that only users and systems whose identity has been verified can access your applications. Each organization has policies on how users are authenticated on the application. Most organizations use some form of single sign-on (SSO). If the organization runs an enterprise-tier deployment, it might use container-based authentication or JAAS or JEE security. If so, this setup affects how you design your authentication scheme and your application.

The Pega application implements the organization's authentication policy. For more information on authentication protocols supported by Pega, see the Pega Community article Authentication in the Pega Platform and the help topic Authentication services.

Authentication policy

Pega uses Basic credentials and supports Anonymous, Oauth2, OIDC (Open ID Connect), and Kerberos.

Pega can act as the Identity Provider (IdP), or the IdP can be external. An example of an external Identity Provider is Microsoft’s Active Directory Federated Service (ADFS), which is used on-premise and within Microsoft’s Azure cloud offering.

Pega is the IdP when the Authentication Type used to access Pega is Basic credentials. To enable access to Pega this way, on the Security tab of the user's operator record, clear the Use external authentication check box.

Security tab of Operator ID rule form.

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice