Skip to main content
Verify the version tags to ensure you are consuming the intended content or, complete the latest version.

Authentication design considerations

Authentication in Pega Platform™ helps to ensure that only users and systems with verified identities can access your applications. Each organization has policies on how user authentication occurs in the application. Most organizations use single sign-on (SSO). If the organization runs an enterprise-tier deployment, it might use container-based authentication or JAAS or JEE security. The container-based setup impacts how you design your authentication scheme and your application.

The Pega Platform application implements the authentication policy of the organization. For more information about the authentication protocols that Pega Platform supports, see Authentication.

The following diagram shows the different protocols for user logins that Pega Platform supports and how the system maps the operator ID to an Access Group, Access Roles, and privileges to access the application securely. Pega Platform uses basic credentials and supports SAML 2.0, Anonymous, Oauth2, OIDC (Open ID Connect), token credentials, custom, and Kerberos, as shown in the following figure:

Authentication design.

Pega Platform can act as the identity provider (IdP) or use an IdP to authenticate users. For example, Active Directory Federation Services (ADFS) by Microsoft is an external IDP used in the on-premise version of Pega Platform and the Microsoft Azure cloud offering. Pega Platform is the IdP when the authentication type is Basic credentials.

Caution: The basic credentials authentication service type is deprecated in Pega Platform release 24.2.

Selecting the appropriate authentication type depends on several key factors:

  • Security needs: Consider the sensitivity of the data and the security policies of your organization.
  • User convenience: Balance security with user experience, especially for customer-facing applications.
  • Existing infrastructure: Make use of existing authentication systems (for example, LDAP, SSO) to streamline management.
  • Integration requirements: Select methods that facilitate integration with other systems and services you use.

Ultimately, the choice of authentication type should align with your organization's overall security strategy and operational requirements.
 

Check your knowledge with the following interaction:

This Topic is available in the following Module:
If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice