Enable security policies for user authentication and session management to improve application security. You can control the strength of user IDs and passwords, manage session time-outs and the disabling of operator IDs, control the auditing of login events, and implement CAPTCHA and multifactor authentication.
Note: To manage security policies, you must have the pzViewAuthPoliciesLP privilege, which is included in the PegaRULES:SecurityAdministrator role. The password, lockout, audit, and operator ID disablement security policies are supported in offline-enabled applications. Multifactor authentication policies are applied only when two-factor authentication is used in custom authentication policies and in application case flows. The operator disablement policy is not enforced unless the Disable Dormant Operators agent is enabled.- In Dev Studio, click .
- Configure the following policies:
- Password policies
- CAPTCHA policies
- Lockout policies
- Audit policy
- Multi-factor authentication policies (using one-time password)
- Operator disablement policy
For more information about security policies settings, see Security policies settings.
- Click Submit.