Question
Cognizant Technology Solutions
IN
Last activity: 29 Dec 2023 1:13 EST
Ext user login approach
Hi- for one particular application for one FMCG customer we need to give access to around 10,000 ext user who are not employee of the company. Ext user should have access to a pega case type with all standard OOTB features. Do we need to create all 10,000 op id inside pega , or we can use one model operator , and let ext user creds be stored in some ext system , so during pega login it will be authenticated by the ext creds and get pega access using model op id .Is this feasible approach?
So that it not required to create [manually/automatically ]10,000 op ids for ext user inside pega .
Kindly suggest.
-
Reply
-
Share this page Facebook Twitter LinkedIn Email Copying... Copied!
Cognizant Technology Solutions
IN
Can anyone provide any suggestion here please?
Pegasystems Inc.
GB
@DUTTAR01 Yes, it is feasible to use a model operator for external users. You can use the Directed Web Access (DWA) feature in Pega for this purpose. DWA allows an external user, who does not have a dedicated operator ID in your application, to work on an assignment. You can create an operator for external users and give them one-time access using the pySignature field. This way, you don't need to create individual operator IDs for each external user. However, please ensure that you have the necessary security measures in place to prevent unauthorized access.
please check out the Directed Web Access functionality.
Enabling granting one-time access to external users by configuring Directed Web Access
Creating authentication registration for external users
Cognizant Technology Solutions
IN
@MarijeSchillern - Thank you for response , but for DWA it is one time access , so a person can just approve or reject , but here we are looking for full access to a case type by an external operator so that he can traverse through multiple assignment.
Pegasystems Inc.
IN
Leverage anonymous authentication service. in the below example it's a mashup. but the same can be leveraged for portals as well.
Cognizant Technology Solutions
IN
@SriHarsha Anika - Thank you so much for your reply. Customer wants to go with constellation .Found a post that says in constellation anonymous authentication is not supported.
Pegasystems Inc.
IN
For Web Embed there are actually three types of "Custom Authentication": 1) Not using an OAuth grant flow and rather specifying the explicit authHeader to utilize (grantType="none") 2) Using OAuth and specifying the alias of a Custom Authentication Service. In this scenario, the OAuth auth code grant flow still occurs but custom activity governs which operator this would eventually be mapped to. Custom activity code needs to have logic to do anytime of dynamic external operator creation. (This is route taken by DKB) (Note: When generating web embed channels…such custom authentication services do not appear on the drop down). 3) Using OAuth and leveraging new Custom Bearer public grant flow which also utilizes custom activity logic to determine operator (no redirects
Cognizant Technology Solutions
IN
@SriHarsha Anika Thank you for your response. Since we are looking for if it is possible to avoid creating physical pega operators for around 10000 external users yet they can execute a full case type end to end with all OOTB capabilities , will it be possible if choose one of the authentication scheme that you specified ?
Pegasystems Inc.
IN
Check if LDAP authentication helps in your requirement.
https://support.pega.com/question/how-cofigure-server-based-authentication-ldap