Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Bhagyashree Choudhary (BhagyashreeC9567)
Evoke Technologies

Evoke Technologies
IN
BhagyashreeC9567 Member since 2018 28 posts
Evoke Technologies
Posted: Apr 19, 2018
Last activity: Dec 28, 2018
Posted: 19 Apr 2018 10:57 EDT
Last activity: 28 Dec 2018 10:02 EST
Closed

Achieving Authentication and Authorization in one go

Hi Guys,

We are trying to achieve Authorization and Authentication for users of an application in one go.
Problem Statement:
The user IDs and their corresponding roles (whether an Admin, External User or Internal User etc) are defined in a Global Corporate Database, which is used by all other applications that the business uses. These are all global users and shall have access to all applications and similar roles everywhere.

Now any such user logs into the Pega application for the first time, we want Pega to create same operator ID with password and similar Access Group in Pega with the corresponding roles as the ones present in the Global Corporate Database.

Does Pega support this type of integration at the time of logging in to Pega to fetch and dynamically create access roles and privileges for the created users.

Also roles in the Global Corporate Database are often changed and hence having the option to manually sync those roles with Pega is out of question. In this scenario, when can the syncing be done- during login or after a point the user logs in.

What are the options available?

Thanks much!
Bhagyashree

To see attachments, please log in.
Low-Code App Development
Data Integration
Security

Posted: 6 years ago
Posted: 20 Apr 2018 8:29 EDT
Anil Vanaparthi (vanaa)
PEGA
Senior Manager, Services Engineering, Case Management
Pegasystems Inc.
IN

I dont think we can directly map the roles and privileges in your corporate database to pega access group directly.  You need to create access group based on the your corp roles. 

if you are using LDAP authentication, you can customize the authentication activity in Auth service for creating operators and assigning specific access group. Check AuthenticationLDAPVerifyCredentials activity in which operators are created and its properties are mapped from LDAP directory. This activity you can customize and write some logic to determine the access group, based on that you can set the access group to that operator.

To see attachments, please log in.
Posted: 5 years ago
Posted: 28 Dec 2018 10:02 EST
Charan Aenugula (Charan Aenugula)
In Sabbitcal

In Sabbitcal
PL

Hi BhagyaSree, 

We have a similar situation where the users have entitlements you can call them access roles. We have a datapage that is configured to get the entitlements. A datatype is used to map the entitlements with the accessgroups. As mentioned by Vanaa in the post above, you can customize the authentication activity to and use such datapage to give fresh set of accessgroups everytime a user logs in. 

Not sure, If you are aware of using a model user to create an operator based on attributes received from SAML response(If your sso is SAML based). In such case, the attributes recieved from sso can be used to create the operator too

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice