Automatic Operator Updates with multiple applications using SSO
We are having an issue updating operators automatically when they login if they require access to a different application than what they are currently assigned. To give a brief context:
We are using automatic user provisioning and updates using SSO in Pega.
User needs to have AD groups provisioned to their accounts and depending on the AD groups their respective access groups are added, removed or updated when they login to the system.
The issue comes if the user has access to ApplicationA and tomorrow they update their AD groups with access to ApplicationB.
When they login to the system they get a message that they don't have access.
"You do not have access to the application with alias ApplicationB"
This message is dispalyed just after the pre authentication activity and I did not see the operator is loaded yet to intercept and tweak the functionality.
However if I delete and create the operator it creates with access groups for both applications.
We have one SSO application that provisions access to mutliple applications. Each application has it's own URL alias. It does not add the first access group from the app that the user needs access to. After it has at least one access group, it starts updating.
If I try with Authentication service Alias this works, but authentication service alias open up in SSO service provider login screen, not pega login screen.
We are having an issue updating operators automatically when they login if they require access to a different application than what they are currently assigned. To give a brief context:
We are using automatic user provisioning and updates using SSO in Pega.
User needs to have AD groups provisioned to their accounts and depending on the AD groups their respective access groups are added, removed or updated when they login to the system.
The issue comes if the user has access to ApplicationA and tomorrow they update their AD groups with access to ApplicationB.
When they login to the system they get a message that they don't have access.
"You do not have access to the application with alias ApplicationB"
This message is dispalyed just after the pre authentication activity and I did not see the operator is loaded yet to intercept and tweak the functionality.
However if I delete and create the operator it creates with access groups for both applications.
We have one SSO application that provisions access to mutliple applications. Each application has it's own URL alias. It does not add the first access group from the app that the user needs access to. After it has at least one access group, it starts updating.
If I try with Authentication service Alias this works, but authentication service alias open up in SSO service provider login screen, not pega login screen.
Has someone come across this scenario and know if this is how it is or if there is a fix for this?