We have configured custom authentication activity which is getting called from Authentication Service rule. There are multiple activities which are getting called from the main activity. These are the primary activities which helps us to login to the application through SSO.

Previously, Only "Allow invocation from browser" checkbox was selected and "Require authentication to run" checkbox was unchecked in the activity. It is working fine. 

Currently we are doing some modifications to these activties.

But now, Pega is throwing severe warning. "When enabling invocation from the browser, activities should be secured with a privilege. This is done to ensure that only operators with properly configured access roles can execute the rule."

I have created privilege and added it to the access role and post that, added it in the security tab of the activity. But still i am getting "you lack permission to execute this activity" when I try to login to the application. 

If I uncheck both the checkboxes in the activity, it is working fine but there are lot of severe warnings which is causing the guardrail score to go down.

Please advise what should we do to remove these warnings. Is there any way to fix this.