Pega Platform 8.2 External Authentication allows users to enter any password
Hello,
We recently came across an issue that went unnoticed when we first set up our Pega Platform 8.2 instance. Any configured user at the moment can enter any password and access the application. We have set up a custom authentication service which utilizes external authentication to allow users to use their internal password rather than having to create one. For example, users are configured to have the userid <lastname><firstinitial> and use their internal password. I believe this is happening due to the way the authentication service was configured but I am unable to find the where it was stored once configured. Any idea on where this configuration was stored? Thanks.
***Edited by Moderator Marissa to update platform capability tags****
Accepted Solution
Segue Technologies Inc
US
Philip,
Thanks for the reply but I've located what I was looking for. I used the search bar and typed in what we named our custom authentication service and found the configuration.
Pegasystems Inc.
US
You should be able to find more details here: Configure > Org & Security > Authentication
Accepted Solution
Segue Technologies Inc
US
Philip,
Thanks for the reply but I've located what I was looking for. I used the search bar and typed in what we named our custom authentication service and found the configuration.