Pega Robotics Studio 8: password management for automations (SSO)
One of the responses to my following post was related to ASO Manager component for password management.
https://collaborate.pega.com/question/pega-robotics-studio-8-password-management-automations
My best understanding of what this component does is, it takes the credentials (user/password) which a user enters and saves it in an encrypted store so that if the user needs to access the same system again in the same run, they don't have to re-enter credentials. It does not, however, store the passwords perpetually so that the user never has to enter the password.
If this understanding is correct, it does not meet our requirement which has the user not even knowing the credentials: they run the robot which then signs on to the system on their behalf. Currently we have these credentials hardcoded in our automations, a practice we would like to stop.
One of the responses to my following post was related to ASO Manager component for password management.
https://collaborate.pega.com/question/pega-robotics-studio-8-password-management-automations
My best understanding of what this component does is, it takes the credentials (user/password) which a user enters and saves it in an encrypted store so that if the user needs to access the same system again in the same run, they don't have to re-enter credentials. It does not, however, store the passwords perpetually so that the user never has to enter the password.
If this understanding is correct, it does not meet our requirement which has the user not even knowing the credentials: they run the robot which then signs on to the system on their behalf. Currently we have these credentials hardcoded in our automations, a practice we would like to stop.
The problem is this: even if there is a credential store, any user (human or robot) has to reference that store using some sort of a key in order to identify which credentials are theirs: do we then hard code that key into the automation? If so, we are back to square one. What is really needed is some sort of a SSO method, perhaps whereby the credentials are stored inside AD alongside their windows login, so that each user piggy backs on their windows credentials to get their credentials for the system. Is there anything like this with Robotics?
Accepted Solution
Pegasystems Inc.
JP
My further discussion with Thomas offline concluded that:
- there are existing tools (ASO manager, credential store) to securely save a user's password when they enter it the first time and automatically authenticate them on subsequent accesses, but
- there are no existing tools whereby the credentials can be centrally managed or distributed with the deployment package.
I.e. the user must enter it the first time.
Pegasystems Inc.
US
No. The only credential tools available within the product are the ASO Manager and the Credential Store, both of which use nearly the same encryption strategy. SSO would be implemented by the application you are logging-in to and not by an application doing the logging-in (in my experience). Neither of these tools would allow you to have one user/password that all users share but none know.
Accepted Solution
Pegasystems Inc.
JP
My further discussion with Thomas offline concluded that:
- there are existing tools (ASO manager, credential store) to securely save a user's password when they enter it the first time and automatically authenticate them on subsequent accesses, but
- there are no existing tools whereby the credentials can be centrally managed or distributed with the deployment package.
I.e. the user must enter it the first time.