Question
John Deere
IN
Last activity: 9 Apr 2024 11:45 EDT
Restriction access to application based on few conditions
Hi,
In our application, there is a requirement to restrict access of the application to the user based on country. Below is the scenario.
1. User logs into the application using OKTA credentials.
2. If user is a new user in the system, system creates the operator of the user using the model operator which is mentioned in the auth service
3. User gets access to the application using default access group present in the model operator.
Presently, this application is being used by few country users and we would need some way to show some error message to the user of other countries when they try to access this application. We can not place any constraint at OKTA authentication level as it is a generic authentication mechanism used for all the applications in the organization.
Accepted Solution
Updated: 16 Apr 2024 6:18 EDT
Pegasystems Inc.
US
@Sandip Pattalwar That seems like it would be more straight forward to implement, but I would defer to the services team on estimating the time and effort required. I would recommend filing a request with them to inquire further.
NCS Pte. Ltd
SG
Hi @Sandip Pattalwar: Possible ways I could see is that you update the authentication activity to either add a different access group to the user based on country (or) make the authentication fail.
If you don't want to do any changes in the authentication activity, then would suggest to implement security settings to your dashboard based on country (access roles and privilege are better). You can use when conditions too.
Thanks.
John Deere
IN
@ArulDevan Thanks for your reply. There is no need to add any access group. Requirement is to show different tiles based on user's profile. For e.g. If user has two access group A and B. So, in one tile, we need a url where if user click on that link, system will open a tab and will land in access group A (i.e. new tab will show portal related to access group A). Similarly, tile 2 needs to have a url associated with access group B.
Whole requirement is about having separate url's for each access group OR any way where we can pass access group as a parameter and system will launch new tab with that access group.
Pegasystems Inc.
US
@Sandip Pattalwar is the country-based restriction based on the country or countries associated with the operator (for example, the operator account is associated with an individual who operates in countries A, B, and C only) or the country of access (for example, one can access the system while operating in country A but not while operating in country B)?
Accepted Solution
Updated: 16 Apr 2024 6:18 EDT
Pegasystems Inc.
US
@Sandip Pattalwar That seems like it would be more straight forward to implement, but I would defer to the services team on estimating the time and effort required. I would recommend filing a request with them to inquire further.
John Deere
IN
@morem Thank you for your reply. We just wanted to understand how we can implement it using current features available in Pega. Presently, URL is based on the application and not based on access group because of which we are not able to progress further. If you could let us known how we can implement it, it would be really helpful.
Updated: 9 Apr 2024 11:45 EDT
Pegasystems Inc.
GB
@Sandip Pattalwar I believe the users on this thread have provided you with all your available options. If you require any further help please enlist the help of our Pega Consulting services.
You can find all the relevant OOTB setup on our Documentation server.
Configuring login policies such as multi-factor authentication, CAPTCHA, and attestation
Using the login policies settings
Customizing authentication screens in your Pega application
Securing a public facing application
Creating authentication registration for external users