Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Anthony Gourtay (Anthony_Gourtay)
Proximus
Expert Engineer - PEGA Application Management
Proximus
BE
Anthony_Gourtay Member since 2017 22 posts
Proximus
Posted: May 19, 2020
Last activity: Sep 17, 2020
Posted: 19 May 2020 5:28 EDT
Last activity: 17 Sep 2020 3:20 EDT
Closed

SSO & local users password policy

Hello,

We're working with PEGA 7.3.1.

in our systems, we've got several kind of users/operators

- regular operators, people connecting to the application via SSO (external auth)

- some admin users, with local record & password for connecting to the required node

- some technical operators for the application itself not used by human

There's today no password policy, we handle this ourselves.

We're studying possibilty of using/enabling "Security Policy" but

- what would be the impact on the operators using SSO with no access to password part

- Is there a way to exclude some operators from this password policy and/or to apply it to a certain template of operator based on the name

I know I could just apply and see the results but I would also like to avoid fully blocking the application with the first test :-)

Thank you

Anthony

***Edited by Moderator: Pallavi to update platform capability tags***  

To see attachments, please log in.
Pega Platform 7.3.1
System Administration
Security

Posted: 4 years ago
Posted: 19 May 2020 6:35 EDT
Anthony Gourtay (Anthony_Gourtay)
Proximus
Expert Engineer - PEGA Application Management
Proximus
BE

Let me add few details:

- for direct connection we use PRServlet

- for SSO connection it's a specific custom servlet and specific activity behind

I can see in Security Policy "Exclusion list of operator IDs" but it seems linked to "Operator disablement policy" only

Thanks

Anthony

To see attachments, please log in.
Posted: 4 years ago
Posted: 20 May 2020 13:34 EDT
Harish Gunneri (Harish_Gunneri)
PEGA
Senior Principal Engineer, Technical Support
Pegasystems Inc.
US

Hi Anthony,

 

You are right "Exclusion list of operator IDs" is linked to "Operator disablement policy" only.

 

However coming to your original query - the security policies only apply for Basic (Pega authentication) coming from /prweb/PRServlet context. Not applicable for custom auth like SSO/LDAP.

 

On the latest versions, there are capabilities to enforce few policy types based on authentication service. 

 

Let me know if that clarifies!

To see attachments, please log in.
Posted: 4 years ago
Posted: 17 Sep 2020 3:20 EDT
Anthony Gourtay (Anthony_Gourtay)
Proximus
Expert Engineer - PEGA Application Management
Proximus
BE

Hello,

Sorry for not having updated you, I never saw the notification for your reply.

So

- any customized SSO will never use by default this Security Policy - Security policy will apply only for default login via PRServlet

Last. We've got a technical operator with its own password, just used internally for the processing, file listener authentication for example or our Application Agents Processing.

We never log with it into the application.  Is this Security Policy used internally also for such users or only at login time?

Thank you

Regards

Anthony  

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice