Question
EY
ES
Last activity: 18 Feb 2021 23:52 EST
what is the best approach to implement authentication with SSO in Deployment Manager (Cloud)?
Hi,
We want to access Deployment Manager through SSO, as we already do in production environment. All our environments are in Pega Cloud.
We can implement the authentication service directly in the application, but I have a concern related to upgrades:
Will an upgrade to a higher version of Deployment Manager remove the authentication service we will create for SSO authentication?
Thanks in advance,
Juana María
Pegasystems Inc.
IN
Hi @JuanaMaria
We have DM major relase on the line. One issue I can anticipate is if you implement SSO for your existing DM version with attribute like Access Group ex:PegaDeploymentManager:Admnistrators then same will not holds good in upcoming version. So this might cause discrepency.
EY
ES
Thank you for the information, we will take de dependency into account.
I believe there can be two design solutions:
- Configure SSO directly in DM application, but if this can be "removed" by an upgrade of DM application we will need to configure it again.
- Create a new application just for configuring access groups and access roles (dependent on the ones used in DM) and SSO in this new app, so if DM is upgraded the configuration and SSO access will remain unchanged.
- Create a new application built on DM application, and do as in 2.
Could you be so kind to let me know which solution do you think will be more accurate?
Thanks in advance,
Juana María
Updated: 25 Jan 2021 11:10 EST
Pegasystems Inc.
IN
Hi @JuanaMaria
Seamless use of SSO for DM involves 2 things.
First is logging to DM using SSO configuration with operator ID of Pega platform.
Second is once logged in to DM environment, able to see or take action on pipeline in the portal as DM user.
With current versions of DM only first part is supported where you can configure SSO to use DM provided PegaDeploymentManager:Administrator accessgroup and user will be able to login to DM application.
But DM user will not be created automatically on SSO login and using DMRelaeaseAdmin operator ID you need to create the respective user manually in DM portal, post that he can see the pipelines or take action based on role assigned to him.
In our upcoming version which might get released by this month end or early next month, SSO is fully supported and on configuration of SSO, seamlessly DM user and his privilege will be configured.(you will be given help doc to set up SSO). No manaul creation of DM user.
If you can wait till our next release then you can use seamlessly SSO supported DM. Otherwise you can go ahead with implementation of SSO with PegaDeploymentManager:Administrator accessgroup attribute and you have to change this with relevant access group in SSO when our new DM version gets out which matches your first option out of 3 you mentioned above.
EY
ES
Pai G
IN
Can you confirm if the new version of DM which has been released recently for Pega 8.5.1 fully supports SSO integration? Once we integrate with SSO and map the operator to PegaDeploymentManager:Administrator accessgroup there is no need to create the user again in DM portal? You did mention that a help doc will be provided for the same. Can you share the details here as well?
Regards,
Manju.
Pegasystems Inc.
IN
Hi @ManjuPai,
DM 5.1 version fully supports SSO and its compatible Pega platform version is 8.5.2 for Orchestrator environment. If you are on 8.5.1 then way to get this is by upgrading to 8.5.2. Support metrix has been document here : https://community.pega.com/marketplace/components/deployment-manager
Yes if you configure SSO then no need to create user again in DM portal. And help doc will give you step by step guide to configure SSO for seamless usage of DM. Can you please wait for couple of days as this help doc willl be published by next week?
Pai G
IN
Sure @ChinmayaHegde. I can wait and plan to implement it once its ready. Please let me know.
Also, we are using Pega Cloud Platform which currently on 8.5.1. Any idea on when it will be upgraded to 8.5.2?
Regards,
Manju