Authored by Sai Vijaya Ravi and Vidya Menon

Typically, a user who works on an assignment in a Pega application has an operator ID, which enables the user to process a case within the application. Users with Operator IDs pick up assignments that are directly assigned to them or from work queues to which they have access. However, you can have a scenario that requires an external user, who does not have a dedicated operator ID in your application, to work on an assignment. Creating operator records for every external user is expensive and might lead to security violations. Instead, you can give an external party a temporary access to perform an action.  

Use case example

In an application for processing customers' complaints, after a complaint resolution, the organization that resolved the complaint wants to get feedback from the customer. The customer may not have an operator ID in the application to login and perform the assignment of providing feedback. The best solution in this scenario is to send the user an email with a link redirecting to a window in which the user can provide feedback on the complaint resolution.

Two ways of implementing this use case are listed below

Implementation 1: Configuring external assignments with Directed Web Access (DWA)

1. Create an operator for external users. On the Security tab of the operator rule form, select the Invocation license type.
2. Add the external user as a work party for your case type. In this use case, the work party is Customer.
3. Create an email account that will facilitate sending the email to the external user.
4. Update the public link URL in the PublicLinkURL dynamic system settings or in Configure->System->Settings->URLs.
5. Create a new correspondence rule to use in the email, and then include the ExternalInstructions.Email  correspondence fragment to anchor the DWA link.
6. Create an assignment in the flow. In the assignment properties panel, in the Routing section, in the Route to field, select Custom. In the assignment type select External, and then provide the name of the work party created for the external user, as shown in the following figure:

   

7. Complete the Assignment details section, as shown in the following figure:

   

Result: When the flow reaches the external assignment step, the external user gets an email with a link to perform the action. When the user clicks the link, the system performs the flow action that is configured on the external assignment connector by using the PerformExternal harness.

For more information on how to configure Directed Web Access, see the Configuring Directed Web Access article on Pega Community.

Pros:

• Support of the client-side validation, such as the validation of required fields.
• No explicit operators are created for external users because DWA uses the pySignature field to give them one-time access.
• You can adjust the DWA link expiration as per your business needs.
• You can send reminder emails by configuring an SLA.
• You can use the information collected from external users for reporting purposes.

• You can use the client-side visible when conditions.

Cons:

• DWA is for a single assignment only, so the server-side visibility conditions and screen refreshes are not supported.
• Screen flow navigation is not supported.

Implementation 2: Configuring the anonymous user authentication

For more information on how to configure the anonymous authentication service, see Configuring an application to use an anonymous authentication service article on Pega Community.

1. Create a new authentication service with the Anonymous authentication type, as shown in the following figure:

   

2. Specify the operator for the external users, as shown in the following figure:

   

3. Give the operator only minimum access roles to avoid security violation.
4. In the case flow, route the assignment to the operator for the external users.
5. Construct a URL that is a combination of anonymous alias and the pxOpenAssignmentLink HTML fragment, and then use the URL in an email which you send to the external user. To prevent URL tampering, as all external assignments in your application route to a single operator, the recommended approach is to use a URL shortener service, which hides the assignment details that you send in an email. For example, use the following URL: http://localhost:8080/prweb/PRAuth/guest?pyActivity=pyMobileSnapStart&A… OVC4HW-DEMODWA-WORK P-4006!CONFIG_FLOW_1&InsClass=Assign-Worklist&pyShowFullPortal=false.

For more information on how to configure the anonymous authentication service, see Configuring an application to use an anonymous authentication service article on Pega Community.

Pros:

• All types of validations are supported.
• All Pega assignment-level settings and capabilities are supported.

Cons:

• URL modification risk is present unless you use a URL shortening service.
• Requires extra development effort to create separate access groups, harnesses, and roles to limit access to guest levels.