As a Pega client, you need a way to open a case (a work object) using a link. This case link is able to pass the work object ID (for example, C-123) to a non-Pega system. When clicked, the case link, consisting of the case ID, authenticates your credentials using SSO and opens the Pega application and the case in Review mode, which is a read-only view.  

Using this feature, called SnapStart, you can form a URL that calls an activity, like doUIAction, with parameters for opening an assignment that displays after SSO authentication. This works with all types of SSO authentication.  

In addition, Pega offers a standard activity @baseclass.pyMobileSnapStart that makes using this feature much easier to implement.  

Using the feature

Specify the following parameter:

https://<hostname>:<port>/prweb/<Servlet>?pyActivity=pyMobileSnapStart&pyShowFullPortal=<true|false>&Action=openAssigment&InsHandle=<Assignment Key> 

Example with parameter values

"https://localhost:8443/prweb/PRAuth/OktaTest?pyActivity=pyMobileSnapSta…" 

This setting opens the assignment and the full application user portal with the assignment open. 

Security risk to work around

The biggest issue with these SnapStart URLs is that they are in clear text. By default, your Pega applications must pass Basic Access Control (BAC) security validation with a deployment level of 4 (for UAT and Production environments). Therefore, you cannot send clear text URLs with a pyActivity parameter because this poses a security risk. You do not want to disable BAC security validation to force your URLs to work.  

Options for SnapStart URLs to work with standard security levels

1. Use a URL mapping rule that accepts just the Assignment key and it directly calls pyMobileSnapStart with the other parameters defaulted.  
2. Encrypt the parameters of the URL, following the Java code example in Configuring custom control by encrypting the URL in JavaScript .  

Important: This encryption must be done inside the Pega Platform application.  

String paramsToEncrypt=pyActivity=pyMobileSnapStart&pyShowFullPortal=true&Action=openAssignment&InsHandle=ASSIGN-WORKLIST%20PEGASAMPLE%20W-3001%21BASICPROCESS"; 

String encryptedParams = pega_rules_utilities.pzEncryptURLActionString(tools,"Global", paramsToEncrypt); 

String encryptedURL= "https://localhost:8443/prweb/PRAuth/OktaTest?"+encryptedParams; 

 The Encrypted URL would only have one parameter that looks like this:  

pzuiactionzzz=CXtpbn1Bc0F0QlJXYzFjZWJabzlQeWRKRnZXZDdnendiMXpMQ2JmMHNwbE83dy85UWJkMkE5ZlNqQitQVjV1WnNyL3hJRGxIUTlHVmJjNEtMTmZKTzhrWk80UDNWa0wzbUF6ZkFHUE1Yejd4Vk9FRWZpYWNTTEpYWlJuamtZdlBZSVJhWElJSmdyMkd5MWNjUW5ZTXhIZ1hMem5RbElTM2t5OXFSSGlnTllYaUJIb0V1aStLckJZNTZ3NnlERHc5Q29nYVE%3D* 

That is encrypted value that can only be decrypted by the Pega Platform.  

 Instead of providing the third-party Assignment key only, you provide the pzuiActionzzzz parameter value. 

Related Content

Security warnings during mashup deployment

Using Access Control Checks

Defining cross-origin resource sharing policies

SnapStart

Limitations of Snapstart url in SPA

400 Bad Request