On January 11 and 12 we hosted the cLSA Security Excellence webinar as part of the CLSA Continuous Excellence Enablement (C2E) program that is focussed on targeted content on platform topics and from a Pega 8 perspective. This webinar was focussed on security and discussed authentication, authorization and security features in Pega.
As an attachment the handout is added (visible when you are logged in).
How to map multiple access group when user have access to multiple applications. What is the recommended approach to dynamically assign one or more access group to a user during user authentication.
I found below article related to this, but it describes how to configure a single access group and activity so that the correct role combination is dynamically added to the operator's clipboard page when they log in, but not multiple access group.
I would like to understand the requirements around this better; specifically around which application to choose. Is that dynamic or not. Could you please send me an email (firstname.lastname@example.org) so I can look at this further.
Around the use of data pages for the operator provisioning; this should be available as of 7.4. This was the first version that supported a genuine declarative approach with Data Pages and Data Transforms.
When processing an external JWT, we set the Service Package to Custom and use pxProcessJWT activity to call the Token Profile. The identity mapping page created can then be used by the activity that calls pxProcessJWT to map to an existing operator with the correct AG and roles to run the API. You can create a key store instance of type URL to reference the JWK. This key store instance can be referenced from the Token Profile.