Idea

1
Replies
63
Views
Matthew Osborn (mjosborn85)
Jabil
Finance BPM Mgr
Jabil
US
mjosborn85 Member since 2013 8 posts
Jabil
Posted: October 28, 2019
Last activity: November 18, 2019
Posted: 28 Oct 2019 11:31 EDT
Last activity: 18 Nov 2019 7:15 EST

Saving Operator ID history snapshots for edits stemming from authentication service mappings

We recently began to configure the SAML Authentication Service in 8.2.1. (The following appears applicable to 8.3.* as well). The rule's Mapping tab works conveniently to record SAML Assertion user attributes to the Operator both on initial operator provisioning and subsequent logins, but the previous user state is not saved as a History snapshot.

Our feature request: A configuration toggle that triggers user attribute change detection and records the replaced user state snapshot when saving the changed operator record. Better yet, perhaps functionality could be codified in an extensible Flow. Then developers could support application-level responses to the change event.

Similar and even better feature request: Supply this user change management follow-through formally with first class support for SCIM, which is supported by every major identity provider (IDP).

Why bother?

  1. In BPM contexts, aggressively updating user roles and authorizations as they evolve in the enterprise will reduce exception management and make auditors happy.
  2. Building #2, Sarbanes Oxley controls can be reduced to IT controls if authorizations and logged changes to authorizations roll out in (near) real-time. Support for SCIM and enhanced change capture on Operators should be a big win for all Pega customers concerned with business controls.
  3. Bundling this as SCIM support provides Plug and Play, no-code automation.

FWIW, while exploring this we stumbled on Operator snapshots not being recording at all in 8.3, even when Saving from the Operator form. This is addressed in the referenced SR.

Thanks for reading!

***Edited by Moderator Marissa to update SR Details***

***Moderator Edit-Vidyaranjan: Updated FDBK ID***

Support Case Exists