Idea

1
Replies
44
Views
mjosborn85 Member since 2013 5 posts
Jabil
Posted: 11 months ago
Last activity: 11 months 3 weeks ago

Saving Operator ID history snapshots for edits stemming from authentication service mappings

We recently began to configure the SAML Authentication Service in 8.2.1. (The following appears applicable to 8.3.* as well). The rule's Mapping tab works conveniently to record SAML Assertion user attributes to the Operator both on initial operator provisioning and subsequent logins, but the previous user state is not saved as a History snapshot.

Our feature request: A configuration toggle that triggers user attribute change detection and records the replaced user state snapshot when saving the changed operator record. Better yet, perhaps functionality could be codified in an extensible Flow. Then developers could support application-level responses to the change event.

Similar and even better feature request: Supply this user change management follow-through formally with first class support for SCIM, which is supported by every major identity provider (IDP).

Why bother?

  1. In BPM contexts, aggressively updating user roles and authorizations as they evolve in the enterprise will reduce exception management and make auditors happy.
  2. Building #2, Sarbanes Oxley controls can be reduced to IT controls if authorizations and logged changes to authorizations roll out in (near) real-time. Support for SCIM and enhanced change capture on Operators should be a big win for all Pega customers concerned with business controls.
  3. Bundling this as SCIM support provides Plug and Play, no-code automation.

FWIW, while exploring this we stumbled on Operator snapshots not being recording at all in 8.3, even when Saving from the Operator form. This is addressed in the referenced SR.

Thanks for reading!

***Edited by Moderator Marissa to update SR Details***

***Moderator Edit-Vidyaranjan: Updated FDBK ID***

SR Exists
Share this page LinkedIn