I think what you want for this sort of thing is external authentication instead of internal, so you can insert your logic to adjust the access group. I do not have the details offhand though. I suggest you read up on "external authentication". I know there's a control on the operator form for this, but when you choose "external authentication", you have to provide the external logic. You can't just choose it and be done. /Eric
As far as I understand, external authentication can only help with setting default access group on the operator ID record. The idea is to log in with different access groups, depending on context, but without switching degault access group.
Yes, we can do this. The problem is that authentication activity does not set AG. It only identifies users and returns it to pega system code. After that, pega activates operator's default access group.
So, the only way is to change default access group. And this works. But in this case pega will save operator page (to save last login timestamp) and write replaced default access group. It is not a big problem, but I still don't like this side effect.