Creation of work object by an unauthenticated user
Can an unauthenticated user create a work object?
Am working on a poc where in I need to provide a link/button called "Register User" on PEGA 7 login page. On click of this link/button, I should provide a screen flow where in he can enter personal details, contact details, other details etc (similar to registering a new user on any website).
Below are the steps I have followed.
1. Created a new case which has starting flow "pyStartCase" which in turn calls the screen flow.
2. Configured Web-Login HTML by adding a link/button called "Register User" and triggering an activity on click of this link.
3. The activity will call a HTML rule which creates the work object by calling the Flow.
I have created all the above rules in unauthenticated ruleset and updated Browser requestor type to point to unauthenticated access group.
While testing, on click of "Register User" link, the flow is not getting triggered.
Any help is appreciated.
***Edited by Moderator Marissa to update categories***
Can you please check if you have unchecked the "Require authentication ti run" field in the Security tab of the activity that you are using.
Also You can try using the AddNewOperator OOTB activity.
You can use the SnapStart URL ("/prweb/PRServlet/?UserIdentifier=<username>&Password=<Base64encodedPassword>&pyActivity=pyMobileSnapStart&Action=runActivity&pzActivity=Data-Admin-Operator-ID.AddNewOperator") in the Web-login HTML rule onclick of signup button by passing the userid and password in the URL.
The activity AddNewOperator then uses HTML stream to display the New Operator form, which in turn submits to another activity to validate and create the operator instance.
One other option is you can make use of CreateOperator in Data-Admin-Operator-Id.
This activity is a final activity and can be invoked without authentication.
Maybe the link to register could automatically log you in the "Register User" application. Your customize the authentication activity/profile to use an already created dedicated user for this. (ie you hardcode username/password in authentication activity, this should be safe as this happens server side so the password is never seen on the browser).
The flow should start as the user would be authenticated. At the end, you would redirect to the login page.
We are doing poc in Personal edition to check the feasibility of this requirement before we demo it to our clients. Could you please let us know what exactly you mean by “authentication activity/profile” mentioned in your reply post and provide more details on that ?