Question
6
Replies
1481
Views
Posted: January 21, 2016
Last activity: October 4, 2018
Closed
Solved
Does pega password policy (security policy) applicable for operators with external authentication?
Hi All,
We need to enable password policy for our application.
Need to enable "authentication lockout penalty mechanism". need to know whether this setting affects operators with external authentication enabled?
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Hi Pasindu,
External authentication does not use the PRPC security policy. When a user has "External Authentication" flag set on their Data-Admin-Operator-ID record the Password stored in the same record is not used to authentication within PRPC. For example with LDAP the password the user provided on the PRPC SSO Login page, provided by configuration in the Data-Admin-AuthService, is just passed to the LDAP server for verification. The LDAP server security policies take affect. Same with other third part security software like Siteminder, WebSEAL as these require authentication before even being allowed to access any resource on site they are protecting. These have their own security policies etc.
--Chris