Does pega password policy (security policy) applicable for operators with external authentication?
Hi All,
We need to enable password policy for our application.
Need to enable "authentication lockout penalty mechanism". need to know whether this setting affects operators with external authentication enabled?
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Accepted Solution
Pegasystems Inc.
US
Hi Pasindu,
External authentication does not use the PRPC security policy. When a user has "External Authentication" flag set on their Data-Admin-Operator-ID record the Password stored in the same record is not used to authentication within PRPC. For example with LDAP the password the user provided on the PRPC SSO Login page, provided by configuration in the Data-Admin-AuthService, is just passed to the LDAP server for verification. The LDAP server security policies take affect. Same with other third part security software like Siteminder, WebSEAL as these require authentication before even being allowed to access any resource on site they are protecting. These have their own security policies etc.
--Chris
Virtusa Pvt Ltd
LK
Hi Chris,
Your answer was very helpful.
Thank you very much.
Citi
IN
How can I enable external authentication for all operators of my application
Areteans Technologies
AU
You can write custom stand-alone activity to open the operators in your application and set the External Authentication flag true
US Bank
US
I realize this is an older post, but I had an add-on question. We are running 6.2SP2 with external authentication. This thread does answer most of my questions, though I do have one question.
If I want to increase audit from "Basic" to "Advanced", will PRPC record successful logins?
Thanks
The Toronto Dominion Bank
CA
Yes it will.