We are in process of getting security approval for our Pega platform. As we are not implementing SSO for the first release, we have been asked by security to implement corporate security guideline. Now most of the things are easily configurable in Pega but there are a few where we are not able to make any progress.
- Passwords shall be stored in a securely hashed form. Only algorithms specifically designed for password storage shall be used (e.g. bcrypt or PBKDF2).
- The channels for providing users with their username and password shall be different from one-another.
- The system shall restrict users to only one session at a time.
- The solution shall ensure that a single entity cannot be assigned both administrator and user roles
Do you have any idea whether these can be configured out of the box?
In the documentation, it says that passwords are stored as encrypted, but it does not detail out what encryption algorithm is used.
Any help will be very much appreciated.
Thank you for posting your questions in the Pega Support Community.
It looks like you have created duplicate threads for the question- Supported Security configurations. To avoid confusion and to ensure the discussion continues on a single thread I’ll close this as a duplicate thread.