DebarshiB7419 Member since 2016 6 posts
Posted: 1 year ago
Last activity: 1 year 5 months ago

Help Needed for Supported Password Policies

Hi All,
We are in process of getting security approval for our Pega platform. As we are not implementing SSO for the first release, we have been asked by security to implement corporate security guideline. Now most of the things are easily configurable in Pega but there are a few where we are not able to make any progress.

- Passwords shall be stored in a securely hashed form. Only algorithms specifically designed for password storage shall be used (e.g. bcrypt or PBKDF2).
- The channels for providing users with their username and password shall be different from one-another.
- The system shall restrict users to only one session at a time.
- The solution shall ensure that a single entity cannot be assigned both administrator and user roles

Do you have any idea whether these can be configured out of the box?
In the documentation, it says that passwords are stored as encrypted, but it does not detail out what encryption algorithm is used.
Any help will be very much appreciated.


Pega Platform Security
Moderation Team has archived post
Share this page LinkedIn