Question
SSO & local users password policy
Hello,
We're working with PEGA 7.3.1.
in our systems, we've got several kind of users/operators
- regular operators, people connecting to the application via SSO (external auth)
- some admin users, with local record & password for connecting to the required node
- some technical operators for the application itself not used by human
There's today no password policy, we handle this ourselves.
We're studying possibilty of using/enabling "Security Policy" but
- what would be the impact on the operators using SSO with no access to password part
- Is there a way to exclude some operators from this password policy and/or to apply it to a certain template of operator based on the name
I know I could just apply and see the results but I would also like to avoid fully blocking the application with the first test :-)
Thank you
Anthony
***Edited by Moderator: Pallavi to update platform capability tags***
Let me add few details:
- for direct connection we use PRServlet
- for SSO connection it's a specific custom servlet and specific activity behind
I can see in Security Policy "Exclusion list of operator IDs" but it seems linked to "Operator disablement policy" only
Thanks
Anthony