Debarshi Bhattacharya (DebarshiB7419)
Decisioning Platform Architect
DebarshiB7419 Member since 2016 6 posts
Posted: April 25, 2019
Last activity: April 25, 2019
Posted: 25 Apr 2019 6:46 EDT
Last activity: 25 Apr 2019 13:45 EDT

Supported Security configurations

Hi All,

We are in process of getting security approval for our Pega platform. As we are not implementing SSO for the first release, we have been asked by security to implement corporate security guideline. Now most of the things are easily configurable in Pega but there are a few where we are not able to make any progress.

Passwords shall be stored in a securely hashed form. Only algorithms specifically designed for password storage shall be used (e.g. bcrypt or PBKDF2).

The channels for providing users with their username and password shall be different from one-another.

The system shall restrict users to only one session at a time.

The solution shall ensure that a single entity cannot be assigned both administrator and user roles

Do you have any idea whether these can be configured out of the box?

In the documentation, it says that passwords are stored as encrypted, but it does not detail out what encryption algorithm is used.

Any help will be very much appreciated.



***Edited by Moderator: Pallavi to update platform capability tags***

***Edited by Moderator Marissa to update SR Details***

Pega Platform Security Support Case Exists
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.