How can I learn Pega Tool

Tutorial: Azure Active Directory Integration with Pega Systems

  • 7 minutes to read

In this tutorial you will learn how to integrate Pega Systems with Azure Active Directory (Azure AD). The integration of Pega Systems with Azure AD enables the following:

  • Control who has access to Pega Systems in Azure AD.
  • Enable your users to automatically sign in to Pega Systems with their Azure AD accounts.
  • Manage your accounts centrally in the Azure portal.

requirements

To get started, you need the following:

  • An Azure AD subscription If you don't have a subscription, you can use a free Azure account.
  • A Pega Systems subscription that has single sign-on enabled

Description of the scenario

In this tutorial, you will configure and test Azure AD single sign-on in a test environment.

  • Pega Systems supports SP and IDP initiated single sign-on.

Adding Pega Systems from the catalog

To configure the integration of Pega Systems in Azure AD, you need to add Pega Systems from the catalog to your list of managed SaaS apps.

  1. Sign in to the Azure portal with a work, school, or college account, or with a personal Microsoft account.
  2. Select the service in the left navigation area Azure Active Directory out.
  3. Navigate to Enterprise applications, and then select All applications out.
  4. To add a new application, select New application out.
  5. Enter in the section Add from catalog the search term Pega Systems in the search field.
  6. In the results pane, choose Pega Systems then add the app. Wait a few seconds while the app is added to your tenant.

Configure and test Azure AD single sign-on for Pega Systems

Configure and test Azure AD single sign-on with Pega Systems using a test user named B. Simon. For single sign-on to work, a link relationship must be established between an Azure AD user and the corresponding user in Pega Systems.

To configure and test Azure AD single sign-on with Pega Systems, do the following:

  1. Configure Azure AD single sign-on to enable your users to use this feature.
    1. Create an Azure AD test user to test Azure AD single sign-on with test user B. Simon.
    2. Assign the Azure AD test user to enable B. Simon to use Azure AD single sign-on.
  2. Configure single sign-on for Pega Systems to configure the single sign-on settings on the application page
    1. Create a Pega Systems test user to get a counterpart from B. Simon in Pega Systems linked to their representation in Azure AD
  3. Testing single sign-on to check that the configuration works

Configure Azure AD single sign-on (SSO)

Follow these steps to enable Azure AD single sign-on in the Azure portal.

  1. In the Azure portal, navigate to the application integration page for Pega Systems to the section Manage, and choose Single sign-on out.

  2. Select on the side Select the SSO method The method SAML out.

  3. Click on the side Set up single sign-on (SSO) with SAML on the pencil symbol for Basic SAML configurationto edit the settings.

  4. Run in the dialog box Basic SAML configuration follow the steps below if you want to configure the application in IDP-initiated mode.

    1. Enter in the field Identifier a URL in the following format:

    2. Enter in the field Reply url a URL in the following format:

  5. If you want to configure the application in SP-initiated mode, click Specify additional URLs, and do the following.

    1. Enter in the field Login URL the value of the login URL.

    2. Enter in the field Relay state a URL in the following format:

    Note

    The values ​​given here are placeholders. You must use the actual values ​​for the identifier, reply url, login url, and relay state url. You can get the Identifier and Reply URL values ​​from a Pega application as described later in this tutorial. Contact the Pega Systems support team to obtain the relay health value. You can also check out the patterns in the section Basic SAML configuration view in the Azure portal.

  6. The SAML assertions must be in a specific format for the Pega Systems application. To get them in the correct format, you need to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the standard attributes. Choose the icon To edit to the dialog box User attributes to open:

  7. In addition to the attributes shown in the previous screenshot, the Pega Systems application requires a few more attributes that must be returned in the SAML response. Run in the dialog box User attributes in the section User claims do the following to add these SAML token attributes:

      Note

      These values ​​are specific to your organization. Enter the appropriate values.

      1. Choose Add a new claim to the dialog box Manage user entitlements to open:

      1. Enter in the field Surname the attribute name displayed for the row.

      2. Leave the field Namespace empty.

      3. Choose for source the option attribute out.

      4. Select from the list Source attribute select the attribute value displayed for this line.

      5. click on OK.

      6. Choose to save out.

    • Select on the side Set up single sign-on (SSO) with SAML in the section SAML signing certificate the link Download Next Federation metadata XML according to your needs and save the certificate on your computer:

    • Copy the section Set up Pega Systems the appropriate URLs according to your requirements.

    Create an Azure AD test user

    In this section, you will create a test user named B. Simon in the Azure portal.

    1. Select in the left pane of the Microsoft Azure portal Azure Active Directory > user > All users out.
    2. Select the option at the top of the screen New User out.
    3. Under the properties for user the following steps:
      1. Enter in the field Surname the string.
      2. Enter in the field User name the string [email protected] Example:.
      3. Check the box Show password, and write down the value in the field password.
      4. click on Create.

    Assign the Azure AD test user

    In this section, you will enable B. Simon to use Azure single sign-on by granting her access to Pega Systems.

    1. In the Azure portal, select Enterprise applications > All applications out.
    2. Select the entry in the application list Pega Systems out.
    3. On the app's overview page, navigate to the section Manage, and choose Users and Groups out.
    4. Choose add user and then in the dialog box Add assignment the option Users and Groups out.
    5. In the dialog box, choose Users and Groups the entry in the "User" list B. Simon , then click the button at the bottom of the screen Choose.
    6. If you want to assign a role to users, you can choose it from the drop-down menu Select role choose. If no role has been set up for this app, the "Standard access" role is selected.
    7. Click in the dialog box Add assignment on the button To assign.

    Configure single sign-on for Pega Systems

    1. To configure single sign-on, click Pega SystemsPage, log in to the Pega portal in another browser window with an administrator account.

    2. Choose Create (Create)> SysAdmin (System administrator)> Authentication Service (Authentication Service) from:

    3. Run in the screen Create Authentication Service (Create Authentication Service) do the following.

      1. Select from the list Type (Type) the entry SAML 2.0 out.

      2. Enter in the field Surname the desired name (e.g. Azure AD SSO).

      3. Enter in the field Short description (Short description) a description.

      4. Choose Create and open (Create and open).

    4. Select in the section Identity Provider (IdP) information (Identity Provider Information) the option Import IdP metadata Import IDP Metadata and navigate to the metadata file that you downloaded from the Azure portal. click on Submit (Send) to load the metadata:

      The import process enters the IDP data as shown here:

    5. Run the section Service Provider (SP) settings (Service Provider Settings) follow the steps below.

      1. Copy the value in the field Entity Identification (Entity identification) and add it in the Azure portal under the Basic SAML configuration in the field Identifier a.

      2. Copy the value in the field Assertion Consumer Service (ACS) location (ACS location) and add it in the Azure portal under the Basic SAML configuration in the field Reply url a.

      3. Activate Disable request signing.

    6. Choose to save out.

    Create a Pega Systems test user

    Next, you need to create a user named Britta Simon in Pega Systems. Contact the Pega Systems support team to create users.

    Testing single sign-on

    In this section, you test the Azure AD single sign-on configuration with the following options:

    SP initiated:

    • In the Azure portal, click Test this application. This will redirect you to the Pega Systems login URL where you can initiate the login flow.

    • Go directly to the Pega Systems login URL and initiate the login flow.

    IDP initiated:

    • In the Azure portal, click Test this application. This should automatically sign you in to the Pega Systems instance for which you set up single sign-on.

    You can also use Microsoft's My Apps area to test the application in any mode. When you click the Pega Systems tile in My Apps, the following happens: If you have configured SP mode, you will be directed to the application's login page to initiate the login flow. Once you have configured IDP mode, you should be automatically logged into the Pega Systems instance for which you set up single sign-on. For more information on My Apps, see this introduction.

    Next Steps

    After configuring Pega Systems, you can enforce session control, which protects against the exfiltration and infiltration of confidential company data in real time. Session control is based on conditional access. Here's how to enforce session control with Microsoft Cloud App Security.

    Is this page helpful?