Hello Pega Community, Good Day!
I’m currently working on a small POC to embed an external application (built using React) within a Pega UI screen.
As part of this, I am exploring the use of iframe-based embedding inside a Pega section/harness.
I would appreciate guidance on the following:
1. Recommended Approach
What is the recommended and supported approach to embed an external application UI inside Pega securely and in a scalable manner?
2. Configuration Requirements
What configurations are required on:
Pega side
Any specific settings to enable iframe rendering?
Security policies to consider?
External application side
Required headers (e.g., CSP, X-Frame-Options)
Any constraints to allow embedding within Pega?
3. Security Considerations
Are there any Pega-specific security settings (e.g., Content Security Policy, clickjacking protection, etc.) that might block iframe rendering?
4. Authentication / SSO
What is the best practice to handle SSO authentication when embedding an application inside an iframe?
Is SAML / OAuth recommended?
Are there any known constraints using SSO inside iframe?
5. Constellation UI Constraints
Are there any known limitations or restrictions when using iframe in Constellation UI?
Objective
Looking for best practices followed in enterprise implementations, especially for secure and seamless integration.
Thanks for the help!