Is there any way to disable the Community SSO sign-in for our PDC tenant and switch to SAML SSO? We are concerned that too many users get access to the PDC without any business need, which violates the security principle of least privilege.
Thank you for the response. I have seen these articles, but I’m not sure how they answer my question.
Managing system access PDC - covers restricting access to specific environments and is not related to authentication to PDC
Managing PDC operator records - covers adding / editing / deleting operators. It is not relevant to my question, because as I indicated, Pega’s My Support Portal automatically creates operators that use Pega Community sign-in when those users access PDC from My Support Portal.
My question is: how can I prevent or disable this automated creation of PDC user accounts that use Community SSO when users come from My Support Portal - to ensure that only the company SSO can be used to access PDC?
@PavelG36 I can see that you logged a support incident for this: INC-A2217
In future can you please include this information when logging PSC forum questions to help us track the issue with you?
Our SME’s have informed me that we don’t have a way currently to block local user creation in PDC. I believe the plan is to move towards the direction of SSO only but we can give you no timeframe at the moment.
Thank you for the response and for the reminder about the possibility to link support tickets here. I was aware of it, but did not do because INC-A2217 is a related, but different question.
Understood the SME answer, thank you.
Please accept some feedback. It would indeed be great to improve on this, because currently the PDC SSO option seems to be not very much useful, at least for Pega Cloud customers. The main goal of using company SSO compared to Pega Community accounts is having centralized access control. But if Pega Community accounts used for My Support Portal cannot be prevented from signing into PDC - it effectively makes centralized control impossible. Seems like this needs either blocking Pega Community on PDC, or allowing company SSO for MSP as well and then blocking Pega Community accounts altogether for an organization.
@PavelG36 many thanks for your clarification. I have checked the support ticket again and can see that further explanation on the current functionality was provided by my colleague Szymon.
The Product Owner @Lukasz is aware of the concerns and will take any steps required for possible future improvements based on your feedback.