Hello! My team and I are working to implement a non-authenticated/anonymous portal folks that are not users of our tool to visit to review finalized content. We have been actively following all the materials shared by Pega to implement a portal such as this, but when we visit the link generated by our Anonymous authentication service the application attempts to redirect the visitor and prompt for login credentials.
To implement our non-authenticated/anonymous portal we have implemented the following rules:
An Anonymous authentication service
An operator identification in the authentication service
An Access Group and Persona
A unique portal for usage exclusively by the Anonymous Persona
Any advice regarding how to properly and successfully implement the anonymous portal would be greatly appreciated!
hello @TessPorter - Your overall design is correct and aligns with Pega’s recommended approach for implementing an anonymous / unauthenticated portal. The behavior you are seeing (redirect to login) typically indicates one or all the below alignment points.
Please revalidate and check the below points:
Access Group is Not Explicitly Marked as Anonymous: Even though the authentication service is anonymous, the Access Group still enforces authentication unless explicitly configured.
Verify Edit PolicyLM:AnonymousPublic Access Group. Ensure it is enabled for external / anonymous access. Confirm it does not inherit roles that require authenticated users
Operator Record Configuration Needs Adjustment: Your model operator (ExternalDecisionHub) is correctly referenced, but from the Security tab:
“Force password change on next login” is checked. This flag can trigger a login redirect even for anonymous sessions. Uncheck Force password change and ensure that No password enforcement and no interactive login expectations.
Portal Launch Path Is Not Anonymous-Safe: Even with correct authentication, Pega may redirect if the default portal or starting activity expects authentication or the application landing page assumes a logged-in user
Ensure that the AnonymousPortal is set as the default portal and the portal does not reference any Authenticated-only rules (on the security tab of rules) and Dashboard widgets requiring privileges.
@VikasT Good Afternoon Vikas! Thank you for your response to my question. I really appreciate all the suggestions on how I can go about resolving this issue. I have a couple follow-up questions to each of your suggestions.
How do I enable an access group for external/anonymous access? What role would you recommend an access group reference such that it does not require authenticated users? I’ve tried using the PegaRULES:Guest access role, but that produces an entirely different error.
I unchecked the “Force password change on next login” checkbox and tested my anonymous portal once again, but this change alone did not resolve my login redirection issue.
Outside of indicating that the AnonymousPortal is the default portal in the PolicyLM:AnonymousPublic access group, how else should I indicate that the AnonymousPortal is the default portal for any and all anonymous access? I’ve ensured that the portal does not include references to any Authenticated-only rules.
@TessPorter The model operator must have the external authentication option enabled. otherwise, it will display a login page. And create access role with least privileges and define it in the AG you are planning to use
@RanjithK8179 Thank you for your response! I went ahead and checked the “Use external authentication” checkbox and ran another test. The test resulted in the same login redirection issues I’ve been experiencing thus far. I started looking into how the PolicyLM:AnonymousPublicManaged role was configured and noticed that the role was referencing nothing. What would you recommend be included in this access role? All I want is for non-authenticated users to see one portal and one landing page.
@RanjithK8179 Thank you for providing some additional guidance. Unfortunately, adding PegaRULES:User1 did not resolve the issue. After adding the PegaRULES:User1 role in various places I was still presented with the login modal each time I attempted to visit the link to our anonymous portal.
