In our application, there is a requirement to restrict access of the application to the user based on country. Below is the scenario.
User logs into the application using OKTA credentials.
If user is a new user in the system, system creates the operator of the user using the model operator which is mentioned in the auth service
User gets access to the application using default access group present in the model operator.
Presently, this application is being used by few country users and we would need some way to show some error message to the user of other countries when they try to access this application. We can not place any constraint at OKTA authentication level as it is a generic authentication mechanism used for all the applications in the organization.
Hi @Sandip Pattalwar: Possible ways I could see is that you update the authentication activity to either add a different access group to the user based on country (or) make the authentication fail.
If you don’t want to do any changes in the authentication activity, then would suggest to implement security settings to your dashboard based on country (access roles and privilege are better). You can use when conditions too.
@ArulDevan Thanks for your reply. There is no need to add any access group. Requirement is to show different tiles based on user’s profile. For e.g. If user has two access group A and B. So, in one tile, we need a url where if user click on that link, system will open a tab and will land in access group A (i.e. new tab will show portal related to access group A). Similarly, tile 2 needs to have a url associated with access group B.
Whole requirement is about having separate url’s for each access group OR any way where we can pass access group as a parameter and system will launch new tab with that access group.
@Sandip Pattalwar is the country-based restriction based on the country or countries associated with the operator (for example, the operator account is associated with an individual who operates in countries A, B, and C only) or the country of access (for example, one can access the system while operating in country A but not while operating in country B)?
@Sandip Pattalwar That seems like it would be more straight forward to implement, but I would defer to the services team on estimating the time and effort required. I would recommend filing a request with them to inquire further.
@Sandip Pattalwar I believe the users on this thread have provided you with all your available options. If you require any further help please enlist the help of our Pega Consulting services.
You can find all the relevant OOTB setup on our Documentation server.
@morem Thank you for your reply. We just wanted to understand how we can implement it using current features available in Pega. Presently, URL is based on the application and not based on access group because of which we are not able to progress further. If you could let us known how we can implement it, it would be really helpful.