I have a question regarding user login to PDC. We plan to implement our external SSO (Azure) based on Active Directory integration. From this documentation Logging in to Pega Diagnostic Center, it appears that only people with a valid Pega Community account can access PDC. Can we proceed with this SSO implementation, given that access to PDC requires a valid Pega Community account.
According to the documentation, PDC supports two authentication methods that work together:
- Pega Community Accounts (Required): Users still need valid Pega Community accounts linked to your organization as the base requirement. This ensures proper authorization and access control within PDC.
- SSO Authentication (Optional but supported): PDC explicitly supports SAML 2.0 identity providers, including Azure AD. The documentation mentions that “as your number of PDC users grows, consider enabling single sign-on (SSO) as an additional or alternative login method.”
What makes this work is that PDC includes an SSO configuration wizard that allows you to map your Azure AD users to their corresponding PDC operators (which are linked to Pega Community accounts). This creates the necessary connection between your external identity system and the required Pega Community accounts.
To implement this successfully:
- Ensure all users who need PDC access have valid Pega Community accounts linked to your organization
- Use the PDC’s SSO wizard to configure the integration with your Azure AD
- Map the appropriate attributes from Azure AD to the PDC operators
- You can define access roles based on specific SAML attributes for streamlined permission management
The documentation also mentions that Pega is rolling out a federated authentication feature that will eventually replace the custom SSO authentication in PDC, but the current SSO implementation remains fully supported in the meantime.
References: