top of page

Securing Your Pega Platform™ Application with Multi-Factor Authentication

Updated: Apr 30

In today's digital landscape, safeguarding sensitive information is paramount. With the rise of cyber threats, traditional authentication methods like usernames and passwords are no longer sufficient. That's where multi-factor authentication (MFA) steps in, offering an extra layer of security by requiring users to verify their identity through multiple means.

Pega Platform™ offers robust support for MFA, including the convenient use of one-time passwords (OTPs) delivered via email and SMS. This added security measure ensures that even if a user's credentials are compromised, unauthorized access is thwarted.

Here's how you can implement MFA using OTPs in your Pega Platform™ application:

Configuring MFA Policies:

  • Start by accessing the Security Policies section in Dev Studio.

  • Within the Multi-factor Authentication Policies (using OTP) area, customize settings such as maximum OTP failure attempts and the validity period of OTP tokens.

  • Set up email and SMS accounts for OTP delivery to users.

Generating OTPs:

  • Utilize the pxSendOTP activity to generate OTPs securely.

  • This activity generates an eight-digit OTP, sends it to the user, and stores it temporarily for verification purposes.

Verifying OTPs:

  • Verification can be done via calling an activity or an API.

  • The pxVerifyOTP activity ensures that the OTP is valid and matches the user's entry.

Furthermore, you have two options for verifying OTPs:

  • Call an activity within Pega Platform™ (for versions 7.3 or later).

  • Call an API, suitable for external systems or older Pega Platform™ versions.

Implementing MFA with OTPs adds an additional barrier against unauthorized access, mitigating the risk of data breaches and enhancing overall security within your Pega Platform™ application.

By following these steps, you can fortify your application against potential threats while maintaining a seamless user experience. With Pega Platform™'s robust MFA capabilities, you can rest assured that your sensitive information remains protected in today's dynamic digital landscape.

-Team Enigma Metaverse

2 views0 comments


bottom of page