# Credential management > Each integration activity package includes a unique scope activity that's used to establish or facilitate an authenticated connection to the integrated software application. ## Overview Each integration activity package includes a unique scope activity that's used to establish or facilitate an authenticated connection to the integrated software application. The behavior and input properties of a scope activity are dependent on the application's authentication requirements. Because of this dependency, scope activities may not have the same user experience or input properties. But, they do share the same underlying objective to collect user credentials. How you store and collect user credentials is dependent on your company's credential management policies (e.g., how to handle passwords). One way that you can securely store and collect your user credentials is through the use of Orchestrator [Credential Assets](https://docs.uipath.com/orchestrator/docs/about-assets). :::tip Before you begin using **Credential Assets** to manage your user credentials, you should consult with your IT department and review your company's credential management policies. ::: ## Credential assets **Credential Assets** enable the design, development, and running of automation projects without exposing credential values in the Studio Designer or in the project XAML file. Each **Credential Asset** is encrypted with the Advanced Encryption Standard (AES) 256 algorithm and stored on your Orchestrator instance (on-premise or cloud). The following steps and message sequence diagram is an example of how **Credential Assets** work from design time to run time. 1. Create a **Credential Asset** in your Orchestrator Tenant. * It's a long way of saying "Each Credential contains a username (String) and password (SecureString). Note that these fields, despite their names, can be used for other kinds of credentials (e.g. ClientID and ClientSecret)." * Each **Credential Asset** contains a unique **Asset Name** and two input properties. The **Asset Name** is used to identify the asset and the input properties are used to store a non-secure credential (`String`) and a complementary secure credential (`SecureString`). * Access to a **Credential Asset** is managed via the Orchestrator Tenant [settings](https://docs.uipath.com/orchestrator/standalone/2023.4/user-guide/configuring-tenant-settings-tenant-level) and [roles](https://docs.uipath.com/orchestrator/docs/about-roles). 2. In your automation project, add a activity for each **Credential Asset** that you want to retrieve (e.g., if the scope requires two `SecureString` input values, you add two **Get Credential** activities). * Enter the **Asset Name** that you want to retrieve in the activity's input property. * Create and enter a `String` variable (e.g., *username*) and a `SecureString` variable (e.g., *password*) for the activity's output properties. :::note The **Username** and **Password** property names don't necessarily reflect the credentials you can store as an asset. Because your credentials may not actually be a *username* and/or *password* (e.g., maybe you have a *TokenId* and *TokenSecret*), you can use the **Username** property as a `String` input (e.g., *TokenId*) and the **Password** property as a `SecureString` input (e.g., *TokenSecret*). ::: 3. Add the integration activity package scope activity after the **Get Credential** activity. * In the input properties (e.g., **Username** and **Password**), enter the applicable variables that you created for the **Get Credential** activity. 4. Run the project. * The robot retrieves the specified **Credential Asset** from the Orchestrator Tenant and enters the retrieved values into the scope activity. * The scope activity is then used to facilitate or establish an authenticated connection to the integrated software application. ![docs image](https://dev-assets.cms.uipath.com/assets/images/activities/legacy-integrations-docs-image-178940-32ac995a-5fa87de4.webp) To create a new **Credential Asset**, complete the steps described [here](https://docs.uipath.com/orchestrator/docs/managing-assets-in-orchestrator#creating-assets). ## Other methods UiPath also supports other other credential management methods. These methods are dependent on 3rd party technologies that may require an account to use. | Method | Description | Dependency | | --- | --- | --- | | | The Credentials Activities Pack contains activities that work with Windows Credential Manager, enabling the adding and deleting of credentials for specific Microsoft authentication packages, such as NTLM, Kerberos, Negotiate, Schannel, or Passport. | [Windows Credential Manager](https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management?redirectedfrom=MSDN) | | [Credential Stores](https://docs.uipath.com/orchestrator/docs/about-credential-stores) | A credential store is a named location within a secure store, such as CyberArk, from which you can retrieve Robot credentials and credential Assets when needed. Orchestrator supports the use of multiple credential stores at tenant level, provides built-in support for CyberArk and Azure Key Vault, and the architecture enabling you to develop a plugin for other secure stores, if desired. | [CyberArk](https://www.cyberark.com/resources/) [Azure Key Vault](https://docs.microsoft.com/en-us/azure/key-vault/) | | [Credential Store Plugins](https://docs.uipath.com/orchestrator/docs/credential-store-plugins) | Beyond the secure stores with built-in support in Orchestrator (e.g. CyberArk, Key Vault), Orchestrator architecture supports the functionality of loading third-party or developing custom plugins, enabling you to use any desired credential store. | Varies |