- Getting Started
- Demo apps
- How To
- Notifications
- Using VB Expressions
- Designing your App
- Designing your App with Autopilot
- Events and Rules
- Rule: If-Then-Else
- Rule: Open a Page
- Rule: Open URL
- Rule: Close Pop-Over/Bottom Sheet
- Rule: Show Message
- Rule: Show/Hide Spinner
- Rule: Set Value
- Rule: Start Process
- Rule: Reset Values
- Rule: Upload File to Storage Bucket
- Rule: Download File From Storage Bucket
- Rule: Create Entity Record
- Rule: Update Entity Record
- Rule: Delete Entity Record
- Rule: Add to Queue
- Rule: Trigger workflow
- Rule: Submit Action
- Leveraging RPA in your App
- Supported Process Argument Types
- Replacing a Process
- Referencing a Storage Bucket From Orchestrator
- Connecting Apps to an on-premises Orchestrator instance
- Orchestrator Permissions
- Data Flow Between UiPath® Apps and Orchestrator
- Leveraging Entities in Your App
- Leveraging Queues in Your App
- Leveraging Media in your app
- Leveraging Actions in your app
- Leveraging Connections in your apps
- Web apps in Studio Web
- Application Lifecycle Management (ALM)
- UiPath® First-Party Apps
- Basic Troubleshooting Guide
Apps User Guide
Connecting Apps to an on-premises Orchestrator instance
UiPath® Apps cloud does provide means to connect to an on-premise deployed version of UiPath® Orchestrator (19.10 and later) to help leverage the power of RPA to help drive rich app experiences.
For more information on data flow between Apps and Orchestrator, see Hybrid data flow diagram.
- All connections to Orchestrator are made from a single place, the Apps Service application.
- All calls to Orchestrator are authenticated calls in line with the security model exposed by Orchestrator. Please see the section about Authenticating.
-
Credential obtained from the user to talk to Orchestrator is used for all communication with Orchestrator both at design time when authoring the app as well as runtime when executing the app. The identity of the user who is designing or running the app itself has no bearing here.
- After initially obtaining the credential from the app designer, the credential is stored in the Apps backend with encryption at rest to enable seamless and uninterrupted design and runtime experience for all users of the app
- Apps service sets up a secure webhook callback over HTTPS on process lifecycle events to help detect when processes start, stop, error out, etc. This follows the best practices mentioned in the About Webhooks page.
- No process-related data is stored on the Apps backend. The only information that is persisted is metadata around the identity of the process/es that are being used by a specific app.
- Apps can invoke both attended and unattended Orchestrator processes. An app designer can choose to run a process through the connected Orchestrator or directly on the local computer on which the app is running using UiPath® RobotJS.
- In the local robot scenario, process execution is invoked from the browser to the locally running robot and communication does not leave computer boundaries.
- In the process execution via Orchestrator option, the complete lifecycle of the process is managed by Orchestrator, and UiPath® Apps plays no role in the same other than listening to process lifecycle events using the webhook callback.
The Apps service uses the outgoing IPs for all external communications:
-
20.103.103.104/30
-
20.82.230.132/30
-
52.226.216.100/30
-
52.149.31.132/30
-
20.103.172.28/30
-
20.82.205.104/30
-
20.92.155.132/30
-
20.70.73.28/30
-
20.116.168.240/30
-
52.229.69.80/30
-
20.63.171.100/30
-
104.215.23.28/30
-
52.175.22.152/30
-
20.198.201.136/30
Traffic from this IPs needs to be allowed through the Organization DMZ firewall and any other intermediate firewalls including the firewall on the computer/s in which Orchestrator application is hosted.
- The associated port on which Orchestrator application is hosted needs to be exposed through the DMZ on all relevant firewalls (see the previous point).
- An Orchestrator user who has read and execute access to relevant processes whose credential will be used from UiPath® Apps to talk to Orchestrator.
-
If using local robot process execution through RobotJS, please ensure RobotJS is properly configured using instructions provided at RobotJS.
Apps Designer says unable to connect to Orchestrator
- Are the UiPath® Apps outgoing IPs allowlisted?
- Is the Orchestrator port allowlisted?
- Is the correct URL with the port being used in the Orchestrator URL field?
- Has it been confirmed that the credentials provided when connecting to Orchestrator are correct?
- Do the credentials provided have the permissions to list/run folders and processes?
Apps Designer shows no processes or wrong processes
- Does the user whose credential was configured during App Design have read access to the folder in which the desired processes reside?
When previewing an App and/or running an app and invoking a process, there is an error
- Are the UiPath® Apps outgoing IPs still allowlisted?
- Is the Orchestrator port still allowlisted?
- Does the user whose credential was configured during App Design still exist?
- Does the user whose credential was configured during App Design still have the same credentials?
- Does the process and the exact version that is executed still exist in Orchestrator in the same folder or anything has changed?
- If running processes locally, is RobotJS configured correctly, and is able to properly handshake with the robot?
- Has the process being executed on the local robot been downloaded to the robot prior to executing the same through the app?
- Does the user whose credential was configured during App Design have to execute access to the process?
Connecting UiPath® Apps with an on-premise Orchestrator with custom self-signed certificates is not supported.
A secure connection (HTTPS) between UiPath® Apps and Orchestrator is needed for mutual authentication to work properly. To achieve this secure connection, both parties must trust each other's certificates. For this to happen, either of the following conditions must be satisfied:
- Both parties should have certificates obtained from standard Certificate Authorities (CA), such as Google, VeriSign, or others. UiPath® cloud products already have this, so nothing needs to be done on this part. This needs to be done for on-premise product deployments.
- If the on-premise deployment uses an internal or self-signed certificate, the connection will not work. For that, the certificate has to be added to the trusted root of the other party. Note that this cannot be done for UiPath® cloud products, as no custom certificates can be added to the UiPath® cloud systems.